A Sample of the Malicious Email Message
From: Bank of Jamaica mails@ jm.boj.com
Subject: Urgent Announcement from Bank Jamaica
Please find enclosed the New Transaction Guidelines set by the Bank of Jamaica for Individuals and Companies, effective from Tuesday, 1st March 2016.
Bank of Jamaica
One of the easiest ways to get a malware infection is simply by opening an email message or an attachment. One of such malware is Ransomware. Presently ransomware has been impacting various organizations in Jamaica.
What is Ransomware? - It is a type of malicious software designed to block access to a computer system until a sum of money is paid.
The present Ransomware making its round is Locky and it arrives via the following methods:
- You receive an email containing an attached document (Troj/DocDl-BCF).
- You receive an email with a link
- The document advises you to enable macros "if the data encoding is incorrect."
What To DO - Best Practices
For optimum security when using email, please follow these best practices:
- Think Before You Click: Delete suspicious emails without opening them, such as those from unknown users with attachments, or with embedded links;
- Do not open attachments that end in an unrecognized or potentially harmful file format (Examples: .vbs, .exe,.com, .shs, .bat, .cmd,.inf, .sct, .vbe, and .vb);
- Use antivirus software with an up to date signature file and the "Auto-Protect" feature enabled to ensure all files are automatically scanned;
- Ensure your email application does not automatically download pictures when you open or preview email messages or RSS items;
- Never forward emails that you think may be infected with malware; and
- If you suspect that your computer is infected with malware, contact your Help Desk immediately for assistance.
Remember, hackers use intriguing email messages that seem to come from someone you know to encourage you to open infected attachments (an example of the email that is circulating is attached). Pay close attention to the sender which says Bank of Jamaica <firstname.lastname@example.org>, which looks realistic, however it is not as BOJ's domain is actually <boj.org.jm.>