We had some fun around here last week that provides a great opportunity to talk about false positives with security programs. Our customer service came into work to a bunch of emails from concerned customers who had this warning from their Norton Websafe security program.

norton-warning

I started to do a little investigating and discovered that Norton said the issue was a potential phishing attack. A phishing (pronounced like ‘fishing’) is an attempt to trick someone into click on a malicious link or to get them to reveal private information by impersonating a legitimate company.

norton-warning-phish

A closer look showed me what Norton thought the problem was.

norton-warning-google-docs

We published an article teaching people the basics of the Google Docs office suite and Norton didn’t like that a bit. Why?  Because some crooks use fake Google Docs attachments to emails to trick people into downloading malware, spyware, and ransomware. Here’s an example below of a scam email with a “document” attached.

potential-ransomware

potential-ransomware-purchase-order

To detect potentially dangerous sites, Norton (and other security companies) use  an automated program that scans for keywords. It can’t tell the difference between a Google Docs attachment in a scam email or an article about how to use Google Docs.

It’s actually not uncommon for us to see newsletters directed to spam folders or flagged as potentially harmful because we have an article about a security threat. The article will often tell you what scam emails say and the automation sees those words and tries to block the message.

Sometimes you’ll see this issue when you’re attempting to install drivers or other software. Your security software isn’t exactly sure what it is, but it can detect that it wants access to your system, so it just flags it.

So how do you know if you’re getting a false positive?  If it’s a site you’re familiar with, contact them to see what’s going on. If our readers hadn’t let us know, we would have been in the dark. It’s not like Norton tells you that you’ve been flagged. This is an area where your best judgment has to come to play. Is it a site or a person you trust? Is there a way to look into the issue?  If there’s an option, it’s also a good idea to mark an email as “not spam” if you have that option. Some security software allows you to leave your feedback about a safe. If you feel it’s safe, let them know.

As always on the Internet, proceed with caution, but remember that even the very best security software is not perfect.

~ Cynthia