We are near the end of 2019 and email scams still remain one of the top three causes of data breaches for individuals and businesses. These threats are serious to everyone, but even more so for industries with sensitive data, such as the healthcare industry.
The Federal Trade Commission reports thousands of email phishing attacks daily. While there are many types of email phishing scams, one of the preferred methods used by hackers is to hide macro malware in an attachment of a seemingly innocent email.
All it takes is one individual opening a scam email and its attachment for malware to worm its way into a system and attack all connected computers and servers.
What is a macro and how can it harm you?
When first created, macros were considered extremely helpful to speed up processes within Microsoft Office or any application that uses a programming language. Users utilize macros to automate frequently used tasks for ease.
Co-opted by hackers almost immediately, macro malware take advantage of VBA (Visual Basic for Applications) programming to spread viruses.
When an infected email attachment is opened, the macros run and malware embedded in the VBA will strike, either relaying sensitive data back to the hackers or rendering a system inoperable. Such situations can be detrimental to any business and its customers.
Recognizing an email scam and protecting yourself
Spotting a possible scam in an email and taking the steps to prevent it is a surefire way to avoid uploading a virus. These attacks can be hidden in emails that mirror companies or individuals you frequently are in contact with.
They can be sent by people who are unwilling and unknowing participants or they can be fake. The subject might be too enticing to ignore. When receiving emails:
- Don’t open anything that looks odd, whether from a known or unknown source
- Look carefully at who sent the email and how many others received it
- Teach yourself and your employees to recognize suspicious file attachments
- Delete questionable emails right away or notify your IT department and follow their instructions
- Train your employees to recognize and block possible scams
- Use a strong security system that employs spam/junk filters, email encryption, and a good antivirus program
- Make sure your business utilizes data backup
Ultimately, what should you take from this?
Because of the simplicity of macro malware (aided by human error (in judgment) when opening such emails), Paubox and others leaders in email security consider macros flawed and unnecessary. The most obvious way to avoid macro malware, then, is to avoid macros in general.
In fact, Paubox Email Suite Plus goes the extra step and scans each email for macros and sending it to quarantine for review to prevent errant clicks. Protecting yourself and your employees in the short-term will help keep your organization from costly breaches.