Below is an example of the kind of scam email I get in my inbox several times each week. The gist of it is that I have some document to review, some bill to pay, some fax has arrived. What can possibly be the harm in looking to see what it is? How about losing all your documents, financial records and customer data on every machine in your office?
Inside the zip file that you see attached to the bottom of the message is a JavaScript file. Opening the zip file might be enough to trigger it but certainly clicking on it would have run malicious code on the computer. A recently introduced JavaScript virus recently wiped out every file, including backups, at another business. No doubt there are many more examples of this happening every day. And note the completely disingenuous Avast Antivirus item at the bottom.
My antivirus did not recognise this payload as a virus. That means it is either written in some ambiguous way that the antivirus can’t detect or it’s what’s called a 0-day virus, one that the antivirus companies don’t know about yet because it was only introduced today. The lesson here is that your antivirus is only one aspect of your protection, your people have to be trained and alert to both targeted and opportunistic scams coming in via email.
Hartland Computer’s Two-Hour Security Review can help your small business identify vulnerabilities and avoid downtime.
