ERP Consultant Blog

ERP Software Consultant Reviews Internet Security: A Phish Email Tale

Written by Rick Rusch | Tue, Jun 09, 2015

5 Internet Security Tips from an ERP Software Consultant Perspective

You hear about tales of the one that got away, but have you ever wondered what a true phishing exploit looks like?  How to identify and deal with it is the biggest question.  As an ERP consultant who's helped clients with internet security, I've put this in a post to help explain how to spot these dangerous emails. The below items may be harmless, but it is smarter to take pre-cautions to avoid an infection in the first place.

So let's get started...

1. It Wasn’t Sent to You
This is very obvious in the phishing email.  The "TO" portion of the email is either BLANK, just your email address, or even worse, addressed to someone else you know. This will be your first clue something might be amiss.
2. Sent from a Company You Don't Use
Whether it is a bank, clothing store or another known or unknown vendor, if you don't patronize
that business, simply delete the email as it is a phishing exploit.  By the way, the IRS NEVER communicates through email.
3.  Contains an Attachment
This will take a bit of explaining.  Based on your Windows configuration your computer system will either display known file extensions or it won't. We'll discuss both:
  • Extensions Hidden:  
If this is the case a normal PDF or Word document attachment will simply display the document name, such as RicksArticle with no ".pdf" or ".docx" extension. However, the hackers sometimes attempt to fool you by putting a fake extension on attachment. If this is the case, instead of only seeing the document name you'll see the document name plus a ".pdf" or other presumably safe extension.  In the words of Admiral Ackbar, "It's a TRAP!" You don't know what the true extension is, so don't open it.
  • Extensions Shown:
This makes it somewhat easier to discern when a hacker is putting on a fake extension as you'll see the attachment name as "RicksArticle.pdf.zip" or "RicksArticle.pdf.pdf" If you see a fake extension it's a clear sign the attachment has something bad in store for you. Lack of fake extensions doesn't make it safe though.  If the file is a ZIP file, such as "RicksArticle.zip" these should be considered dangerous and not opened until you confirm it was sent by someone you trust. By that I mean contact them either by text or phone as their email account may be compromised. With today's better methods of sending large files, very few people send zip files as email attachments, so seeing a zip file attachment is a BIG RED FLAG.
Generally my advice is simply don't open ANY attachment you aren't expecting to receive from a person you trust.  Even photos and pdfs can now carry malicious software.
4.  Vague or General Information About The Account Holder
Ok, let's say this is a vendor you do patronize, but there's nothing specific about you, the account holder in the email.  It's addressed to "Dear Customer" or "Urgent Action Needed" Obviously the attacker doesn't have specific information about the account, so it's a shotgun approach to get you to click on the link or open the attachment.

5. Malicious Links In The Email
I know what you're saying, "Rick, if I knew what a malicious link looked like, I wouldn't be reading this."  Good point. To me, any link which doesn't go where I would logically expect it to go is malicious.  The link should CLEARLY take you back to the originator's business. Also, if the link has a country code in it and you aren't living in that country, delete the email.  For an explanation of country codes, click HERE.
6.  Friends Sending Links
This one is a bit tricky. A good friend of yours sends you an email with a short message such as "Hey, look at this!" with a link.  Contact your friend through another means, such as texting, asking if they truly sent you something. Many times they have clicked on something they should not and the result is it sends a malicious email to everyone on their contact list. Another situation is their account has been hacked.  This is particularly true if it is a free account such as Yahoo or Gmail.

As you can tell, the best advice is to not click or open anything in an email of which you aren't expecting or feel secure.  The list above is common sense to most IT people. My hope is to make it more common among the Internet Population in general. Lastly, the hackers are becoming more sophisticated each day. Talk to your IT group about detecting threats.  The paradigm shift is toward detecting active threats. Be suspicious of all your emails and you'll be a detective for active threats yourself.

Complete Programmed Accounting, Inc. (CPA, Inc.), is a team of ERP software and CRM software integration specialists in the central Indiana area with over 20 years of experience supporting SYSPRO ERP, SYSPRO CRM, TRAVERSE ERP, TRAVERSE CRM, Platinum for DOS, and Platinum for Windows, where your support is our service.

CPA, Inc. was founded in 1992 with the following mission statement: “The ability to take advantage of the power of timely information lies in the successful implementation of complete, appropriately configured and properly installed financial and management computer systems.”

Contact Completed Programmed Accounting at: (317) 290-8702.  Email:  sales@cpa-inc.com. The Complete Programmed Accounting Web site is located at:  www.cpa-inc.com

Follow Complete Programmed Accounting, Inc. on:

 

 


Another version of this blog was previously posted on April 19, 2015 on CPA, Inc.’s BLOG site. Phishing Email, An Anatomy Lesson

Photo courtesy of www.freedigitalphotos.net by artur84