Important Alert! Bad Emails: Email Spoofing/Redirect and Wanna Cry Vulnerability!
There has been a sharp rise in spoofed/redirect email over the last two months (Tax Time) and the latest in cyber crime!
Emails designed to trick the recipients into providing information to be used by bad actors for malicious intent or to engage an attachment
Let's break it down:
Some would say just the look of this email is suspect, but in a busy workday this email is tailored for a specific result. Get information from the recipient. (See examples below)
Note the email addresses, or the web-link that redirects or misdirects you to accomplish the bad actor's intentions.
The summary of these circumstances or threats is the paramount nature of end user awareness. Making sure your end users are more and more aware of email vulnerabilities and how they handle them.
1) Don't take an email for granted. Double check the sender, is it from who they say they are.
a) FedEx@fedexdelivery.tv this is a bad email address.
b) DocuSign@DocuSign.notice.com this is a bad email address.
2) Attachment or Body of email designed to mislead recipients, web-links to take them to other places to execute the vulnerability. (Execute payload from alternative location or redirect end user to a misleading website to login with their credentials to obtain that information from them.)
3) Close that email and contact your IT professionals immediately with any concerns to prevent a bad situation, if needed turn off that computer.
a) Contact the sender to validate the email and confirm said intention of that communication.
4) Obviously make sure your systems are up to date with the latest updates from the software provider, yes this includes Apple devices and ensure your anti-virus protection software is active up to date and working properly.
5) You, the end user are the best defense against cyber criminal activities. The bad actors have to get past you first for their threat to be successful.
Of course if you have any questions on this material or in general please contact us:
LMB Technical Services Inc.
Ph: 630.474.4015
Resources for Wanna Cry Ransomeware vulnerabilities:
Microsoft:
Wikipedia:
Bad Mail Examples: