Watch Out For Something Phishy In Your Email
Teleworkers rely on email more than most workers, and that makes them more vulnerable to malware distributed through innocent looking but bogus:
- UPS delivery confirmations
- Scanned documents
- Flight tickets
- Credit card issues
- Better Business Bureau (BBB) complaints
- ACH (Automated Clearing House) wire transfer problems
- PDF picture collections
- Powerpoint decks
Lately, almost all of the malware is being sent by spam bots as phishing emails that don’t target particular individuals or groups. What they’re after is banking information.
The malicious emails lure you to an authentic looking Web site, often an exact copy of a real site. But when you go there, unaware, the site installs additional malware on your computer using vulnerabilities in Adobe Reader, Adobe Flash, and Oracle’s Java. The so-called exploit kits harvest credentials as innocuous as social media credentials or information in your browser’s cookies. That information is sent back to a command and control server where it’s used for hacktivist activities or financial theft.
The sad part of this story is that over half of these exploits are not detected by common anti-virus software. It’s a typical spy vs spy scenario where the bad guys evolve malware variants faster than the good guys find ways to detect them.
By far the most common phishing email message I’m receiving at the moment is bogus LinkedIn notifications, e.g. “There are a total of 4 messages awaiting your response” These invariably contain a link to a malware site.