Ontario Provincial Police are warning the public about the dangers of email attachments in an ongoing effort to raise internet security awareness.
That innocent looking attachment could be anything from a phishing link that is used to steal your personal information to a Trojan RAT that allows hackers full access over your computer and anything connected to it, they say.
The Ontario Provincial Police are participating in educating the public for a nationwide campaign called Cyber Security Awareness Month.
Experts say things are getting more and more complex, even as people are warned of the dangers on a near constant basis.
“Companies must be prepared as attacks are becoming more complex and hard to distinguish,” says Luis Corrons, Technical Director at security firm PandaLabs.
Increasingly, cyber criminals are using a tactic know as “spearphishing”. It works by their gaining information about their victims through platforms such as social media, then using the information gained they begin to create fake emails that are customized around your personal interests. A typical email will look like it is coming from a company, person, or organization that you are affiliated with to increase the likelihood that you will open it and fall into the trap. Nobody is safe and everyone is a target, from kindergarten teachers to the head of multi-billion dollar companies.
“Spear phishing campaigns are growing, all of them with the same goal: set a foot on corporate networks to perpetrate large attacks to steal all kind of financial and confidential information,” adds Corrons. “New approaches are needed, such as having advanced threat detection capabilities. CISOs need to know what is being executed in all servers and endpoints, with forensics capabilities in case an intrusion takes place.”
Cyber criminals have become very creative. They will create fake websites with web addresses that look scarily similar to their authentic counterparts to steal sign in details. Some phishing sites even have purchased SSL certificates, which usually implies that your information is being handled in a safe and secure manner.
Public Safety Canada lists three points you should always follow to help keep yourself secure:
• Don’t respond to emails requesting private information, or click on links from unknown sources.
• Be on the lookout for email scams where the message is alarmist, has spelling mistakes, offers a deal that is too good to be true
• If in doubt, call to authenticate the message with known or public contact information.
Phishing attacks can have large implications. In December of 2015 an electricity service provider in the Ukraine was targeted by one. As a result, the cyber criminals were able to install malicious files into the provider’s systems that turned them off and prevented it from rebooting, resulting in 700,000 people losing power.
The most targeted industry sectors include financial, payment services, internet service providers, and of course retail.
The United States is home to around 60 per cent of the worlds total phishing websites, Canada hosts less than 2 per cent. Also, Asian countries have the highest infection rate from malware based phishing scams, Europe has the lowest, and North America falls somewhere into the middle of the pack.
Below: How To Spot a Dangerous Email Attachment