Do you wilfully let the bad guys in?

  • Team Omega
  • August 13, 2011

I saw this Dilbert sketch and chuckled a little, until I thought of an email that hit my inbox recently. Our work emails are filtered by two spam filters, so not much unwanted mail gets through. I received what looked like a legitimate invoice from a very generic sounding vendor name. At the top of the invoice it listed my full name, company name and address, and email address. The amount seemed reasonable, and it even had a html link to view a pdf of the invoice. I was already suspicious at this point, but I wanted to see how sophisticated this phishing scam was. I hovered over the html link to reveal that the link was actually for an executable file (RED FLAG). Upon further inspection, the legitimate looking sender email address was actually on behalf of a very long hotmail address (second RED FLAG).

All it takes are two clicks (one click on the link, and then another click to run the executable) for an unsuspecting individual to become a victim. Depending on the intent of the phishers, the attack could be immediately noticed because of pop-ups or poor system performance, or they could just be passively collecting information to be used maliciously at a later time.

Common sense plays a role here, but don’t downplay the role of spam filters, firewalls, anti-virus software, anti-malware software, and especially up-to-date security and software patches. Take a moment today to make sure that your AV is up-to-date, and that you aren’t missing any security patches on you computer.