With the increase in viruses, ransomware, malware, spyware, phishing and cyber crime in general, it’s now more important than ever that e-mail users should be even more cautious. Although we can not warn you against each and every dangerous e-mail (they are generated too quickly), we can however, tell you their characteristics so you can recognise a potentially malicious e-mail yourself.

Think of it this way – say receiving an e-mail is equivalent to running into someone on the street on a Saturday morning. When it’s a friend, neighbour, colleague or acquaintance you’re generally quite happy to see them and have a chat, because you know them. But when a stranger suddenly comes up to you, your reaction will immediately be different. If that same person hands you a parcel, telling you to open it or says “Dear sir, I want to show you something at my home. Won’t you quickly come with me?”, would you trust them and do it?

Just because the internet creates an illusion of distance, it does not mean these two situations should be dealt with differently. On the contrary, you are much more defenceless  and your information easier to access on the internet than on a street corner.

So why would you trust and react to an e-mail that

– wasn’t addressed to you specifically or is not from someone you know,
– open an attachment (the parcel) someone sent to you and
– click on a link of this person’s website (go to his home)?

CHARACTERISTICS

1. Attachments
   It doesn’t matter how you intrigued are about what’s in that ZIP file, do not open it! The second you open an attachment, you open up your PC for any software and files to be installed on it. In the most recent incident of the Cryptowall 3.0 ransomware, a ZIP file was sent with the subject “My resume”. When it was opened, a .js script was automatically run and this encrypted all the data on the user’s PC. (read more about it here)
2. Spelling and language
   In most cases where phishing takes place you’ll notice that spelling and language will be exceptionally bad. Improper spelling and grammar is almost always a dead give away. Look for obvious errors.Also don’t think an e-mail in Afrikaans is necessarily trustworthy. Last year we had incidents where an Afrikaans ABSA e-mail was copied and used to phish.
3. Faulty or unknown links
   Move your mouse over the links in the e-mail (don’t click on them). The text itself might look like a familiar address, but you’ll notice that the actual link directs to somewhere completely different. The same goes for links to e-mail addresses in the text.
4. A generic greeting
   If an e-mail isn’t personally addressed to you, for example “Dear Mrs du Preez” or something likewise, it’s clearly not meant for you, but rather to a large group of people in an attempt to lure one of them. These e-mails are sent out to thousands of different e-mail addresses and often the person sending these e-mails has no idea who you are.
   If you have no affiliation with the company the e-mail address is supposedly coming from, it’s fake. For example, if the e-mail is coming from ABSA bank but you bank at a different bank.
5. No personal information
   There will be no reference to your specific account information. If the company really was sending you information regarding errors to your account, they would mention your account or username in the e-mail.
6. Due dates
   By adding a due date, the sender tries to create a sense of urgency and his hoping this will spur you on to click on the link ASAP, without too much thought, to resolve this pressing issue.

E-MAIL TOPICS/SUBJECT LINES

1. Problems with your bank account
   Where money is considered, people listen and react. Your account has been closed, someone tried to access it, your information has been changed – all these are attempts to get you to click on a malicious link.
2. Money has been deposited into your account
   Around tax season this is a popular choice and it’s usually “SARS” sending out this joyous news. If SARS indeed wants to give you money, they’ll SMS you. (And how often does this really happen?)
3. Delivery of a parcel
   Someone sent you a parcel and you HAVE to click on a link to confirm, otherwise it won’t be delivered. The post office or a courier service will seldom e-mail you about this.
4. Problems with your e-mail account
   Your password has expired or someone else has accessed your account. All communication related to your e-mail account will always be sent from IT. It will be in a specific format with characteristic graphics, the SU logo and it will also be in Afrikaans and English.
5. Competitions
   You’ve won a competition! Or the lottery. Or you’ve inherited a huge amount of money. Did you enter this competition? Did you play the US lottery? And do you know this family member or person who decided you should be their sole heir?

If you are unsure about the validity of an e-mail, rather contact your bank or SARS directly. Anything else you can just ignore. Don’t reply to it – you’ll only confirm that your address is indeed an existing one and you’ll be getting much more e-mails in the near future.

Remember – cyber criminals know our weaknesses and that we are curious by nature. Don’t fall for it, rather outwit them.

Previous articles on phishing, malware, spyware and viruses.

Met die toename van virusse, ransomware, malware, spyware, phishing en kuberbedrog oor die algemeen, is dit belangrik dat e-posgebruikers toenemend meer op hul hoede moet wees.  Alhoewel ons jou nie teen elkeen van hierdie e-posse kan waarsku nie (hulle word eenvoudig net te vinnig gegenereer), kan ons wel vir jou sê watter kenmerke om voor uit te kyk sodat jy self `n verdagte e-pos kan identifiseer. 

Dink so daaraan – gestel om `n e-pos te ontvang is gelykstaande aan iemand wat jou op straat voorkeer op `n Saterdagoggend. Gewoonlik is jy bly om een van jou vriende, kennisse, kollegas en bure raak te loop en jy gesels graag terug met hulle, want dis mense wat jy ken. Maar as `n vreemde persoon jou uit die bloute voorkeer, sal jy anders reageer. As daardie selfde persoon vir jou `n pakkie in die hand stop en sê jy moet dit oopmaak of sê “Hallo meneer, ek wil vir jou iets wys by my huis, kom gou saam met my!”, sou jy dit doen?

Net omdat die internet die illusie van afstand skep, beteken dit nie dat die situasie verskillend benader moet word nie – inteendeel, jy is meer weerloos en jou inligting is meer bekombaar op die internet as op straat.

So hoekom sal jy op `n e-pos reageer en dit vertrou as 

– nie aan jou gerig is nie en jy nie die sender ken nie,
-`n aanhangsel (die pakkie) oopmaak wat `n onbekende persoon aan jou gestuur het en
– op `n skakel kliek wat na sy webtuiste (sy huis) gaan?

KENMERKE

1. Aanhegsels (Attachments)
   Al is jy hoe nuuskierig oor wat in daai ZIP leêr is, moet dit nie oopmaak nie. Die oomblik as jy `n aanhangsel oopmaak, maak jy jou rekenaar oop vir sagteware of leêrs om daarop geinstalleer te word. In die mees onlangse geval met die Cryptowall 3.0 ransomware is `n ZIP-leêr gestuur met die titel “My resume”. Sodra dit oopgemaak word, laai dit `n skrip wat die data op jou rekenaar enkripteer. (lees meer daaroor hier)
2. Spelling en taal
   Meeste gevalle waar phishing plaasvind, sal jy opmerk dat spelling en taalgebruik opmerklik swak wees. Moet egter nie dink omdat `n e-pos in Afrikaans is, dit veilig is nie. Ons het verlede jaar insidente gehad waar ABSA se Afrikaanse teks gebruik is. 
3. Foutiewe of onbekende skakels
   Beweeg jou rekenaarmuis oor die skakels in die e-pos (moenie daarop kliek nie) – die teks lyk miskien soos `n bekende adres, maar die regte skakel is `n heeltemal onbekende webwerf. Dieselfde geld vir e-posse in die teks.
   
4. `n Generiese aanhef
    As `n e-pos nie aan jou persoonlik gerig is, byvoorbeeld “Dear Mrs du Preez”, of iets soortgelyk nie, is dit duidelik nie vir jou bedoel nie en `n massa e-pos wat aan `n groot groep mense gestuur is met die doel om een van hulle uit te vang.
5. Geen persoonlike inligting
   Daar sal nerens `n verwysing na jou rekeninginligting wees nie.
6. Sperdatums
   Deur `n sperdatum by te sit, skep die e-pos `n dringendheid en maak jou, as e-pos gebruiker, meer haastig om, sonder om te dink, op `n skakel te kliek en die sogenaamde probleem so gou as moontlik op te los.

E-POS ONDERWERPE

1. Probleme met jou bankrekening
   Onthou, almal luister as hulle geld moontlik ter sprake is. Jou rekening is gesluit, iemand het probeer toegang kry, inligting het verander, ens. word almal gebruik om jou aandag te trek.
2. Geld is in jou rekening betaal
   Rondom belastingtyd is hierdie `n populêre keuse en word dit gewoonlik uitgestuur van “SARS”. SARS sal jou sms as hulle vir jou geld wil gee (en dan is jy in elk geval besonder gelukkig)
3. Aflewering van `n pakkie
   Iemand het vir jou `n pakkie gestuur en jou moet op `n skakel kliek om dit te bevestig anders word dit nie afgelewer nie. Die poskantoor of `n koerierdiens sal selde vir jou `n e-pos stuur hieroor.
4. Probleme met jou e-pos rekening
   Jou wagwoord het verval, iemand anders het jou e-pos gebruik,ens. Alle kommunikasie in dié verband vanaf IT, sal in `n spesifieke formaat wees, met kenmerkende grafika, die US-logo en sal altyd in Afrikaans en Engels wees.
5. Kompetisies
   Jy het `n kompetisie gewen, of die lotery of iets geërf. Het jy ingeskryf vir hierdie kompetisie en ken jy hierdie sogenaamde familielid wat wou hê jy moet by hom erf?

As jy onseker is oor `n e-pos, kontak eerder direk die bank of vir SARS. Vir enigiets anders kan jy dit bloot ignoreer. Moet glad nie daarop reageer nie – al wat jy dan doen is om te bevestig dat die e-pos wel bestaan en jy sal voortaan vele meer van hierdie korrespondensie kry.

Onthou – kuberkrakers weet watter onderwerpe ons aandag trek en dat mense van nature maar nuuskierig is. Moenie daarvoor val nie.

Vorige artikels oor phishing, malware, spyware en virusse.

This entry was posted on Friday, March 27th, 2015 at 11:30 am and is filed under E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.