May 22, 2024
Search
Close this search box.
Search
Close this search box.
May 22, 2024
Search
Close this search box.

Linking Northern and Central NJ, Bronx, Manhattan, Westchester and CT

‘From’ Spoofing Emails, Beware

As I have written in the past, some clients may think that viruses must be great for business. It’s pretty much the same way a car alarm company must say, “Well, in a perfect world there would be no car break-ins and no need for car alarms.” Though without an alarm, people will just break in easily.

I am always on my soapbox about everyone having proper and updated anti-virus software. There are many good choices out there such as AVG and ESET. At GCG we recommend Symantec Endpoint cloud. The software will update via the cloud, and your MSP (Managed Service Provider), formerly known as your IT group, will monitor the viruses and will let you know if your PC has been infected. If you are backing up your data, don’t be upset as there are external hard drives, CrashPlan, Mozy and many other affordable or free backup programs.

The IT community cannot catch up to the current viruses out there. People are shocked that we don’t know every virus that exists. While all of us are going to work, running our lives are these criminals. That’s right—this isn’t a nuisance anymore; it’s a crime. These hackers are looking for every weakness a user has.

If you think, “I’m fine because I don’t bank online,” well, that’s the first mark a hacker will look for—someone who is waiting for their credit card or bank statement by snail mail. You will have no idea money has been taken till it’s too late. Check your accounts daily.

Most recently we have encountered a really impossible virus to thwart. Let’s say your company is called The Garb Consulting I.T. Group LLC, and your domain name / @email.com address is garbcg.com. Most companies today will have common names of employees such as Amy, Mark, Florence, David or Michael. The hacker, or sometimes companies trying to solicit sales, will send an email to [email protected]. If there is a bounce-back email, which would say that no such person is there, the hacker will go on to the next name, [email protected], continuing until he gets the bounce-back, or the hacker may go on your company’s website or Facebook page to find a legitimate email you have, such as [email protected]. Then the email might be sent and would say “UPS delivered,” “please fulfill order,” or something generic. Then the hacker will phish your email and password. They may be doing this via your Gmail online account or some other way, so you don’t know this is happening. They will “creep” your email, looking for orders you may have made or bank transactions. Then, here is the tough part. They will use some program that will use your email as the FROM account. They will use info about your company to make the email recipient think it’s a legitimate email. Companies that generate many invoices without review should share this article with their staff. Ask if any of them were to get an email from the owner for an order, would they be afraid or embarrassed to ask you if it’s real. Most employees would probably answer that they would not alert you.

Then all the havoc happens. The hacker will start sending emails to all of your users, asking them to open a Google Doc or DropBox file. This is a virus that will then infect the user’s PCs and email.

How can we prevent this? Make sure that you have purchased all domain names that are close to your domain, i.e., garbcg.com, bargcg.com, garbcgs.com,.org,.biz—all the extensions. For $8 a year it’s well worth it. All you need is someone to grab a domain that’s garbcgs.com and they can open legitimate emails and there isn’t much you can do about that.

The most important part is under your domain account. There is something called a “catchall.” If someone makes a mistake and changes [email protected] to [email protected], all those emails should go to your account. This will be what hackers are counting on—that you don’t have a catchall or you are not checking that account. You MUST check those emails to see if someone is trying to get access to your emails.

Every six months, proactively change all the passwords on your email. Be smart; don’t pick your kids’ names +123 or password, 1948 or “peace.” If you refuse to use Gmail as your email address, make sure you change your security questions as well.

Though the writer is guilty of this as well, add the last name to your users’ emails, i.e., [email protected] should be [email protected]. This will stop the usual name emails being sent. At GCG we have some of these email addresses from 15 years ago, from when there was only me and Chaim Silberstein. So we have [email protected] and [email protected]. Funny, we have four Chaims here and have to use last names now.

One other side note: We are seeing users who work at companies using their personal email for company emails. This is a very bad idea. If there was a legal issue, how will one explain that the emails were sent from a personal email address and the emails were deleted, or the person no longer works there? Laziness isn’t going to cut it in court.

Lastly, this is from 20 years of IT: If you get a virus, DO NOT send an email out to everyone, saying, “So sorry that you got an email—it’s a virus and ignore any suspicious emails.” It’s usually too late and all you will do is get flagged as spam or cause panic to your users.

Be vigilant and change your passwords proactively.

By Shneur Garb

Leave a Comment

Most Popular Articles