back to article You have to be very on-trend as a cybercrook – hence why coronavirus-themed phishing is this year's must-have look

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch. "Cyber criminals don't have many operational constraints, so they can quickly respond to breaking events and incorporate …

  1. Mike 137 Silver badge

    An eight point plan

    In no particular order:

    [1] don't open an attachment of, or follow a link in, an email you're not expecting;

    [2] verify email validity by inspecting the transport headers (ideally using automation)

    [3] in corporate systems, remove and quarantine attachments to emails from outside the enterprise;

    [4] either strip link anchors from email bodies at the gateway or expose them to view in the body;

    [5] employ a mail filtering service either locally at the gateway or in the cloud;

    [6] ditto for web requests;

    [7] never rely on workstation-based protection alone against malware;

    [8] educate everyone including the Executive in safe email usage.

    1. UCAP

      Re: An eight point plan

      The problem with point [2] is that very few people would know a fraudulent e-mail header if it leaped up and hit them on the head with a cluebat. That's the sort of knowledge that oldies lie myself (who have been using e-mail since the early days) have, but most youngsters sadly lack.

      The problem with point [8] is that, in my experience, you can talk to executives until you are blue in the face, but all you are going to get is a glazed look. Of course they all get very interested when they have screwed up, the s**t has hit the fan and the bottom line is taking a hit, although most of their interest is limited to finding someone (anyone) else who can plausibly be blamed. There are a few exceptions to this rule, but they are far and few between.

      1. Pascal Monett Silver badge

        Both of your observations are perfectly correct, of course, but even if a person doesn't know what email headers are, they can still tweak to the fact that the email they're reading is supposed to be from Microsoft and was sent from a Gmail account.

        You don't need to be a high priest to know that Microsoft has no Gmail account, and anyone in Microsoft sending "official" corporate mail from Gmail would likely see their career ended pretty quickly.

        A tiny bit of logic and observation is all that is required to avoid a vast majority of nasties, especially those that are not specifically tailored for you (as in phishing attacks - I would guess those are better conceived). Unfortunately, logic and observation are rare commodities these days.

      2. HildyJ Silver badge
        IT Angle

        Re: An eight point plan

        Simple solution to #2. Have an option in the email software to remove the "To" field and replace it with the actual originating email address. Make it a corporate group policy option.

  2. Lars Silver badge

    Stay pessimistic

    Stay pessimistic regarding words like, you won, love, congratulations, free, ££££, $$$$, .....

  3. Throatwarbler Mangrove Silver badge

    Bring back public flogging

    We need some more imaginative punishments for these scumbags, especially in these trying times. Summary execution is probably off the table (although who doesn't love a good beheading?), but perhaps we can hang the little toerags upside down in the public square while the poor raise money by selling rotten fruit to passers-by.

    For criminals beyond the physical reach of the law, I guess the Internet equivalent would be doxxing them on 8chan and letting the basement-dwelling hordes have their way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020