Wednesday, July 12, 2017

The morning spam...

The morning spam...  Oh, look what just showed up in my inbox!  An email from someone I never heard of, promising me a payment if only I will paste a decryption key into the attached document and open it.  Sure, that's plausible!

What's really going on, of course, is that opening that document will run some malicious code, in a document macro.  Most likely it's going to try to exploit some Windows bug (and they sent it to me not knowing I have a Mac), but you never know, there might be a Mac bug to exploit too.

Do people actually fall for things like this?  Unfortunately, yes – predominantly younger people (who believe themselves immortal or are just ignorant) and older people (who just don't understand the risk).  Not long ago I read a study that showed about 4% of recipients actually opened things like this – even examples like this one that aren't well-targeted or particularly convincingly worded.

Don't you be one of them!


  1. I just marked the same thing as a spam. They didn't even get my email address right in the body text. They harvested the target email from my domain registration.

    Blackwater, I tell you.

  2. On a related subject, where I work they occasionally send emails to us in an attempt to trip us up. Of course nothing bad happens but the workforce gets just a little better at identifying threats. And the training that every new employee receives in this area is the best I've seen!