Monday 07 Aug 2017 01 am
Today's case study is brought to you from the pretend GoVia email we received at Smartm8.
Today I opened my inbox to an email that nearly got me.
It had been a busy morning and I was a little less on the ball than normal. I am sharing this as a wake up call for everyone to see how easy it is for even the best of us to get caught. It can happen to ANYONE.
We wanted to share a few tips to help you avoid the very same scenario.
Check the domain name from the sender (often it is similar but not identical)
At a quick glance when you are not paying attention you may miss this. In this example you can see the email is actually coming from goviau instead of govia.com.au.
Hover your mouse to check the website address before clicking
If you hover your mouse over any link it will give you a preview of the website address it is going to take you to. Any legitimate emails will take you to the logical website. Spam and virus emails will take you to a complex link that often has nothing to do with the company directly.
In this example, whilst "sharepoint" is a legitimate Microsoft service that companies use, it is highly unlikely GoVia would use a sharepoint site to deliver their invoices, particularly an unsecured guest access link that contradicts the requirement for sign in. When you click on the link, your browser begins downloading statement.zip immediately.
At this point you may have now downloaded or are about to download the virus on to your computer, but you are not yet infected until you open and/or run the attachment. Once you run the file the virus will have infected your computer and likely begin encrypting your files and compromising your security and privacy.