Email messages that trick users into installing malware still seem to be working. Some of our customers recently have been hit with cryptolocker attacks. Even when anti-virus/anti-malware is in use, they may not catch some of the newest malware.
There are usually several easy to spot tip-offs that an email is bogus. Here is a sample email that I received that looks suspicious with explanations of what you can look for to avoid being tricked into installing some software that will do Really Bad Things to your computer and data:
- Notice that the domain for the “From:” email address is “wispaninterent.com”–not paypal.com. This is an immediate tip-off that the message is not really coming from PayPal. (If the full email address doesn’t appear, try placing the mouse pointer over the “From:” name and see if a tooltip appears with the full email address.)
- Official messages from big companies always pay careful attention to branding. Notice that the company name appears three different ways: “Paypal”, “paypal” and “PayPal”. That is just sloppy, and an official email from PayPal would never go out with these types of mistakes.
- You can place your mouse pointer over any link in an email and see a tooltip that shows you the link address. But don’t click on it! Like the “From:” email address, this link is not using a PayPal domain name. It looks like some kind of file storage site (“filemail.com”) that is obviously not linked to PayPal.Also, the link appears to be a direct link to a file, not to a web page (it doesn’t end in file extension like “.htm”, “.html”, or “.asp” that would indicate it is a web page.) Always be suspicious of a direct link included in an email.
- Does the email try to create a sense that you must install something? If so, assume it is suspicious until proven otherwise (say by visiting the paypal.com site in this example to confirm that a “software upgrade” is needed). This is social engineering at work.Ask yourself if you ever had to install software for this product before. If you actually have used PayPal before but only in a web browser, you should never have installed any Windows software to use PayPal before. If that is the case, why do you need to install a software upgrade now?
If you have installed and used the PayPal App, then the upgrade process should be handled directly by the app or by going to the app store where you got the app and downloading an update directly from there. And if you have used the PayPal App on a phone or tablet, the upgrade would need to be handled on that device, not your Windows PC.
If you are ever not sure, the best thing to do is just don’t click on a link in an email message. Check with your system administrator especially when you get a message that some software needs to be installed or updated. Doing that can prevent a potential disaster.