7 Steps to Avoid Email Malware

Have you received an email from a bank stating you need to update your records because they've upgraded their system? Strange thing is, you don't actually have an account with this bank. Yeah, I see you spammer. DELETE.

But how do you spot an attack when it comes from a company you use?

Fake Phone Bills

Scammers like to frighten us. They create a bill for an astronomical amount, and wait for us to react to it. Let's face it, if we're billed for five times what we owe, we will react promptly. Since nearly everyone on the planet has a smartphone these days, or at least a cell phone that does more than take calls, scammers have chosen fake phone bills as an easy method of attack.

A typical scenario looks something like this. As a smartphone customer, I receive a $400 e-bill, for one phone line. Hey - I have an unlimited plan; this is a huge mistake! I must get this cleared up immediately. Oops - now I've clicked a link into the black hole of viruses and Trojan horses.

ADP Bombarded

If your firm uses ADP for any account maintenance, pay close attention. Scammers have been sending out emails with the subject line consisting of everything from "Digital Certificate Expiration" to "ADP Funding Notification - Debit Draft."  These emails are designed to make you think your account will be inaccessible or that they've drafted something they shouldn’t have. Again, the idea is meant to urge you into action.

It seems new ADP-themed spam is popping up daily. Luckily ADP is trying to stay on top of this mess. You can visit their security alerts page for a list of the existing scams affecting their customers.

Fax and Voicemail to Email

Many offices are using fax from email features in their telephone systems. This time and money saving feature has become another way spammers can sneak their malware into systems. The fake fax email, identifiable with a suspicious source and unfamiliar layout, will most likely contain the dreaded malware instead of friendly correspondence from clients.

Some of us receive our voicemail through our email as .WAV files so we can listen to the message anywhere. Spammers are taking advantage of this and creating fake voicemail files to send to unsuspecting victims containing malware instead of voicemail. It can be most effective if you aren't paying attention to the sender and format.

What to Look For

Taking time to analyze the suspicious email will usually provide the clues to indicate that your email harbors spam malware. Here are some steps to avoid the traps:

1. Look at the "From" addresses. Most legitimate emails have some sort of "Do Not Reply" attached to the "From" email address. Also, spammers often tweak the domain for the email address (@company.com) so that it doesn't match the legitimate website.
2. Look at the additional "To" addresses. Spammers like to copy other people in the company, even former employees (whether or not the email address is correct).
3. Know your systems. If you receive faxes and voicemails via email, be familiar with how they should appear. Spammers typically create a generic "eFax" or "Voicemail from Microsoft Outlook" format that probably doesn't match what you're used to seeing.
4. Hover over links. If you hover your mouse over a link (point the arrow to it WITHOUT clicking), you'll notice that the URL that pops up above for the link is quite different than the text that appears. For example, an ADP flexible benefit account link would take you to www.flexdirect.adp.com, not a strange website such as "insertrandomletters"(at).de (Germany).
5. Never click. Every IT professional has been preaching this since the dawn of high speed connections. Every link included in a spam email simply directs your computer to malware. Instead, go to your browser and type in the URL to visit your account.
6. Don't forward. Even though you may be trying to get the message out to warn your coworkers, you just sent everyone the email of live links and exponentially raised the likelihood one of them could get accidentally clicked.
7. Ask for guidance. If you receive something that you aren't sure is legitimate, send it to your IT department. They can research the issue for you and let you know how to proceed. If you don't have an IT department or technology guru on staff, consider a few options to help find answers to your questions.
   • Google. Often simply searching a suspected spam email will bring up a list of sites with the same problem. Someone else's extensive research will answer your question perfectly.
   • Technical newsletters. Finding a resource to give you a heads up before you run into a problem is invaluable. The ABA's PMA Pipe, an RSS feed, compiles the practice management blogs of bar associations across the county to provide tips and warnings to keep your practice safe.
   • Center for Practice Management. The NCBA's Center for Practice Management has technical resources available that are designed with lawyers in mind.
   • Hire a consultant. Having a professional you can rely on is never a bad idea. Not only can your technical consultant help you with the issues of email malware threats, they can offer advice of what protective software is needed to help prevent infection.
   • Have an IT friend you can call. Perhaps you know someone who is a computer guru. Most computer gurus are more than happy to answer questions about proper safety precautions and how to handle certain situations. Computer gurus prefer to prevent malware problems than clean up the mess of an infection.

These steps can help protect your computers and your client information from the perils of a malware infection. If you have more questions regarding email scams, please contact Lawyers Mutual.  

Samantha Cruff is the Marketing Communications Coordinator at Lawyers Mutual. Contact Samantha for information regarding our available risk management publications at 800.662.8843 or samantha@lawyersmutualnc.com.