Be vigilant to protect against ransomware

Mat Payne
Director of Technology

The massive worldwide cyberattack this weekend provides a good opportunity to revisit your IT security measures.

Hundreds of thousands of users were infected with what is referred to as ransomware that locked down victims’ computers and held the data ransom until the victim paid money in bitcoins.

Once the initial computer was infected, the virus, known as WannaCry, would search the network and find other computers that were vulnerable to the recent security flaw that was discovered in March during a release of NSA tools used to hack computers.

At that time, Microsoft quickly released a patch for the security flaw and encouraged all users to patch their systems immediately.  Unfortunately many users never did, which allowed the virus to spread so rapidly. A security researcher in the United Kingdom was able to quickly stop the spread of the infection which could have been much, much worse.

According to media reports, such as the Wall Street Journal, the malware spread across several countries on Friday, but appeared to be contained by Monday. However, until the source can be identified, there are concerns that it could resurface.

The critical failure for this infection came when many of the world’s users ignored the updates that were released by Microsoft. We want to encourage our users to turn on automatic updates in Windows and install them as soon as they are ready.

Ransomware is a phishing scheme that can infect your computers primarily when the user clicks on a link that contains the virus. This is why it is important to be very cautious about emails – particularly those with links or attachments – and hold fast to policies and procedures to protect your valuable information.

“Spoofing” has become a common way for criminals to hack into your accounts – usually using email as a vehicle, but sometimes even going so far as to set up fraudulent, but authentic-looking websites.

A “spoofing” email appears to come from a legitimate company official. It will contain, for example, the actual name of the chief executive officer or owner of the company. The fraudulent email will be sent to the person handling payroll or human resources asking for a list of employees and their identifying information, including Social Security numbers.

During tax season, a spoofing email scam surfaced that appeared to come from the IRS. According to the IRS, some of the emails contain language similar to these examples:

  • “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review;”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary);” or
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, in need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

You will note that the examples include some incorrect grammar, run-on sentences or inappropriate capitalization. This is one clue that the email request is not legitimate.

This is typical of most phishing scams, which have once again made the IRS list of “Dirty Dozen” tax scams for the 2017 filing season.

In these email schemes, criminals pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name.  They may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages. These criminals hope victims will take the bait and provide money, passwords, Social Security numbers and other information that can lead to identity theft.

Scam emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware can give the criminal access to the device, enabling them to access all sensitive files or track keyboard strokes, exposing login information.

You should also be aware of any emails that demand immediate action or seem extremely urgent.  Creating a sense of urgency is designed so that you might do something that normally bypasses your normal procedures.

Another place to look if you are suspicious of electronic communication is the sender’s address. Usually the con artists will use an address that is similar to your company’s domain name, but there is usually a misspelling, an extra or missing punctuation mark, the use of a public email, like Gmail or Yahoo, or other subtle differences that can go overlooked.

Also be sure to check the timing of the email. If you receive an email that would normally be sent during business hours but was sent at an unusual time, like 3 a.m., it is likely a scam.

Remember, don’t ever click on links included in the body of suspicious or questionable emails or open attachments. If in doubt, place a phone call to the person who supposedly sent the email just to verify it is legitimate.

It’s better to be safe than sorry. This would be a good time to establish email safety protocols with your employees and payroll service provider.

Please let us know if we can help you in any way.