Is This Email OK to Open? 9 Warning Signs to Watch

You probably receive dozens, if not hundreds, of emails every day. If just one of these has a hidden virus inside, it could create havoc at your company. Here are nine things to look at before you do any clicking in that email.

Email is the most often used vehicle to infect a computer or network. Deploying good business class, installing licensed anti-virus software and spam filtering are the proper first steps when protecting a computer or network.

Most studies show humans are the cause of many computer and network breaches. Employees are still the weakest link in the security chain and hackers use social engineering to exploit that weakness. With that, employers need to educate their employees to recognize the danger signs of suspicious and dangerous emails. Users must stop and look at an email and consider the following warning signs before clicking on embedded links and attachments or responding to the email.

Here are nine things to look for to determine if the email you’re about to open is safe.

1. The from: line

Do you know the sender? If not, be cautious. Even if you know the sender, does the sender’s name match the email address? For example, it is highly unlikely American Express will be sending emails from a Gmail account and not from americanexpress.com. Is the email from someone within your company but looks suspicious or out of the norm? Although the sender’s address may be familiar, the cybercriminal might be spoofing that address, making it look like it is coming from a trusted source when it is really coming from a spammer or someone sending a phishing email. Does the sender’s address look suspicious, perhaps containing a slight misspelling? An example might be an email coming from micorsoftsupport.com. Can you spot the incorrect spelling of Microsoft before you open the email, attachment or click on an embedded link? If you have had no prior communication or relationship with the sender, the email may be dangerous.

2. The subject: line

If the wording/text in the subject line does not match the wording/text in the body of the email or has nothing to do with the content in the body of the email, the email might be a phishing or virus email.

3. Main Body (content/text of the email)

Does the email contain bad grammar and spelling? These are two good indicators the email may be phishing or worse. But don’t rely on bad grammar alone, as today’s cybercriminals have improved their grammar and spelling. Does the email have a high sense of urgency, asking you to click on a link or open an attachment to avoid something or to receive a reward? Does the text of the email simply look wrong and you have an overall bad feeling about the email? If so, then restraint is best.

4. The to: line

You receive an email and there are many other recipients in the to: line and you recognize few, if any. Perhaps an individual has been hacked and their contact list is being used by the spammer and your address happens to be in that contact list. The cybercriminal is now sending emails to all the people in that list, you included.

5. The CC: line

The same situation as the to: line.

6. Attachments

The email contains an attachment and the file extension looks suspicious, especially if the attachment is a .exe or zip file.   

7. Embedded Links

Does the email contain a link and the sender requests you click on the link in order to update some information or download information? Does the link address have relevance to the email? Is the link address exceptionally long or does it seem to have a misspelling such as the micorsoftsupport example? Can you spot the misspelling before you click on the link?

8. Unsubscribe

Does the email contain a link where you can unsubscribe? If so, be cautious when you unsubscribe as the link might launch a virus. Also, spammers send out millions of emails in bulk, often to addresses that may not exist in hopes that some are correct and arrive in an inbox and are then opened. If you unsubscribe, you are sending a message back to the spammer that you are a real person and spamming will continue.

9. Alias Addresses

Does your company, like most, use alias addresses such as sales@, info@, hr@ and others? These types of addresses usually forward an incoming email to many others in the organization. Cybercriminals will target these addresses as they know their email will be forwarded to many others in the organization with a greater chance of the email being opened.

If any of the above are relevant to an incoming email, be cautious before opening or clicking on links or attachments. Deploy network security processes and products and educate your employees in order to greatly reduce the chance of malware hitting your network.

Steve Giordano is president of TeamLogic IT. Learn more about the company by clicking here.

Share
  • Email
  • Next up: It's Chilly In July - We're Talking to You, Restaurant Owners!
  • More in Operations
  • It's Chilly In July - We're Talking to You, Restaurant Owners!

    In the heart of the summer people are so eager to be out and about, soaking up the sun and shaking off those last bits of winter frostbite. What a consumer doesn’t want is to taste that frostbite on their steak and asparagus!

    In the heart of the summer people are so eager to be out and about, soaking up the sun and shaking off those last bits of winter frostbite. What a consumer doesn’t want is to taste that frostbite on their steak and asparagus! The temperature outside being so hot does not mean that your freezer needs to be compensating for it - it’s costing you money, probably in more ways than one. Your refrigerator ought to stay above 35 degrees Fahrenheit - anything lower - and you’re paying extra. Catching this oversite and being continuously mindful of ways to conserve energy will save money in the short run. Serving nice people with great food on an outdoor patio is what a successful restaurant owner has been looking forward to all year; regain some capital by following this easy tip:

    Place a thermometer in a glass of water and place it in the center of the refrigerator. Simultaneously place a thermometer in between packages in the freezer.  Read the results in 24 hours and adjust temperatures to save on energy consumption.

    For more information on this matter, please read here.

    Share
  • Email
  • Next up: It's Official, We Are A Tech Hire Community!
  • More in Operations
  • It's Official, We Are A Tech Hire Community!

    It’s official, we are a TechHire Community! Summit County with the help of Conexus (formerly Summit Workforce Solutions) and countless other partners have helped bring a White House initiative to Northeast Ohio to create a new supply of qualified candidates for in demand IT jobs in Northeast Ohio. OHTec is very pleased to be a part of growing talent here in NEO. We are working closely with RITE (Regional IT Engagement) on scaling this up to our organizations and members throughout Northeast Ohio.

    It’s official, we are a TechHire Community! Summit County with the help of Conexus (formerly Summit Workforce Solutions) and countless other partners have helped bring a White House initiative to Northeast Ohio to create a new supply of qualified candidates for in demand IT jobs in Northeast Ohio.

    OHTec is very pleased to be a part of growing talent here in NEO. We are working closely with RITE (Regional IT Engagement) on scaling this up to our organizations and members throughout Northeast Ohio.

    So what is TechHire?

    Shifts in employer behavior over the past 25 years and labor market failures have produced an unintended consequence: difficulty hiring the volume of talented individuals with desired skillsets needed to continue to sustain and grow businesses. At the same time, many individuals who seek meaningful work lack sufficient information and institutional support to obtain access to the skillsets, pathways and credentials to signal their potential to employers. In the aggregate, this leads to the paradox of 5.8 million open jobs (the highest on record) while tens of millions of working Americans are unable to meet their true potential. This dysfunction in our labor market is costly to employers, individuals, the US economy and society at large.

    TechHire aims to fix this dysfunction for Information Technology (IT) occupations: these roles account for 15% of open jobs, pay 50% above median wage, and are critical roles for employers to fill in every sector of our economy. Through TechHire, a national initiative, an ecosystem is being built through a growing network of 50 communities, 600+ employers with IT hiring needs, and dozens of training institutions and civic actors thus far. This network will serve as a national platform that connects employers with individuals who possess the skills and motivation to be successful employees, but whose nontraditional pathways to acquiring those skills too often render them invisible to traditional recruiting processes. (www.techire.org/about).

    OHTec is at the forefront of this initiative and is a lead partner in this four-year grant. Our role is to help get these trained folks into internships with IT companies, as well as full-time job placement throughout Northeast Ohio. If your organization is interested in being at the "front of the line", ready to hire tech talent, please reach out to Patrick Antos via email

    OHTec will keep putting out more information as it comes to us to keep you all in the loop on talent initiatives like TechHire and more.

    For more information about TechHire, visit http://techhire.org/community/akron/.

    Share
  • Email
  • Next up: It's All About the Data, Baby
  • More in Operations
  • It's All About the Data, Baby

    I’ve been in IT for a long time - perhaps you have too.  In the late 80’s, when this industry was in its infancy, there were mainframes, minis, PCs and ATs.  Forget laptops–they didn’t exist and these new desktop computers (PCs and ATs) were (in my opinion) the first models which could realistically handle business functions.  

    As time went on, we saw the value in sharing the data we were working with, thus the concept of File Servers and Networking developed.  Along came the internet and we had access to a world-full of information.  We could share information with other companies and access their information too, faster than ever before.  Instead of measuring data amounts in MB, we now measure it in GB and TB.  Instead of waiting a couple of days for snail mail, we now are impatient if we don’t receive information in an hour.  Waiting 30 seconds for a program to load is intolerable!

    When this industry began, companies knew they would have to invest in an IT infrastructure and that it would be expensive.  A normal life span for that File Server or desktop computer was typically 5-7 years:  the OS wasn’t frequently coming out with new (required) updated versions and any hardware issues were affordably fixed. Machines got faster and more sophisticated.  Software allowed us to work more productively.  The price of hardware dropped.  We began accessing large volumes of information faster than ever before.

    Then, thieves discovered the truth about computers and data:  the real value to a company is not in the hardware that we show as an asset on our Balance Sheet.  The true treasure lies in all of that information we type into our laptops, phones, handhelds, desktops and other devices day after day.  Think about it – we spend our days entering information into all sorts of places – sometimes purposefully, sometimes without thoughts of possible consequences.  Hacking is now a vocation – well funded and supported by people who discovered they can extort and/or use your information for their purposes and profit.

    We no longer can responsibly expect to invest in our company’s IT once every 5-7 years.  The speed of technological developments is now congruent with the advancement of vulnerabilities and threats. Whether you are a sole proprietor or a Fortune 500 company, your IT world requires a well thought out infrastructure plan and strategy – and a budget. The Asset to your company does not appear anywhere on your Balance Sheet – the new asset is YOUR DATA. 

    Consider all the obvious (potential) components which are the Foundation of Business Technology (using a Traditional Workforce Model):

    Computers Router/Firewall/Switch Security Backup/File Storage Wireless Access Email (Commercial Grade) Phones Modem Internet Service Provider (ISP) Printers (networked or standalone) Web Presence 

    Any of these can be vulnerable to attack or intrusion. 

    Let me make some of you squirm in your chair a bit:

    • Is the password to your phone system or networked printer the default from manufacturer?  
    • Do you know if any of your people are saving critical files to their desktop which are not a part of your backup set?
    • Do you have an annual IT Strategic Plan and budget in place?
    • Are the patches and updates to all the above-mentioned hardware and software current?
    • Do you provide email best practices or Acceptable Use training to your people?

    Now for two alarming statistics:

     Alarming statistic No. 1: According to the University of Texas, 94% of companies suffering from a catastrophic data loss do not survive–43% never reopen and 51% close within two years.

    Alarming statistic No. 2: Seven out of 10 small firms that experience a major data loss go out of business within a year, according to DTI/PricewaterhouseCoopers.

    We work so hard to keep our businesses profitable and productive.  Why would we willingly give away the company’s greatest asset, its data?  

    Patty Zinn is the CEO of MicroSystems Management.

    Share
  • Email
  • Next up: Kansas City BBQ and Technology
  • More in Operations
  • Kansas City BBQ and Technology

    Seems like a pretty obvious connection, doesn’t it?  Well, if you’re having trouble connecting the dots, KC was the proud host of the recently held Technology Councils of North America (TecNA) summer conference.  Roughly 120 folks from tech associations around the US and Canada gathered to share best practices, discuss industry trends and take back great ideas to their constituents. OHTec is a long-standing member of the association and we’ve always been diligent about attending the conference, sharing our experiences and actively stealing ideas from our colleagues.

    Seems like a pretty obvious connection, doesn’t it?                                                          KC

    Well, if you’re having trouble connecting the dots, KC was the proud host of the recently held Technology Councils of North America(TecNA) summer conference.  Roughly 120 folks from tech associations around the US and Canada gathered to share best practices, discuss industry trends and take back great ideas to their constituents.

    OHTec is a long-standing member of the association and we’ve always been diligent about attending the conference, sharing our experiences and actively stealing ideas from our colleagues.

    Some key takeaways form this year’s conference: 

    Tech Talent - it’s a challenge for everyone!

    • Interestingly, folks from KC have the same lament as we do in CLE:  it’s tough to attract from OUTSIDE the region
    • We're a little ahead of the curve in some talent areas due to our collaborations with, and work of, Regional IT Engagement and others
    • Tactical recommendations:  flexible a work arrangements are gaining steam with millenials, large scale, in-market collaborations seem to be more successful, be open to candidates who aren’t “perfect”
    • Our very own Patrick Antos, Manager of Talent Services, was a panelist on a tech talent recruitment breakout, sharing our success stories with programming and higher ed engagement

    Public Policy

    CompTIA shared that the House passed the Internet Tax Freedom Act, which we’d advocated for at the 2015 DC Fly-In, but it was unlikely for the Senate to pass it.

    • Electronic Communications and Privacy Act is sorely out of date with current technology and currently under debate for updating; OHTec will have the opportunity to lend support at an appropriate time in the near future
    • The 2016 DC Fly-In is scheduled for February 9-10; OHTec will be there! Blog readers/members interested in attending:  email us.

    Tech Events   KC2

    • Golf outings are dying (which is fine, since OHTec has never done one)
    • Colorado created a tech tour of different parts of the state to engage elected officials, tech companies and others - a very interesting idea
    • OHTec’s Tech Week received a lot of interest from our colleagues, none are doing one to our scale, but we got some great ideas to help build out our Tech Week even more

    It’s a short conference, just a couple of days, but the connections we make with our peers and the ideas we bring back are incredibly valuable. 

    Oh, and Kansas City BBQ:  as good as its reputation!

     

    Share
  • Email
  • Next up: Keep the Bad Guys Out of Your Network
  • More in Operations
  • Keep the Bad Guys Out of Your Network

    It might seem like data hacks are a given in today’s business environment. A 2014 study by the Ponemon Institute found that up to 432 million accounts had been hacked during a 12-month period leading up to the study’s release. Small businesses are especially vulnerable to hacking, according to Steve Giordano, the GM/owner of computer and IT services company TeamLogic IT. Small businesses are often thought of by hackers as being easy targets because the businesses tend to have the least amount of cyber defense in place.

    It might seem like data hacks are a given in today’s business environment. A 2014 study by the Ponemon Institute found that up to 432 million accounts had been hacked during a 12-month period leading up to the study’s release.

    Small businesses are especially vulnerable to hacking, according to Steve Giordano, the GM/owner of computer and IT services company TeamLogic IT. Small businesses are often thought of by hackers as being easy targets because the businesses tend to have the least amount of cyber defense in place.

    “Hackers release the virus into the wild and they hope that the virus finds its way into the network,” he said during a recent COSE WebEd Series webinar titled “Security Tips for Small Businesses: How to Keep the Bad Guys Out of Your Network.”

    More often than not, it’s the employees themselves who unwittingly let the virus in, he said. This is often done via emails that mimic the look of official emails from companies such as AT&T or Twitter. Employees are told they have to click to look at an unopened message on the social network or that they have an unpaid bill to look at, but clicking the link in the email actually activates the virus that can cause a business to come grinding to a halt.

    Even a small company with just 20 employees could potentially face hundreds of thousands of emails every year, Giordano said. That represents a lot of ways inside the business. And viruses can cause a lot of unwanted damage, from pilfering sensitive financial information, to encrypting crucial files a company needs while the hacker asks for a ransom to be paid to unlock the files.

     

    Security steps

    So what can small businesses do to make sure they’re protected? First, educate employees, Giordano said. Make sure employees are aware of how they might be targeted and also put policies in place, such as a password policy, to help keep things secure.

    Also, businesses shouldn’t rely on free antivirus software as free versions of the software often lack critical systems that the paid, business versions of antivirus have. “There’s a reason why it’s free,” he said.

    The cost of vulnerability can be high, Giordano said. Prevention, and backing up data daily, is the key to minimizing any potential hack-related losses.

    You’re going to look at downtime,” he said. “You have to put a value on that amount of downtime. You could lose data. I’ve seen situations where if companies lose all of their data, they go out of business in six to nine months. It can be that traumatic.”


     

    Want more expert advice? Check out Linktunity, an online forum connecting business owners with creative solutions to the tough questions they face every day.

    This article originally appeared in the September 7, 2015, edition of Small Business Matters.

    Share
  • Email
  • More in Operations