News

21 – How to protect your small business from Malware and Phishing attacks


phishing email

I recently received a scary email involving my PORN BROWSING HABITS!?!?  The email threatened me with everyone in my contacts getting a picture of me along with my browsing habits.

WHAT SHOULD I DO?

We break down what this email means and how they can start to generate emails that can be really scary and fool people into paying Bitcoin with these emails.

One step in looking at these emails is Have I Been Pwned. This shows you some of the passwords that have been breached.

There are 3 layers of defence that youcan use to protect your email.

Firstly, a cloud based email system will check for viruses, malware and phishing emails.  This means that dodgy emails don’t even get to your network.

Secondly, a firewall that also checks for viruses and malware.  A great firewall means that a lot less viruses and malware emails will get into your network.

Lastly, make sure you have a decent antivirus system.  We use and recommend Webroot.  We would be protecting thousands of desktops, servers and laptops with Webroot.

These technologies work well and can dramatically decrease the number of issues that you will have, but they don’t stop all of them.

We discuss some of the impacts of these emails, loss of productivity, loss of profit, but also the impact on the person who has clicked on a link that they shouldn’t have.

We created a video with 7 real life examples that I have received in my inbox and we discuss the tricks of the trade to learn if an email is legitimate or not.

We also have a system that sends a phishing email to our customers which records who clicks on it and who doesn’t and for those that do, they are sent to a web page that goes through some of the training to ensure that they are better equipped to avoid clicking on those nasty emails.

If you do click on an email, turn the PC off immediately and call your IT support.  Depending on the type of email, the quicker you act, the less the impact will be.

When in don’t call the sender and verify the email.

Lastly, ensure that you have proper back ups and that they have been tested.  You need to have confidence with your back ups.

We have a couple of free trials to help you better defend your network.  We have a free trial of the Phishing email training campaign and Webroot AV.  Webroot is great, it is what protects our network.

  1. Conducting awareness training.  Webroot have a great Security awareness program that sends out monthly emails disguised as phishing emails which link in with education and reporting so that you can see the success of the training.  Sign up today for a free trial of the Webroot Security Awareness Training program.
  2. Effective Anti Virus software.  Too many times we see new customers suffering from a crypto or phishing scam and they either have no antivirus, or their free software hasn’t caught the malware.  We recommend Webroot because it doesn’t slow down your computer and it is highly effective at keeping your computer safe.  You can sign up for a free trial here. 

 

If you liked todays Podcast, please rate it and leave a review on iTunes.


Right click here and save-as to download this episode to your computer.

Here is the video that we created, please share it with everyone in your team, it is designed to help them understand what to look for.

How to keep your business secure from phishing and malware emails.This video goes through 7 phishing or malware emails that I received and how to spot them.https://suntzu4smallbusiness.com/podcasts/21-how-to-protect-your-small-business-from-malware-and-phishing-attacks/Please watch and share this video, because education on how to avoid dodgy emails is a lot less hassle than cleaning up the mess after someone in your team clicks on the wrong link. The video has 7 dodgy phishing or virus emails that I've been sent.We've got a lot of resources to help you better defend your network and train your team to be better with email attacks. Check out the link.

Posted by Sun Tzu 4 Small Business on Sunday, 2 December 2018

 

 

Here is the full text of the phishing email that I received 🙂

 

Hello!

 

I have very bad news for you.

09/08/2018 – on this day I hacked your OS and got full access to your account jeling@extremenetworks.com.au On this day your account jeling@extremenetworks.com.au has password: myspace_00

 

So, you can change the password, yes.. But my malware intercepts it every time.

 

How I made it:

In the software of the router, through which you went online, was a vulnerability.

I just hacked this router and placed my malicious code on it.

When you went online, my trojan was installed on the OS of your device.

 

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

 

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.

But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!

I’m talk you about sites for adults.

 

I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!

 

And I got an idea….

I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).

After that, I made a screenshot of your joys (using the camera of your device) and glued them together.

Turned out amazing! You are so spectacular!

 

I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.

I think $767 is a very, very small amount for my silence.

Besides, I have been spying on you for so long, having spent a lot of time!

 

Pay ONLY in Bitcoins!

My BTC wallet: 1HkKgPbcMyfhrdPsbufTFczzVnhyT5snB3

 

You do not know how to use bitcoins?

Enter a query in any search engine: “how to replenish btc wallet”.

It’s extremely easy

 

For this payment I give you two days (48 hours).

As soon as this letter is opened, the timer will work.

 

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.

If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

 

I hope you understand your situation.

– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)

– Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)

– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

 

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!

This is the word of honor hacker

 

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

 

Do not hold evil! I just do my job.

Good luck.