Fighting spam and malware is always fun. Here’s one that I thought was worth sharing.
Let’s say your name is Jim and you get this email. It looks like this Michelle knows you but you can’t really remember who she is. Since you have 8,641,037 friends on Facebook, you decide to trust the email (it’s not perfect, but it’s not as full of typos as typical spam, so that’s a start!).
But, before clicking anything, you take a closer look:
In the second line you read, ‘how’s your work with Gyros and Triple D Communications?’ Since your email is jim@gyrddd.com, the information probably either:
a) Came from an infected computer that has your address in the contact list, or
b) It was ripped from some business directory on the web
By checking the website main page, you see that you get redirected to the same domain name, but it’s .com instead of .net (and the .com site looks legitimate). So, do you feel safe and want to click on the link? Okay, do it.
Clicking the link pops up a ZIP download called ‘wedding.zip’. You save the file to your temp folder, scan it using 3 AV scanners and nothing is reported (FYI we checked it ourselves and nothing malicious was detected at that moment). But, when you open the archive, you see 2 files called Wedding1.jpg.exe and Weddin2.jpg.exe. So, these files weren’t so innocent after all J.
We’re seeing more and more personalized scams like this where the goal is to gain your trust in the content, even if you’re not sure about the sender. And the more confident you are, the greater the chances that you’ll open the attachments!
Enjoy your slideshow Jim!
Or better yet, get yourself some spear phishing protection.
Leave a Comment