Emotet malware

You may have seen my recent emails warning everyone to use extreme caution when opening attachments from 3 Labmed staff and wondered what was up. The pcs used by these 3 individuals were infected by a malware called “Emotet” back in April.

Some background on Emotet. It first appeared in 2014 and targeted the banking industry, but it soon morphed to become a threat to everyone. It is spread by email, in particular malicious attachments or links. The emails use a technique called “phishing” which is a type of “social engineering.” The point of phishing and social engineering is to trick you into revealing personal information, often financial data.

Emotet is very clever. For starters, it is “polymorphic,” which means that it can change dynamically to avoid detection by anti-virus software. It also connects to a server to get updates in the same manner as legitimate software such as Windows operating system. Emotet can also be used as a “trojan,” which means that it has the ability to download other malware to the infected pc.

So what happens when your pc gets infected with Emotet? In our particular case, what happened was that Emotet stole email data including contacts and message contents. It then used this information to generate emails that contained malicious attachments. Because these emails contained snippets of real email conversations, they were hard to recognize as fake.

What can you do to prevent Emotet infections? The most important thing is to approach email with skepticism. If something seems off about an email, go with your gut instinct and do not open any attachments or click any links. It’s fairly easy to fake sender name and even address, so these elements cannot be relied upon to confirm legitimacy. If you’re not sure, report the email to IT. Another thing you can do is call the supposed sender on the phone and ask them to verify that they sent you that specific email.

Happy Data Privacy Day!

Data Privacy Day (Jan 28) is almost upon us. Here are a couple ideas about how to celebrate by being more secure on the internet.

Take a moment to back up your important files! Whether you use a local USB drive or cloud storage is up to you, but be sure to use encryption for all confidential data.

Set up two-factor authentication (2FA) on your personal accounts. 2FA is a way of protecting your accounts beyond just a password. It typically involves using SMS text or a mobile app to sign in. Apple, Google, and Amazon all offer 2FA. Your employee data is already protected by 2FA in Workday.

Update your online account passwords. The most important thing to do is to always use unique passwords. Re-using passwords across systems puts you at higher risk for account compromise.

Secure your mobile phone and home computers by keeping up to date with operating system and application updates. Never download apps from sources other than the official Apple App Store or Google Play. Set a strong passcode on all mobile devices.

Be skeptical about any emails you receive about accounts or taxes. There is a heightened risk of tax scams this time of year. Your biggest clue that an email is a scam is if it is unsolicited and unexpected, especially if it contains a link or attachment.

Be careful when using public WiFi networks, which may be unsecured or compromised.

Check your credit reports for free through the Annual Credit Report website.

Check the FTC website regularly for scam alerts, including telephone scams.

Visit Stay Safe Online for tips on protecting your data online.

If you have been a victim of identity theft, learn more about recovery on the Federal Trade Commission’s IdentifyTheft.gov website.

Email roundup- what’s fake, what’s real

Sent via email on 7/2/17.

Confirmed legitimate:

  1. Workday- You can tell that these are legitimate because the links in the body of the email are for domain myworkday.com/uw/. Also, when the UW login screen pops up, the address is idp.u.washington.edu. Note that there are known scams related to Workday, so make sure to hover your mouse over the links in any Workday emails you receive to make sure they go to our Workday site and not a fake site.
  1. UW Athletics- You can tell that these are legitimate because the links in the body of the email are for domain uwathletics.fan-one.com. Per the UW Athletics dept, they have a new ticketing system and are sending out new system activation instructions to everyone who has used their system in the past.

 

Fake Fake Fake:

  1. American Airlines order confirmation email saying that your credit card was charged. The intention is to alarm you and fool you into providing your credit card info on the malicious website. Similar scams involve Apple and Amazon order confirmations. If you receive an order confirmation email and don’t know if it’s legit or fake, I recommend that you log onto the vendor website via bookmark or Google search rather than clicking on the link contained in the email.
  1. The usual phishing emails targeting UW accts. The latest one is called Unusual Login Attempt and has a link to the malicious website http://universityofwashiington.weebly.com/. Note that the domain of this link is not a UW domain (it’s weebly.com), therefore it is malicious.

 

Tips for staying safe with email

Tips for recipients:
*The key thing to watch out for is unsolicited email. Unsolicited means that you were not expecting it.
*It doesn’t matter if you recognize the sender or not- sender name and address are easily faked.
*If an unsolicited email contains a link or attachment, do not click link or open attachment unless you can verify that the sender sent you this exact email. It doesn’t matter that they have sent you emails in the past.
*Checking on unsolicited emails does take extra time. But it might save you from getting phished or having your computer infected with malware, both of which are time-consuming problems to fix.

Tips for senders:
*To the extent possible, don’t send emails with links or attachments. Instead reference where the link or document is on a shared resource. Example: “To log onto the UW Employee Self Service webpage, please use the link on the Clinical Lab Links webpage under the UW Resources header.”
*Never send unsolicited emails with links or attachments. Always let your recipient know ahead of time if you will be sending a link or attachment.
*Never send links to secure systems that require login. This trains recipients to click links in email and log in when prompted, which is a key component of phishing campaigns.

Let’s do everything we can to keep ourselves and our co-workers safe!