Dissecting Your Email

Over the past 6 months I’ve seen an increasing number of emails containing links to malicious websites, fake Google Doc invites and some containing attachments with malicious content. Some of these emails are obvious to catch while others are more difficult. This page should hopefully help you understand what to do when you find yourself in an email “pickle”. Do you click on the link or not? Do you open the attachment or not? Read ahead for some helpful information.

First, a little blurb about Malware

Malware is a general term for software designed to do harm to a computers and computer systems (Virus, Worm, Trojan, etc.). Malware is written by an attacker to do a number of possibly damaging tasks on a computer. These tasks could range from data collection to turning your computer into a “Zombie” to help attack a larger target somewhere else in the world. The code in the software that an attacker writes contains a signature (something unique and detectable) and once the signature is found and entered into a database it can be detected in the future. The bank has hardware and software in place that watches for these known signatures in your email and the files you download and blocks or removes them when found.

Is the email safe to open?

Technically, yes, it is safe to open the email. There are extremely few cases where it will be dangerous to open an email, even if that email contains a malicious attachment or links that could direct you to an infected website.

Perhaps you may have noticed in some of the email you receive that GroupWise blocks the images from displaying. This is a good thing! Crooks are actually embedding code in images that can harm your computer. This feature gives you an opportunity to think before you act. If you are sure the email is from a trusted sender, go ahead and click the link to display images.

How do I know if the links are safe?

Determining whether a link is safe really isn’t that difficult, in fact it’s quite simple. You just need to know where to look. The bank’s email client, GroupWise, has a built in feature that allows you to check a link before you click on it.

Once you open your email and see there is a link, move your mouse over the link. After doing this look at the bottom left corner of the email window. You should now see something that looks like http:// with some additional content beyond the slashes. This tells you where the link is going to take you. Does the link fit the content of the rest of the email? Does it go to the website advertised in the email?

Should I open the attachment?

Many of us receive email with attachments from customers and other contacts. For the most part these will be safe to open because our Sophos Email Appliance will remove attachments that are detected as malicious. However, there are cases where the appliance will not yet contain the code necessary to block a dangerous attachment. This is why we have to be on top of our game. It really is up to us to be suspicious or not. Many times, asking yourself if you were expecting a document from this contact will eliminate a lot of the risk.

Should I just delete it or contact IT?

Yes! Even if it’s obvious that the email is a scam please contact the IT department. It’s important for us to know what’s slipping past our defenses.

Remember what you read in the section above, "First, a little about Malware "? If something got through we need to be able to send a sample to the vendors that provide our security software and hardware. This way they can find the "signature" of the malware so it's detected in the future.

Example Google Doc Emails

Which one is the legitimate Google Doc invite?
Click for a list of things to look for.