Why do I receive spam?

Spammers collect email addresses (including yours) from a variety of sources including websites that you have registered your email addresses with. They then send you emails in an attempt to verify that your address is valid in order to start sending unsolicited spam messages, often as part of phishing scams.  Phishing aims to obtain sensitive information such as login or password credentials, credit card numbers or bank account details often as part of ransomware attacks.  Often spam is responsible for spreading malicious code or spyware on to machines and transmitting viruses.

Give me an example of an email virus infection?

E‑mail attachments are a primary source of virus infection.  As an example, you can receive an e‑mail, even from someone you know, with an attached file that is disguised as a document, photo, or program, but is actually a virus. If you open that file, the virus will infect your computer.

What else do they try and do?

Deceptive links in e‑mail messages are often used as part of phishing and spyware scams and can look as though they are genuine, but they can also be used to transmit viruses. Clicking a deceptive link can take you to a webpage that attempts to download malicious software onto your computer or encourages you to enter sensitive information into fake webpages. Use extreme caution when deciding whether to click a link in a message, particularly if the sender is unknown to you or the message itself, seems inappropriate or very vague.  Even when the message appears to be from a genuine sender it is always better to exercise caution in choosing whether to open a link.

RansomWare Troubling new statistics show that over 18 million dollars were paid to ransomware thieves between April 2014 and June 2015.  More than 6 million detected ransomware attack attempts in Q4 2015.  50% of all malware are now ransomware attacks.  Industry experts agree that a staggering 93% of phishing emails now contain encryption ransomware.  Many are opened by end users who don’t understand they are the targets of carefully crafted social engineering and results can be expensive and catastrophic.

Spoofing is the creation of emails with a forged sender address, the sender address could purport to be from your own email address.   A spoofed email does not mean the alleged sender has been hacked.  Spam and phishing emails commonly use spoofing as a means of misleading the recipient about the origin of the email.   You can recognise a spoofed email sent to you by checking the message header.  To check the sender in the message header, open the email message (by double clicking), click the File tab, on the Info tab click Properties and header information appears in the ‘internet headers’ box.

What are Ventrus doing to protect us?

Anti-virus and Anti-spyware – Ventrus has deployed Anti-virus and Anti-spyware which automatically blocks the “known” viruses and phishing scams however this is an ever-evolving and hourly changing threat and new technologies are consistently being designed and deployed to circumvent these security products and spread malicious software.   Until those malicious technologies are deployed, the threat is unknown and patches will not have been developed therefore no amount of anti-virus or spamware will ever completely eliminate this threat.  It is therefore very important to remain aware of the risks and take the appropriate action.

What should I be doing to minimise the risk?

To reduce the possibility of receiving spam or spoofed emails there are things you can do to protect your email addresses and accounts, on your computer. The following tips will help you and your company combat the amount and type of spam you receive.

  • Limit the places where you post or register your business email address
  • Review the privacy policy of websites

What should I do if I receive a suspected spam or spoofed email or an unexpected attachment or link?

EmployeesIf you receive an email from an unknown source or even an unexpected email from an apparently known (spoofed) source, particularly if it has attachments or links, the general rules are as follows:-

  • Never click on any links or attachments: this is the simplest and most effective way to handle junk, phishing or malware emails.
  • Ignore and delete the spam message
  • Never reply to a spam message as this lets the sender know it is an active account.
  • Never forward a spam message.
  • If you receive e‑mail attachments or links from a KNOWN SOURCE that you aren’t expecting or the content seems unusual, consider contacting the sender and asking them to verify that they actually sent the attachments or links before you open them.  You could also check the header as above.
  • Review your password policy and ensure you are using separate and complex passwords for every online account – see our blog guide on “How your passwords could be compromised and how to create and manage secure passwords”.

What else can the company do to minimise the risk?

Establish and enforce clear information security policies, and educate staff not to respond to spam emails. By responding to spam emails, employees are actually confirming their company email address as a valid address to spammers.

Review and enforce your password policy.

Restrict the use of office email addresses for personal messages or participation in website newsgroup or chat rooms by employees.

Do not register your company email address on websites that you do not trust not to pass on your details to third parties. Ensure employees register their personal addresses with personal use websites.