This can’t be stressed enough, or repeated often enough. Just got an email today in my business account that looked like this:
Dear Sir/Madam,
The attached payment advice is issued at the request of our customer.
The advice is for your reference only.
Yours faithfully,
Global Payments and Cash Management
HSBC
***************************************************************************
This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.
***************************************************************************
Security tips
1. Install virus detection software and personal firewall on your
computer. This software needs to be updated regularly to ensure you
have the latest protection.
2. To prevent viruses or other unwanted problems, do not open
attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of
this payment as soon as possible.
***************************************************************************
*******************************************************************
This e-mail is confidential. It may also be legally privileged.
If you are not the addressee you may not copy, forward, disclose
or use any part of it. If you have received this message in error,
please delete it and all copies from your system and notify the
sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability
for any errors or omissions.
*******************************************************************
“SAVE PAPER – THINK BEFORE YOU PRINT !
ttcopy.zip
Unfortunately, far too many people will be stung by a generic sounding email like this. “Wow, someone sent me money!” will be the initial response, and they’ll happily unzip and execute the attached “payment notice.”
Unfortunately that attached file is not a payment notice, but an executable file (a program) which will infect your computer with malware, adware, spyware, and heaven knows what else; turn your machine into part of a robotic network (a botnet) for spreading spam and viruses, search for passwords and sensitive financial data, encrypt all your files and demand a ransom to unlock them (this is a particularly nasty one), or any number of other unholy things.
Image may be NSFW.
Clik here to view.
I’m going to shout here: NEVER OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW AND TRUST!111
If WordPress supported blinking text, I’d use that obnoxious tag too, just to make sure I had your attention.
Be especially wary of any file that ends in “.exe”. This is one of the basic rules of safe computing, but far too many people don’t know about it. One of the worst things Microsoft ever did was to suppress the display of file extensions by default, assuming people didn’t care or wouldn’t understand what they are for. As a result, far too many people are simply ignorant of the dangers inherent in clicking email attachments that could be programs. All they would see in the above message would be “ttcopy.”
Notice the ironic security warning in the body of the email itself: “To prevent viruses or other unwanted problems, do not open
attachments from unknown or non-trustworthy sources.” This is misdirection at its finest; people will be grateful for the warning, if they even bother to read it, and happily execute the malicious payload.
The executive summary here: NEVER OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW AND TRUST!
The Old Wolf has spoken.
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
