Brendan Burgess
Founder
- Messages
- 54,684
I just got this email which seems like good advice. Not sure who wrote it originally. But it's good general advice anyway:
You may be aware that there has been a major global cyber-attack unfolding over the past number of days. This cyber-attack known as 'WannaCry' targets Windows systems and represents a significant risk to all organisations. All users should 'think before they click' on any email attachment or suspect content. End user vigilance is one of the key defenders in zero-day attacks such as the recent 'WannaCry' cyber-attacks.
Below is some advice on spotting potentially malicious emails and links.
1. Is the email from a trusted source?
Review the "From" address - attackers often impersonate or "spoof" staff by using incorrect spelling of names or domains (i.e. "@y0ur0rg.com") you may be familiar with or in contact with.
2. Review the subject of the mail
Attackers often try to include valid email information in the subject to trick the user into believing the email is legitimate.
3. Review the spelling and content of the mail
Attack emails often contain poor spelling and grammar.
4. Ask "Is this mail relevant to my job role and responsibilities?"
Is the nature of the email related to your job function?
5. Does a mail refer to an action you did not take?
Typically attackers will draft these mails as responses to "requests" you may have made. Is there a mail trail of you requesting this information or file? Or is the email a once off?
6. Be vigilant of attachments
Attackers will often include a malicious file as an attachment to a phishing mail.
DO NOT open or interact with any attachments in strange or suspicious emails. Verify that:
- the sender is legitimate,
- the content of the mail includes a legitimate mail history,
- the attached file is one you have requested,
- the attachment is in the correct format (e.g. is this report an xls instead of the usual PDF?)
7. Be vigilant of links
Attackers will also try to include links to malicious content or websites. DO NOT click on any links that you do not trust or are not familiar with.
8. Don't forget hyperlinks
Attackers may use URL hyperlinks in the body of an email (e.g. "Click Here").
- Typically, hovering over these hyperlinks will disclose the real destination of the link
Thank you and please 'Think before you Click'
You may be aware that there has been a major global cyber-attack unfolding over the past number of days. This cyber-attack known as 'WannaCry' targets Windows systems and represents a significant risk to all organisations. All users should 'think before they click' on any email attachment or suspect content. End user vigilance is one of the key defenders in zero-day attacks such as the recent 'WannaCry' cyber-attacks.
Below is some advice on spotting potentially malicious emails and links.
1. Is the email from a trusted source?
Review the "From" address - attackers often impersonate or "spoof" staff by using incorrect spelling of names or domains (i.e. "@y0ur0rg.com") you may be familiar with or in contact with.
2. Review the subject of the mail
Attackers often try to include valid email information in the subject to trick the user into believing the email is legitimate.
3. Review the spelling and content of the mail
Attack emails often contain poor spelling and grammar.
4. Ask "Is this mail relevant to my job role and responsibilities?"
Is the nature of the email related to your job function?
5. Does a mail refer to an action you did not take?
Typically attackers will draft these mails as responses to "requests" you may have made. Is there a mail trail of you requesting this information or file? Or is the email a once off?
6. Be vigilant of attachments
Attackers will often include a malicious file as an attachment to a phishing mail.
DO NOT open or interact with any attachments in strange or suspicious emails. Verify that:
- the sender is legitimate,
- the content of the mail includes a legitimate mail history,
- the attached file is one you have requested,
- the attachment is in the correct format (e.g. is this report an xls instead of the usual PDF?)
7. Be vigilant of links
Attackers will also try to include links to malicious content or websites. DO NOT click on any links that you do not trust or are not familiar with.
8. Don't forget hyperlinks
Attackers may use URL hyperlinks in the body of an email (e.g. "Click Here").
- Typically, hovering over these hyperlinks will disclose the real destination of the link
Thank you and please 'Think before you Click'