• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Arcane Tech

  • About Us
  • Business IT
  • Smart Home Automation
  • Blog
  • Support
  • Contact Us
You are here: Home / Blog / Malware – Tips for Employees

July 27, 2017 By Colin Learmonth

Malware – Tips for Employees

Recently, there has been an endless stream of news about cybersecurity threats for large organizations, governments and small businesses alike. As IT administrators and service providers bulk up layers of security to respond to the proliferation of threats, it is clear that everyone must participate in keeping their systems and their organization’s data safe.

Here are some quick tips to help employees spot trouble.

Be Skeptical

First and foremost, always be skeptical. You know your business contacts and their processes. If you get an email from one that seems out of the ordinary (not consistent with normal timing, impersonal salutation, poor spelling / grammar, etc.), call them before you click a link or open an attachment. Ask them if the message is legitimate.

Addresses & Links

Unfortunately, many of the Internet’s core services were not built with security in mind. Much of the information displayed in an email can be easily forged. Links in an email or webpage can show one thing but actually link to another.

Always check the “From:” address on suspicious emails. Often the name displayed will look legitimate but, upon closer inspection, the address is from an unrelated domain.

Email posing at FedEx but from is actually a different domain.

Before you click a link within an email, let your mouse hover over it to show you where it’s actually going. This will either display right over the link or at the bottom of the window. Typically, a malicious link will display a foreign domain or inconsistent path to what it claims to be (e.g. yourbankname.something.ru, randomsite.com/yourinsurancecompany, 10.10.1.32:5050/paypal, etc.).

Example of a malicious site posing as a FedEx invoice link.

Popups & Malvertising

While email is a very common delivery method for malware, websites continue to pose a threat as well. Often the threat comes in the form of a pop-up posing as an anti-virus alert, technical support notice or system error. Even if you’re on a reputable site, cybercriminals can inject these malicious pop-ups into compromised ad networks, a method called “malvertising”.

Example of a false pop-up warning.

It’s important to know your technical support and security vendors. If you run into a pop-up that tells you to scan your computer or call a number for support and it’s not a familiar service or number, close out of your browser window. Avoid clicking any of the “Ok” or “More Information” buttons within the window as those can launch malicious scripts. If it is unclear how to close out of the browser or new ones keep popping up, ask for help from your IT administrator or service provider.

Office Attachments

An increasingly common method of distributing ransomware / malware is through the use of Microsoft Office file attachments. While most email services filter for viruses within emails and their attachments, these Office files contain macros that, when enabled, go out to the Internet and download the malicious code. Microsoft has put safeguards in it’s more recent versions of Office to keep macros from running without authorization.

Microsoft’s warning about potential for malicious code.

Avoid enabling these files for editing if you are not sure where they come from or why you received it. Send files that don’t require editing as PDF as those don’t have the ability to store this type of embedded code.

Unplug & Speak up

Lastly, if you feel like there may be malicious software on your system , don’t hesitate to unplug it from the network and contact your administrator or service provider. Your computer may start to slow down or you will spot files that you can’t open. Those are indications that the malware is trying to infect other machines or encrypt company data. It can only do that if the computer is connected to the network. Often the most damage is done when concern over embarrassment or blame causes inaction.

Filed Under: Blog Tagged With: Education, Featured, Security

Primary Sidebar

Social

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Search

Recent Posts

  • Hope for Best, Prepare for Worst – Hurricane Edition
  • Malware – Tips for Employees

Footer

Arcane Technologies, Inc.

918 Monticello Road
Charlottesville, VA 22902
434-979-7979
info@arcanetech.com

Social

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Search

Copyright © 2021 · ARCANE TECHNOLOGIES INCORPORATED