I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.
First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you’re using is patched and ready to fend off attacks. If, for instance, you’re still using a version of Outlook that’s no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You’re better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I’ve found to be good — if you simply need light email and calendaring.
Sometimes protection can be old-school: If you weren’t expecting an email, but you know the person who sent it, one of the easiest ways to check if it is legit is to pick up the phone and call. The same goes for business-compromise email schemes: the best way to ensure your bank account is not cleaned out is to call to confirm a transaction. Remember, even smart people can be scammed; Barbara Corcoran, the Shark Tank judge, nearly lost $400,000 last year when scammers pretending to be her emailed her bookkeeper to authorize a banking transfer. (A poorly formed email address tripped up the scammers.)
Instead of using different email clients, you can also switch platforms. As more companies move to the Apple platform or to Chromebooks, people can be lulled into thinking they’re immune to attacks. But as users move away from Windows, so do attackers.
It’s always important to make sure whatever OS you use is up to date. It’s easy to use an unpatched Chromebook and not realize it needs to be updated. Even Chromebooks are not immune to attacks, so you need to regularly review the extensions and applications you use and change web-based passwords regularly. Use a password management tool and don’t save passwords in your browser. It may be convenient, but it’s also convenient for attackers.
As for the Apple platform, many people have moved from Windows desktops to more mobile devices like iPhones and iPads — so attackers have pivoted to these targets, too. The risks from malicious applications or devices connected to unknown Wi-Fi networks affect iOS and macOS as well.
Watching what attackers do
I’ll be the first to admit that I’m a curious geek. I like to know and understand what tricks attackers use against me so I can better protect access to my data and computers. One site I have turned to is www.reverse.it. It allows you to use a virtual machine to open a malicious link or file. (You can also visually see what the resulting link or file is trying to do.) Often, I can see these links launch another URL that successfully bypasses antivirus detection. I also see many sites that serve as landing pages to harvest usernames and credentials. Attackers can, for example, pretend to be a landing site for Office 365 or OneDrive in order to steal the exact information they need to access cloud data. Other times, I see malicious Office files that try to launch macros to gain access to a system.
There are steps you can take that go beyond just updating your systems, whether you use Windows, Chromebooks, or iOS/macOS. Review the risks for each platform and make adjustments.
With Windows, consider disabling scripting in your browser. Instead of disabling scripting site wide, you might use a plug-in like NoScript; it allows you to choose the sites on which you’re comfortable running scripts. Microsoft is in the process of testing a mode on its Edge browser that will disable the just-in-time engine to bolster security. Another alternative: the Tor browser, which includes NoScript and can be installed on multiple platforms ranging from Windows, Apple, Linux and Android.
Next, review your Office suite setup to make sure you’re running a supported version and adjust the default settings to block macros. (Most users of Office for Windows or Office for Mac can simply upgrade to a supported version where macros will be disabled by default.) If you open an Excel file that includes macros with the file extension of .xlsm and you don’t get a warning about macros, it’s past time for you to upgrade. Remember, there are free alternatives such as LibreOffice that are safer than an older unsupported version of Office.
Bottom line, take the time to understand what attackers do, and how they operate, and you can make better decisions on how to protect yourself. No one is too big (or too small) for attackers to care about. Keep that in mind and you’ll be better equipped to protect yourself.