ATTENTION: Be very careful opening email attachments

Joe Link · Jan 28, 2015

You should always be careful opening email attachments, but I wanted to remind everyone today. As of this morning, I've received three emails that look legitimate but certainly were not. Improperly configured email and DNS servers can allow malicious people to 'spoof' email addresses, making it appear an email came from somewhere it didn't. If you do not know the sender, don't open the attachment. If you do know the sender, it's not a bad idea to contact them (even emailing them back is fine) and make sure they meant to send it to you.

Yesterday a severe Linux exploit named Ghost was revealed, and it took quite some time for the release of a patch. I'm not sure if this is related, but if it is, we may see more of this in the coming days.

Anyway, back to the example

Check this out - everything looks correct, including the 'From' address. Note the zip file attached.

Taking a closer look at the headers reveals that it actually came from what appears to be a dynamic comporium.net mail server, definitely not efax.

I'm not sure what would have happened had I opened this, but I definitely do not want to find out!

Stay safe everyone.

etrain16 · Jan 28, 2015

My general rule is - if I'm not expecting an email with an attachment, it never, ever gets opened until I confirm with the sender that it's legitimate. At the company I work for, they have a real problem with stuff like this and the amazing numbers of folks that open them without question.

Good advice Joe.

Monica Cowles · Jan 28, 2015

I address this threat when I teach the Refuse To Be A Victim seminars...always check out the actual address at the bottom of the email program when you hover over any links within a suspicious or even a 'legitimate looking' email, as well.
For a while I was getting emails from "Amazon", "FedEx", "LinkedIn" and "UPS"...but the links within the emails did not go to those sites....

308 · Jan 28, 2015

985 Page Fax =11KB?
That's a bit odd in and of itself

Just Jim · Jan 28, 2015

I don't have any financial information on my putor nor any personal information. All they are going to get is what they get from Google or criminals are us.

If somebody makes a false post in my name I could prove it wasn't me with my Internet service or my history on my putor.

There has been a lot of talk on other boards about phone calls to get computer information too, I think we should get used to the knowledge that computers are totally insecure. People are always spying so don't leave anything out there to use against you.

Stomper · Jan 28, 2015

Yeah, don't steal and don't spy. The government HATES competition.

BoonDocks36 · Jan 28, 2015

Monica Cowles said:
"LinkedIn"

My PET Peeve of all ~social media~.... I have Deleted former aquaintances when they did not understand me The Second Time that I want Nothing to Do with LinkedIn... (Hey, I am a nice guy, I'll tell you Twice, that something sux... Then it bye bye email address, and Spam Filter time)!!!!!

And thanks Joe, for the reminder!!!!

The other item that PerTurbs me, is EMail jokes, or pass alongs, where there are 99 other To Recipiants!!!! Do people Not Understand how, And WHY, to use BCc??????

Each and every To: reciepient can have those names spammed off their machines with out even knowing it happens... Not good.

philip

clearconscience · Jan 28, 2015

This has been happening at my workplace. I received an email that looked really legit from a vendor of mine saying they attached my bid requested. Since I didn't request a bid I looked up their email and is was the correct email address. I forwarded the email to the vendor with big bold letters saying DO NOT OPEN ATTACHMENT!
And asked if it was her, of course she didn't send it so I forwarded it our IT department and made them aware.

Seems like it's becoming more popular to target corporations these days

Caveman Jim · Jan 28, 2015

308 said:
985 Page Fax =11KB?
That's a bit odd in and of itself

Yep, I wouldn't touch that with a 20' mouse cord!!!!!

The Heretic · Jan 29, 2015

Just Jim said:
I don't have any financial information on my putor nor any personal information. All they are going to get is what they get from Google or criminals are us. If somebody makes a false post in my name I could prove it wasn't me with my Internet service or my history on my putor.

They don't necessarily need your info, they may just want to turn your computer into one of their "zombies" to send out spam, or to use to attack other computers.

A lot of people's computers are zombies and they don't even know it - they just wonder why their computers run so slow, or turn on in the middle of the night.

I don't open attachments unless I am expecting them. I also generally don't go to links in emails, even if they look legit. I open a browser window and go to the website by typing in the base URL if I need to do something with a website where I need to enter a password to access something.

It is funny, over the years (I've been a computer professional for over 30 years), I think I have only been infected twice, maybe 3 times. Once was a from a floppy given to me to test a program as part of my job, the last one was website I visited on a computer that had an old version of Windows and IE so wasn't properly protected. I can't remember if/what was the third one.

But as soon as I give a computer to someone (I usually give away the some when I get a new one), they manage to bring it to its knees with infections inside a month, sometimes within a week. The two most common vectors are emails and porn sites in my experience.