“If something seems too good to be true…

…it probably is.”

It’s an old, well-worn saying for sure, but it holds as true today as it did way back whenever the anonymous, cynical, amateur philosopher came up with it.

Recently in New Zealand, there have been an increase in phishing attempts trying to get people to open email attachments which then deploy malware onto the computer, and recruit your PC into a global network of compromised machines.

A few weeks ago, there were a number of emails arriving to various mailboxes I hold claiming to be from DHL or UPS and containing details of a package delivery, over the last few days, this threat has evolved to include messages purporting to be from Amazon and including details of a paid order.

The short version of this post is simply:

“Don’t open attachments from people you do not know”

…but we can also extend this advice to “Treat any attachments or links from people you think you may know with a healthy dose of caution”.

For those who are interested in a little more information

The biggest risk around phishing attacks is they take advantage of our human nature of curiosity, implied trust of people (especially those we believe we know) and, dare we say it – greed. These “social hacks” are useful in that it’s relatively simple to change the appearance of an email so it looks like it comes from a friend or colleague, or to obscure a link to make it appear that is comes from your bank, or favourite social networking site.

It’s human nature…

The very nature of how we as humans operate is once we recognise a name we believe we can trust, we instinctively lower our defenses to being scammed and are often convinced to click that link, or open that email attachment.

The best defense against such attempts is a healthy dose of skepticism, look closely at the link, does it look long and complicated, does it redirect through a web domain that you don’t recognise?

Scan your email attachments – and, if you are in any doubt, contact your friend/colleague to check on the attachments validity. Or, visit the website directly rather than clicking on the link within the message – if it is your bank contacting you, you’ll still be able to access the information directly from the bank website, if it is a message from Facebook – you’ll also be able to get those updates direct from the site.

Protection at Home

In terms of viruses and malware, we don’t have anything near the same level of protection that we may enjoy on a corporate network. It’s up to us, whether we’re at work or home, to make the right decisions when dealing with any communications which may expose us, our machines, our data to risk. Email, Instant Messenger links, Social Network links/messages/applications, the list goes on – they’re all targets

The best advice I can offer is:

• Keep your operating system and applications updated with the latest patches as they are released
• Invest in a good anti-virus/anti-malware program, keep it updated daily – and use it to perform regular full scans on your systems, as well as checking out those suspicious files
• Access websites from your browser rather than via emailed links
• Perform regular backups of your important files (don’t forget your digital photos & video)
• If you think you may have been compromised, scan your systems, change your passwords and seek help.

Above all, employ a healthy dose of skepticism when dealing with communications that you are not expecting, even when you believe you know the sender – and be careful out there…