Email Safety by

How to keep your computer safe from spam emails & ransomware...

How to keep your computer safe from spam emails & ransomware...

Keeping your emails at home and work safe has never been more important. Remember the "NHS virus attack" that happened recently..? despite what you might have read in the news during that time this wasn't an attack on the NHS at all this was a general attack on many large organisations that had been going on for years and it all starts with emails...

These honestly very smart criminals send out huge amounts of spam emails over years and years. This spam emails carry links and within those links are the viruses or ransomware most commonly used now.

Soon as you click on such a link that ransomware can sit silently on your PC, laptop, tablet or phone for days, months, years whatever the they decide.

Once the criminals activate the ransomware it will run silently in the background for a few hours gradually encrypting the files on your computer. This can your documents, pictures, music pretty much everything.

Once the ransomware has encrypted enough files you'll see a pop windows demanding money to get your files back. Usually the demand for money comes in the form of a crypto currency like Bitcoin.

Kind of scary stuff right and all this starts with spam emails. These attacks aren't going away anytime soon so it's important to have a little knowledge about the type of emails you receive and how to spot the spam from the good.

Let's start with something that's about as obvious as it gets. Check out this email from "Apple" asking me to update my Apple ID. You can see just from the overall look of the email and it's pretty amateur not the kind of email a company with billions of dollars is likely to send out.

apple ransomware email example

You can see at the top right even though the senders name is AppleID the email address that I've highlighted isn't an Apple email address at all. Also you can see I've highlighted "Dear User Apple" clear red flag firstly the grammar isn't good enough but also because if you've got an Apple account they'll know your name and they will email you addressing you by your name.

See that big "UPDATE YOUR ACCOUNT" link that's the ransomware.

Not all spam emails containing viruses are this easy to spot however. Google and Facebook recently admitted to being scammed out of $250,000 each! This wasn't because they contracted ransomware and paid up this was because the scammer spoofed an internal email address and send an email to the accounts department with a fake invoice which they both paid!

So how is this possible, it's actually really easy to spoof an email address. The example I always give is that it would be super simple for me to sit in the office and email out as

As long as I have an outgoing email server that I know the details for I can send as any address I like it's that easy, take a look.

ransomware spoof email example

See I know details for the outgoing server so with that info I can use any name and any email address I like to send out emails.

So knowing this if I wanted to target a business and try to pull a scam I could find a business website that lists its email addresses and employees send as one of the employees to someone in the accounts department and try to get an invoice paid.

These types of scams are normally still sent out by the criminals on mass so easy enough to spot:

ransomware spoofed email example

You can see this email is pretty minimal nothing fancy the only real red flag being the link which is something totally random. Any random links like this in emails are a red flag.

5 or 6 years ago when these mass email attacks started to take place the most common tactic was to attach a .zip file to the email. Again these .zip files contained ransomware even today occasionally I'll be forwarded on emails with zip files by customers asking if it's safe and they never are.

Realistically the attachment size limits on most popular email services are upwards of 100mb so there's no need to ever send anything in zip format. I always tell my customers anything with a zip file even if you know the sender forward to me for checking first.

So what can you do to prevent ransomware...

Firstly just being careful with emails and attachments, this might sound really obvious but we actually spend time teaching our IT support customers just like with the examples above and we haven't had a ransomware attack in over 6 years. That's pretty good when you consider all the major organisations that got hit last time around.

We offer to check any emails that our customers are not 100% sure about opening and if your not with us for IT support im sure your IT people will do the same for you. Forward on anything your not totally sure about, it only takes an IT bod 2 minutes to check if the emails legitimate or not.

Education is everything there's a few more examples below of emails containing ransomware, malware and viruses share this around at work and everyone should be in good shape how to spot the bad from the good.

Unfortunately with big attacks like the NHS situation there's really no antivirus that can guarantee to protect your PC. Truth is the criminals that make these viruses and really good at it and the antivirus companies like McAfee and Norton cant release fixes till it's often too late.

Our best advice and preferred setup would be to download windows security essentials (free) always do your windows updates as and when they pop up on our screen. Download Malwarebytes antimalware (free & paid). You can also get other Malwarebytes applications on our downloads page.

Lastly backups a good old fashioned windows backup, let me tell you why this is so important. When you configure a standard windows backup the backup USB drive actually gets hidden from the rest of the machine so if you had some ransomware that was silently encrypting your files the one thing that it wouldn't be able to encrypt would be your windows backup drive.

Don't think of services like Dropbox or livedrive as backups. Even though these services are in the cloud they are always accessible on your machine so ransomware could just as easily encrypt your DropBox as it can do everything else.

Same goes if your on an office network with a mapped drive (shared drive) because the shared folder is always accessible on the PC the ransomware can just as easily encrypt the files on the server as it can the files on your PC so again a standard windows backup on the server can be a life saver.

Hope this helps keep your business protected, don't be shy to share this with anyone you know who might find it useful. I'll leave you with some more rogue email examples and download links for windows security essentials and Malwarebytes.

Some more examples of ransomware emails...

See in this penalty charge notice email the senders domain is @digital-wealth very odd and if you hover your mouse over the view link the domain isn't the same as the link...

pcn parking spam phishing email

The below example is of an email trying to look like its been sent from Google docs. Once again if you hover over the "open in docs" link you can see that the link doesn't point to Google at all.

google docs phishing email

This bill from vodafone looks pretty good, they even managed to hide the senders name! again though hover your mouse over the link being careful not to click and expose that the link doesn't point to vodafone at all.

spam vodafone bill

Checkout the all the mistakes in this spam from Microsoft 365 FROM: MAIL TEAM address NOT an address, the email looks clearly fake and shoddy. The two links "cancel request" and "OFFICE TEAM" Would both contain either malware, phishing virus or ransomware.

365 phishing email

Update 26/07/2018

A quick but important update on email safety

2 days ago a customer forwarded me on an email asking if it was safe. The email looked like a totally genuine inquiry into the service they offer (event planning). The email contained no links NOTHING it couldn't have looked more real!

I advised that the email was safe and that the email looked to be a very genuine and good inquiry.

However roughly 24 hours later the same sender who sent the genuine-looking inquiry send a follow-up email with a link which was malicious.

Until today I had never known a malicious spammer setup a potential victim in this way, actually taking the time to build trust with their potential victim.

As far as the malicious email it was no different from the example I have below but the fact that there was a setup element to the attack I think is very interesting and could be the next level of email safety we all need to consider. Open Internet Promise...

We believe in a totally free and open internet where you can find what you're looking for, find great advice and helpful articles without being tracked or monitored in any way by the websites you visit.

That's why when you visit Blog or IT Support we guarantee that you are not tracked in anyway, we won't even serve pointless ads or clickbait at the end of our articles.

So if you like the sound of an open internet that doesn't track you or serve up junk advertising share this and let's make the internet a better place!