Keeping Spam Away From Your Business

By Juan MartinezFeaturesPCmag

When you think of spam, you might typically associate it with junk emails going into your personal inbox. Unfortunately, spam can also be used to infect organizations with malware designed to cripple networks or pilfer valuable data. If you run a small to midsize business (SMB) or manage an IT team, it's crucial you understand the ways in which spam can be used to threaten your company. It's also imperative that you be on the lookout for spam so you can deflect attacks. You should also enlist your employees to help you defend against spam by telling them what they need to look out for when they open their inboxes.

Continue Reading Below

In this article, I'll explain the business ramifications of spam. I'll tell you what spammers are doing to try to get into your network right now, and what your employees should avoid before and after opening new email messages.

1. Business Email Compromise (BEC) Attacks There are a broad set of business-targeted spam messages that range in severity, said Tom Landesman, Security Researcher at Cloudmark, a company focused on providing threat protection software to businesses. Probably the most noticeable and annoying attacks are unsolicited advertisements for business services (such as custom search engine optimization or SEO), email blasts, or budget travel services. These attacks waste time and clog your company's inboxes, but they won't cripple your business the way other, more severe attacks will.

One example of a severely dangerous attack is a business email compromise (BEC) attack, which "targets a business with highly tailored scam messages intended to maliciously extract something from the victim business," said Landesman via email. These emails typically impersonate the company's CEO and are directed at a finance team member. "The message will urgently ask for a wire transfer to be made to a foreign business that the company is supposedly doing business with," said Landesman. From late 2013-2015, more than 7,000 of these attacks occurred in the US, totaling losses exceeding $740 million, according to FBI data.

Landesman said a new form of BEC attack has emerged this year in which attackers trick businesses into sending W-2 tax records associated with the company's employees. Scammers use the W-2 information to steal social security numbers for identity fraud and to file the victim's tax return in order to steal any possible returns. Cloudmark witnessed roughly 60 businesses fall victim to this scam this year.

2. Ransomware It's not only the email itself that can cause trouble. The documents attached to these emails can be embedded with malicious content that infiltrates a computer or a network and threatens to shut down an entire system unless a ransom is paid.

"Criminals have continued to evolve the ongoing macro-enabled document attack vector over the past few weeks," said Landesman. "Cloudmark observed two new file extensions used to deliver booby-trapped office documents: .dot and .dotm, also known as Microsoft Word templates. Word templates have the ability to enable embedded macro content, which the criminals have briefly experimented with using in May to deliver payloads including Cerber ransomware and Dridex."

Cerber ransomware, when installed, typically demands a ransom payment to decrypt the infected file. If the ransom is not paid within a certain amount of time, the file will continue to be encrypted and the ransom amount will double. Cerber attacks can infect most common file types such as image or text files. Dridex is typically seen in the banking sector and most commonly infects Microsoft Office documents. Dridex attacks steal credentials and personal information on whatever system has opened the Office document.

3. What You Can DoOnce malware or ransomware has infiltrated your system, you'll want to enlist the help of an endpoint security system to help you undo some of the damage. If you're hoping to be more proactive, working with anti-spam companies such as Bitdefender, Cloudmark, Kaspersky, and Symantec is a great start.

But you'll also want to enlist the help of your employees as they will be on your front line of the war against spam. Here are six things you'll want to tell them to do:

If you follow these steps and enlist the help of partners, you'll probably be safe from spammers. But it's important that you keep a close eye on the news to help you stay aware of innovative ways hackers are targeting companies like yours. The battle never ends.

This article originally appeared on PCMag.com.