There are several things you can do that will help you identify and avoid email spam and scams:

  1. Infections cannot install themselves. The user has to take some action to initiate the installation of malware. If you are unsure about something, don’t click it. 
  2. Legitimate business emails nearly always have an address and a phone number. It’s one of the reasons we all use a signature on emails we send. Emails that only have links or attachments as a means of response are suspect and should be treated carefully. 
  3. ATTACHMENTS. We all know how to attach a file in an email, which makes this an easy way to introduce malware. A few general rules about attachments: 
    1. Program or applications (files than end in .BAT, .CMD, .EXE, .COM, .JAVA, .PS1) are bad. It’s not easy to sneak one of these files through an email system anymore so there is some protection here, but if you get one, delete the email. 
    2. Compressed files (files that end in .ZIP, .Z, .GZ, .TAR) are a popular way to “smuggle” bad files. This is also the preferred method to make large files smaller, so many of these attachments are legitimate. The best test here is whether or not you know the sender AND you are expecting the file. If you are unsure contact the sender (preferably by phone) to verify its legitimacy. 
    3. If you don’t recognize the type of attachment, verify it with the sender before opening it. 
  4. LINKS. By far the most common method to spread malware through emails is using a link to a malicious webpage. The antivirus software we use as a company detects many of these malicious websites and prevents navigating to them, but it’s better to avoid them when possible instead of relying on something else: 
    1. Links that go to places that are obviously not related to the content of the email should be avoided. For example, if you get an email from your friend that says “You have to see this Youtube video: http://this.is.notyoutube.com. NOTYOUTUBE.COM is not the same as YOUTUBE.COM and therefore likely a scam. 
    2. Sometimes links are “hidden” behind what looks like legitimate links. In most email programs, you can see the actual destination of link by hovering you mouse over it (not clicking it). For example, the following links look legitimate, but if you hover you mouse over them you can see they don’t go where you think it might: 
                http://rainbows-and-bunnies.youtube.com 
                This is safe
  5. If it seems too good to be true then it probably is. 

 

Of course, if you are still unsure about an email you’ve received at work, you can always contact us and we can evaluate it for you.