The most important part of Virus protection is common sense. 99.9% of the Virus’s we see come in via email and given a second look people always realise they never should have clicked the link, often its been an unfortunate coincidence in a weak moment when the user was busy.
General rule of thumb is if you weren’t expecting it – Question it. If its an invoice that you weren’t expecting, delete it – Fake invoices are a very common scam these days as people instantly feel offended they are being asked to pay for something they didn’t get or ask for so they click to complain finding out far too late the link is to a script that will execute a worm. If it was a real invoice then the sender is going to make contact again if they don’t hear from you – It would be nice if people gave up chasing money after the first ignored invoice.
Another common trick doing the rounds is a pdf attachment, you open the attachment and it reports to be a “Secure Document” that requires you to authenticate yourself. Think for a second, how would the sender know your username and password??? These offer links to use your Office 365 or Gmail login to authenticate, in reality they are wanting to steal your credentials and then take over your mailbox. I’ve seen some fairly sophisticated scams where someones email has been hijacked, they have then read through the mailbox history and contacted clients to let them know bank details have changed and provided new account numbers for any future bill payments. The account provided was one they had stolen the logins to but they needed a little more money on hand to steal.
So the rule of thumb is – If its not a typical business correspondence from someone you deal with regularly just go back and read it again, double check the sender address, click reply and see if the address you are replying to is the one that it was purported to have been sent from and the most import tip of all – Hover your mouse cursor over any links as this will show you the actual Web URL/Address clicking the link would take you to. Its very easy to fake a link – If you hover over the link below you’ll see what I mean.
If in doubt forward a copy of the email – We see a lot of this and 99.9% of the time they were dead right to question the email.