How to spot a suspicious email

We have been blogging about the Crypto Virus for some time now because of the serious nature of this threat. We want to make sure that your business and employees are armed with the knowledge of how to handle a suspicious email and attachments. In the example below, you will see a perfect example of how to handle a suspicious email.

Steps followed by one of our clients employees:

  1. They identified that someone sent them an attachment that they weren’t expecting.
  2. The email subject line had nothing to do with the interior email context.
  3. They did not open the attachment
  4. They forwarded it to us to double check. The Help Desk is always happy to check for you.

After we received the email we did some testing and found that:
The Word Document had an “Enable Content” button. This enabled “Macros”. This is how the infection would have had permission to infect your computer. suspicious email
This document may not be recognized by an AntiVirus or Malware software.  This may have been because the file itself was not a virus but instead contained code to download the virus once the “enable contents” had been clicked. This would prevent any scan from listing it as a virus. So if the scans come back clean, but you’re still worried, please feel free to call us.
We do not know what this infection would have done, but a common approach with files like this, is to encrypt all of the files that it can reach and then require a password to unlock. The creator of the infection would then demand a ransom to unlock the files for you. This infection can spread throughout your office to other PCs, servers, or external drives. These types of infections can take hours or days to correct at times and can be very costly.

Please make sure you’re being careful of attachments in emails you’re not expecting – even if you know the person. You can always check with the person that sent you the attachment or please feel free to reach out to our Help Desk if you have any questions. 563-441-1504.

Tags: ,