Ask a Security Expert: When Should You Worry About Pop-ups, Spam?
Question: “Have I been hacked” or “do I have a virus?”
We hear these when users go to a website that has code built in that won’t let them easily leave the site.
A typical pop-up prompts to call a 1-800 number.
Combine with the first question “has my email been hacked?”
We hear this when users get a piece of spam that looks onerous.
-Kerry Grimes, Data Network Group, Inc.
Answer: As a general rule of thumb, when something looks and acts suspicious, it usually is.
Best practice here would be for users to immediately consult a member of your Help Desk team when they notice any questionable activity.
Beyond this, it is imperative for businesses to conduct security awareness training on a regular ongoing basis, so that employees and executives stay on top of emerging cyberattacks.
Surprisingly, the statistics show that the ‘smartest’ people in any organization are the ones most easily compromised.
On a regular basis, you can encounter suspicious websites riddled with pop-ups.
When this happens, it is best to shut down your browser or restart the computer.
Once the browser is free from the pop-ups, you will want to revisit your browser security settings.
From here, you will need to check if you have applied pop-up restrictions and perhaps apply stricter settings.
However, even blocking pop-ups and shutting down your browser often doesn’t help.
For instance, with Apple’s Safari’s browser, it’s quite a common ploy to have a persistent pop-up window asking you to call Apple 1-800 to help you get rid of the message.
This, of course, is a scam.
With Google Chrome and other web browsers, they either allow you to download an ad-blocking extension, or have other security and privacy settings that help further restrict the number of pop-ups you receive.
In some instances, there is not an easy ‘fix,’ apart from uninstalling the browser completely and then re-installing it.
Additionally, users often receive many spam emails – some of which are not caught by the email provider’s spam filter or your businesses email gateway.
This doesn’t indicate that the user receiving the email has been infected or breached.
The major concern here is phishing emails, which are one of the most common forms of social engineering and deception that hackers use to infiltrate a business.
Unfortunately for us, hackers use particularly deceptive phishing-attack methods, such as spear phishing, which impersonates a legitimate company, colleague or person you know, so your natural trust is being abused.
Always bear in mind that it is child’s play for a hacker to spoof a person’s email address. Spear-phishing will also involve gathering information about the recipient from public online spaces like Facebook, LinkedIn, etc.
So when you receive that email from your best friend, David, providing a link to your favorite sport or pastime, you need to be suspicious.
The deceptions are that good.
The best way to avoid becoming infected with these types of attacks is to use common sense and not click on anything that is coming from a source you do not recognize.
Also, be highly suspicious of unexpected emails from friends or colleagues who normally do not email you using your work address.
Additionally, check the “from” address of any suspicious emails.
Often, phishing attempts use a sender’s email address that is similar to but not quite the same as a company’s official address.
Check the URL by hovering over it, and rather than clicking the link – that could re-direct you to another website – type a legitimate looking URL into your browser.
George Anderson is director of product marketing at Webroot.
“Ask a Security Expert” is an occasional feature. Send tips and news to MSPmentorNews@Penton.com.