Wednesday, July 12, 2017

The morning spam...

The morning spam...  Oh, look what just showed up in my inbox!  An email from someone I never heard of, promising me a payment if only I will paste a decryption key into the attached document and open it.  Sure, that's plausible!

What's really going on, of course, is that opening that document will run some malicious code, in a document macro.  Most likely it's going to try to exploit some Windows bug (and they sent it to me not knowing I have a Mac), but you never know, there might be a Mac bug to exploit too.

Do people actually fall for things like this?  Unfortunately, yes – predominantly younger people (who believe themselves immortal or are just ignorant) and older people (who just don't understand the risk).  Not long ago I read a study that showed about 4% of recipients actually opened things like this – even examples like this one that aren't well-targeted or particularly convincingly worded.

Don't you be one of them!