| « The App Store's Weakness is Also a Strength | Are You Really You? » |
It Was The Best of Moments, It Was The Less Good of Moments
Social engineering attacks are alive and well folks and the bad guys are busily trying to convince you to click on their malware. When it comes to distributing malware the infected e-mail attachment trick is an oldie but a goodie. In the past they've sent messages claiming the recipient won a prize or owes a balance on an outstanding invoice. They sent attachments claiming to be plane tickets or pictures of naked celebrities. Naturally all of it was bogus, just a trick to try and get you to open their file and infect your machine with malware. But a lot of users fell for it...and still do.
One of the current trendy tricks is to send you a message pretending to be from a parcel service and telling you to open and print the attached "label" in order to claim your package. Naturally everybody wants to get their packages so people open the attachment and....bam. They're infected.
So, how can you defeat these attacks? Well, a simple critical reading of the e-mail message almost always suffices. Most of these messages are written by people for whom English is not their first language (either that or they're idiots) and the spelling, grammar and usage almost always betrays the message as a fake. I received one today that reads as follows:
Hello!
The courier service was not able to deliver your parcel at your address.
Cause: Mistake in address
You may pickup the parcel at our post office personally.
The delivery advice is attached to this e-mail.
Print this label to get this package at our post office.
Please do not reply to this e-mail, it is an unmonitored mailbox!
Thank you,
DHL Global Forwarding Services.
So let's take a look at that.
Right off the bat the message starts off with "Hello!" O.K., no major company is going to start off a message to customers with "Hello!". The exclamation point alone should have you clicking "Delete" on this message faster than something you would delete really fast.
Next: "The courier service was not able to deliver your parcel at your address."
Why are they referring to themselves in the 3rd person? And nobody delivers packages "at" an address in English, it would be delivered TO an address.
You may pickup the parcel at our post office personally.
This particular message claims to be from DHL. They do not refer to their own offices as "post offices". And the "personally" bit just sounds like amateurish writing to me.
The delivery advice is attached to this e-mail.
Print this label to get this package at our post office.
"Delivery advice"? Again, not the way it's phrased in English. It could be a packing slip, it could be a shipping manifest, it could even be a "receipt" but it's never a "delivery advice". And again, DHL does not refer to their own offices as a "post office".
Please do not reply to this e-mail, it is an unmonitored mailbox
Yes, I'm sure it is unmonitored, because there is no reason for the scammer to monitor the mailbox. Again, the use of the exclamation point is an easy, juvenile giveaway that this message is bogus.
Notice also what the message does NOT include:
* Address of the supposed "Post Office" where we can take our "delivery advice" to pick up the alleged parcel.
* A phone number for DHL where we can call with questions (or to confirm).
* A logo or any other branding to indicate this message is from DHL.
All the way around the message smells wrong and that should be more than enough to tell you the attachment is wrong.
Of course, if you're reading this blog you're probably sophisticated enough to know that. Hopefully you can pass along this advice to your colleagues, staff, family and clients who may not be quite as sophisticated. I'm not so naive as to think that we're going to be able to educate everybody to spot these phonies but if we can just help a few people not get infected it will be worth it.
-B-
P.S. Is your anti-malware software up to date?