Secure email practices: how to prevent your device on becoming a zombie?

Botnet !

Has your computer been acting weird lately? Running slower than usual? Any inexplicable error messages popping out randomly? Is your fan going into overdrive even though your PC is supposed to be idle?

We do not want to alarm you, but there’s a slight possibility that your computer was turned into a zombie. That’s why secure email practices can greatly help you staying protected.

“Zombie” is the term used when an attacker takes control of your computer without your knowledge. It either steals your data, or makes your computer do things that it normally shouldn’t. It can send out spam or even worse steal your sensitive information and attack other computers.

Zombies

A zombie computer is similar to a traditional Trojan horse (bad code wrapped inside normal behaving code). Instead of only installing a keylogger and stealing your personal data, zombies will work with other zombies. They form what is called a botnet or zombie army.

The term botnet comes from combining the words ‘robot’ and ‘network’. Botnets are entire networks of computers controlled and instructed to do a bunch of things, such as:

  • attack other computers (for e.g., DDoS)
  • send spam or phishing emails
  • deliver malware (ransomware, spyware, …)
  • Commit advertising fraud
  • other similar malicious acts…

All this can happen without you having the slightest idea about it. All it takes is a browser plugin update you just keep postponing or clicking on a link you don’t know where it leads you to, …. In these time of extreme busyness and short attention span, the odds are forever in the cybercriminals’ favor. Now imagine what an army of millions of computers can do through coordinated attacks.

Secure email practices can help you in avoiding devastating consequences

Source (http://creativecommons.org/licenses/by-sa/3.0), via Wikimedia Commons

The foremost vector of malware spreading are emails, for e.g., Locky, a recent ransomware that was distributed via emails to nearly a million victims. Moreover, clever cybercriminals are now using the power of encryption to bypass the conventional virus scanning and spamming checks — making malware (almost) undetectable.

Following secure email practices will decrease the chances that your device becomes a zombie.

  1. Don’t click on any suspicious link you’re not sure of / or don’t know where it leads — not even the ones you received from friends or family or social network buddies. Their accounts might have been compromised. It’s safer to be patient and ask them what it’s all about, before rushing into clicking on the link. Check this blogpost for more details.
  2. Do not download any attachments that you never requested
  3. Avoid opening spam messages — and especially don’t click on links that say ‘click here to unsubscribe/etc…’ as they will mostly do the opposite (run a malicious program, …)
  4. Beware of browser plugins/add-on’s and non-trusted apps — and avoid giving them unnecessary permissions.
  5. Don’t use pirated, cracked, or otherwise illegal copies of programs — only download them from trusted sources.
  6. Pay much attention when opening content from encrypted emails — as encryption could have been used to hide malicious content.

Remember: there’s no full-proof prevention mechanism here — the key is caution !

Reclaim your email privacy!

Check blog.mailfence.com for having the most recent version of this blogpost.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team