How are “You’ve Been Naughty” Emails Getting to my Inbox?

For several months now, hackers have been sending emails that might make some people nervous. They claim to have compromising images or video of you that they’ll distribute if you don’t send a bitcoin payment within a specified time frame. Some include reference to a password you would recognize, which lends to some sense of credibility.

Filters are Like Fishermen – Even the Best Can’t Catch Everything

Even with the best spam filters in place, there are bogus emails that will get through to your inbox. When asked why that is, our Senior Network Engineer and Certified Ethical Hacker Jeff Mertz explained, “When emails are all text (and they change the text for every iteration) and they are sent from different hijacked email addresses, they are very hard to filter out. They have spaces missing between words or slight misspellings of keywords you would have a logic-based filter on (example: word AND word AND word), so a filter won’t actually get those words.” emailfilter

There are some words that frequently appear properly spaced and properly spelled in a spam message, but they can’t necessarily be filtered out because they could also be part of legitimate emails. Words like “password” and “hacked” can come through in important emails that need to make their way through to your inbox, so they can’t be used to filter out bad messages.

One word that you might not use in your electronic communication is Bitcoin. If you’re reasonably certain you won’t ever have a meaningful message with that word, you can create a rule in Outlook that would push emails containing it to your Junk Mail folder.

Home > Rules > Create Rule > Advanced Options > check “with specific words in the body” > click “specific words” in Step 2 > enter “Bitcoin” in the first field > click Add > click OK > click Next > check “move it to the specified folder” in Step 1 > click “specified folder” in Step 2 > highlight Junk Mail > click OK > click Next (choose any exceptions, if applicable) > click Finish

This process is for newer versions of Outlook – if you are operating a different email client, a simple Google search will show you how to accomplish the same outcome.

The Best Defense is a Proactive Offense

Phishing emails, cyberattacks, and cybersecurity tools are constantly evolving. One thing that hasn’t changed since the beginning of internet time is the importance of using password best practices. A strong, regularly updated password (different for each account) is your first line of defense against hackers – no matter how creative they think they are.

Ongoing security awareness training is also critical to reducing an organization’s risk of falling victim to a cyberattack. Mandatory, regularly scheduled training for all computer and email users is a best practice employed by many of the most secure businesses.

At Safety Net, each new associate attends security awareness training on their first day, and every member of our team attends a full training session once a year. We conduct the same annual training for our clients as part of our Security-as-a-Service offering.

Bottom Line

No matter how advanced your spam filtering is, there will always be questionable messages that make their way through to your inbox. Never click on a suspicious link, steer clear of opening attachments you aren’t expecting, and don’t even think about sending money to an unknown individual or entity – even if you have been naughty!