What to do when … you receive a fishy email

A ransomware note that appears when a malicious email is opened on a computer. The computer's files become inaccessible until the ransom is paid. Photo: Bleeping computers

Recently, the News received a chain of hoax emails leading to malicious websites that infect computers with viruses, worms and ransomware, potentially costing the company thousands of rand to fix.

This follows the worldwide ransomware attack during June this year. Ransomware encrypts files on your computer, making it unusable to its owner until a certain amount of BitCoin is transferred to an account.

Those who do click on a malicious email attachment containing ransomware receive a notice which looks like this:

A ransomware note that appears when a malicious email is opened on a computer. The computer’s files become inaccessible until the ransom is paid.
Photo: Bleeping computers

The most recent display of this reality was that of the ransomware infection called Petya (released on 27 June). Petya rapidly spread across the globe encrypting thousands of computers in a variety of industries including government, telecommunications, education, healthcare, transportation and manufacturing, and more may still become affected.

There has also been an increase in what is known as ‘spoofed’ emails. This means that an email that appears to be from a legitimate domain is actually sinister in nature.

A hoax email containing malware. The News haven’t made any contact with Sanku consulting and didn’t expect any purchase order from them. After being scanned with anti-virus tech, the News discovered the attachment contains malware.
Photo: Screenshot of email.

To prevent other people suffering the same fate, the News has compiled a few tips on how to identify malicious emails and how to prevent these from infecting your computer.

An example of a hoax email containing malware. Notice that it’s signed Lowvelder Pty Ltd. The Lowvelder is not a Pty Ltd business.
Image: Screenshot of email

How to identify suspicious/ malware emails:

1. Check for spelling mistakes within the email. Large, well-known companies are unlikely to make these mistakes.

2. If you’re not expecting an email from the company, don’t open the attachments.

2. Google the company name and see if it’s referred to correctly or actually exists; for example, Lowvelder Pty Ltd (The Lowvelder is not a Pty Ltd).

3. Check if the icons used on the emails are high resolution … perpetrators use screenshots to copy company logos.

4. If the email contains a contact number, call it to ensure that’s a safe source. Do this before you open the attachments.

5. You might receive quotes from random places that you didn’t request.

6. Check the To box: if it states ‘Undisclosed recipient’ it could be fake.

7. Check for the following names : Melanie White, Andre Barnard, Zozibini Notununu.

8. Also check if the word ‘Proforma’ appears anywhere in the email.

9. Delete any suspicious email immediately. Don’t open any attachment in these emails.

10. Beware of emails from people you don’t know.

11. If you’re not sure whether an email is safe to open, let an IT professional take a look at it before you open the attachment.

Another hoax email. Note that the ‘To’ box states ‘undisclosed recipient.’ A specific quote would be sent directly to your own email address and the ‘To’ box will contain your email address.
Photo: Screenshot of email

Prevention is always better than cure. To prevent malware from infecting your computer and to be prepared for when it happens, follow these tips:

1. Have robust, up-to-date antivirus software on your computer and ensure all firewalls and software are updated regularly.

2. Back up all your data. 3. Ensure that all servers are patched with Microsoft patches.

4. Use complex passwords containing numbers, characters and symbols.

5. Run accredited Total Security endpoint protection (not just anti-virus programs)

Lastly, any email you are unsure about, should be looked at by your IT department to determine if the sending server is legitimate, and if email attachments or links look suspicious, do not click on them – contact your IT service desk team immediately.

For more information about ransomware or any other encryption-related problems visit the Mondi website at www.mondigroup.com or contact Mondi in Merebank on 031 451 2164.

Do you perhaps have more information pertaining to this story? Email us at [email protected] or phone us on 011 955 1130.

For free daily local news on the West Rand, also visit our sister websites: 

Randfontein Herald

Roodepoort Record

Get It Joburg West Magazine

Remember to visit our FacebookTwitter and Instagram pages to let your voice be heard!

Bianca Pindral

Latest News