Worms and viruses are increasingly being written to steal confidential data from innocent people’s computers, to hijack resources, or launch spam or denial-of-service attacks.
Graham Cluley
The first computer virus (Elk Cloner) written nearly thirty years ago was relatively harmless and almost funny. Its intention was to display a poem every time your computer booted up. Today’s cyber-crime is big business and often malicious. It comes in many forms, from viruses and phishing to spam. Emails and web downloads are the most common source of viruses. In this chapter we cover:
Cyber-crime can be expensive. You will need to disinfect your computer if infected and you and your business may suffer reputational damage. Viruses are easily transmitted and others will become wary of email from you if your email image has been compromised. If you run a business, cyber-crime can result in a denial of service attack, whereby your website is temporarily shut down and everyone is denied access. If you use email for marketing, and do not take the necessary precautions, you can find your business email address is very quickly blacklisted.
Never open an email (or attachment) or follow a link in an email which looks suspicious (not authentic). Delete the email immediately.
Processing the estimated annual volume of 62 trillion spam emails is equivalent to driving around the world 1.6 million times.
‘The Carbon Footprint of Email Spam Report’, McAfee
In 2009 spam emails were estimated to account for 85 per cent of worldwide email traffic. The term ‘spam’ refers to unsolicited junk email and is often about how to enlarge your physical and financial status. The term is generally thought to have been derived from the 1970s Monty Python sketch on spam (you can see the original on YouTube). The alternative explanation is that it comes from the abundance of pink canned meat made in Britain after World War II. Known as Spam, it was one of the few items not rationed but not wanted.
There is a fine dividing line between having ferocious spam filters (which can also trap legitimate emails) and lax spam filters (which mean your email inbox is full of junk). Spam is costly in terms of the resources used to stop it and time taken to trawl through spam filters to make sure nothing important has been accidentally trapped. It can take me up to 30 minutes a day to trawl through the spam emails.
A virus is a piece of computer code which can harm your computer by infecting it and causing it to behave in unexpected ways. Viruses often mutate either through attachments or by opening your contact database and sending infected emails to everyone in there. A classic was the ‘ILoveYou’ virus in 2000. Contained in an email, it spread like wildfire and at least 10 per cent of businesses were hit. Since then, anti-virus software and surveillance has greatly improved.
This is a relatively new phenomenon. It is an attempt to steal your personal data (usually financial, such as bank details). There are two main sources of identity theft, phishing and key logging.
The attack arrives as an email from what looks like a reputable source (for example, your bank, PayPal, HM Customs and Excise). You are asked to click on a website link to verify information which is then used to defraud you. Again this can be costly as institutions such as banks have now tightened up the terms under which they will reimburse you for such crimes.
Attachments containing malware will install a piece of software on your PC which then records your every keystroke. (Malware is the term for any unpleasant software which may harm your PC and subsequently your personal identity.)
Although there are now many companies that specialise in detecting all forms of cyber-crime and providing anti-virus and spam software, the perpetrators of cyber-crime are becoming cleverer and more malicious by the day. Not surprisingly, the 2009 Davos World Economic Forum identified tackling cyber-crime as one of the top five challenges facing business.
Download and read ‘Threatsaurus – the A–Z of Computer and Data Security Threats’ from Sophos (www.sophos.com).
Out-of-office messages can inadvertently open the backdoor to cyber-criminals and breaches of confidentiality. Such messages are now provided with most popular free email account providers (including Googlemail, Hotmail and Yahoo). The cyber-criminal does not distinguish between large corporate and individual email users. The risks related to using out-of-office messages apply equally to all users.
Consider the out-of-office message below.
I am away on leave from 10 to 24 July. If your message is urgent, please contact one of the following. Jane Brown in connection with A. Fred Lane in connection with B. Will Bean in connection with C. Otherwise I will deal with your email on my return.
This is both unsafe and carries a high risk of breaching confidentiality. It would take a serious cyber-criminal only a few minutes to locate where you live and hence a possible empty house. Analysing the out-of-office responses to a recent e-briefing I sent revealed that 28 per cent of responses were insecure.
Giving three people as contacts and the projects/clients for whom they are responsible is also risky. You have now disclosed to possible predators (competitors, journalists, etc.) information you probably wanted to keep private. An example of a safe and secure out-of-office message is shown below:
I am out of the office from 10 to 24 July with limited access to email. If your email is urgent, please contact Jane Brown. Otherwise I will deal with the matter as soon as I can.
When composing your out-of-office message, say only that you are away from the office. Give the name of one point of contact only and always check that they too are not on leave.
Some people give only a name (and maybe an email address) to deter unwanted people from phoning. They either make the assumption that key clients know who else to phone or they delegate access to their mailbox to another person.
Out-of-office messages can give away your email address to spammers. Spammers often generate random email addresses and, when they receive your message, they then know they have struck lucky.
One charity that relies heavily on casual labour to man telephone helplines has suffered from pickpocketing through the use of out-of-office messages. A thief sent emails and, when he received people’s out-of-office messages, he posed as these absent people to gain access to the building and steal.
For all these cyber-crime related reasons, many companies now ban the use of out-of-office messages for external emails.
Before deciding on your policy for use of out-of-office messages, weigh up the potential loss of business against the risks of cyber-crime, and then make a decision best suited to you (and your business).
Today most email suppliers and businesses subscribe to one of the major anti-virus and spam services, such as Sophos and MessageLabs, which stop spam and viruses before they even enter your network. However, attacks can also be triggered by web downloads. Cyber-crime protection is therefore usually a multi-layered approach. Emails will be scanned at source before entering your business, on entry and, lastly, as they arrive at your computer.
Even if you are a sole trader, it is vital to have anti-virus/spam software on your computer/laptop in addition to that provided by your email supplier.
It is important to remember that anti-spam and virus software is reactive, not proactive, and can only be introduced once a virus, etc., has been spotted. Just occasionally it takes time for these to be spotted. A classic example is the ‘Nigerian 914’ scams whereby people are asked to give some money in order to release a much larger sum (for example, someone’s estate). The growth of the internet led to a surge of these email scams in early 2000; however, although they still go on in various guises, today far fewer people are duped by them and they are more easily blocked by anti-spam software.
Unfortunately, deploying anti-cyber-crime technology is not sufficient. You also need to be personally vigilant about what comes unasked to your mailbox, especially spam.
Based on conversations with Graham Cluley of Sophos, here are some top tips to help you further protect yourself from being the victim of a cyber-attack. For more information and updates about the latest attacks, see www.brilliant-email.com.
Here are some excellent sources of information, emails and newsfeeds to help you keep up to date on cyber-crime:
To be alerted to current potential cyber-crime attacks, follow Graham Cluley on Twitter.
Cyber-crime is the bugbear of today’s world of e-business. Attacks can be costly. Prevention is better than cure, which means you must invest resources to protect yourself. It is the last step in improving your productivity as a brilliant email user.
3.141.197.251