IDENTIFYING PFISHING EMAIL CONTAINING MALWARE

phishing-scammerMalware Comes in the Front Door

Most malware doesn’t attack from the back door.  Instead it comes right in the front door and creates back doors you don’t even know about.  I received three emails today and one a few days later before I finished this blog post, that I am going to share because emails laced with malware is the primary method of gaining access to your computer.  Two of the emails are virtually the same email just from a different person.  Making mail appear on the surface to have come from someone else is not difficult.

 

email1This first email is typical:

  • It comes from someone I don’t know.
  • There is no salutation or greeting.
  • This one says I filled out my taxes with FreeTaxUSA.  I have never heard of them and I certainly didn’t send them any tax info.
  • The items listed say Louisiana State Tax Return.  I don’t live in Louisiana and certainly wouldn’t be filing a return there.
  • The checking account listed is not mine.
  • Finally the clincher for this one is the attached file in zip format.

Zip files are common around the internet as they are a container file with other files contained within.  The problem with zip files from unknown sources is that they can be used to transport malware past email filters.  Most email systems won’t allow you to send an .exe file (executable windows file).  So by placing an .exe or other file that can contains malicious code in the zip file they are bypassing some email filtering.  If you don’t know who sent the file, don’t open the zip file! The other thing this email is trying to do is get me concerned that I have been charged for something I didn’t order.  Obviously I wouldn’t have ordered a tax return from Louisiana; in fact my taxes were done some time ago.  The email looks like I am being charged for something, so naturally curiosity will want to see what it is.  If you receive an email similar to this, you must fight the urge to look and just delete it.  If you just can’t stand it contact your bank or credit card company and check your statement for any suspicious charges.

The next two emails are similar:

This first email is typical:

  • It comes from someone I don’t know.
  • There is no salutation or greeting.
  • This one says I filled out my taxes with FreeTaxUSA.  I have never heard of them and I certainly didn’t send them any tax info.
  • The items listed say Louisiana State Tax Return.  I don’t live in Louisiana and certainly wouldn’t be filing a return there.
  • The checking account listed is not mine.
  • Finally the clincher for this one is the attached file in zip format.

Zip files are common around the internet as they are a container file with other files contained within.  The problem with zip files from unknown sources is that they can be used to transport malware past email filters.  Most email systems won’t allow you to send an .exe file (executable windows file).  So by placing an .exe or other file that can contains malicious code in the zip file they are bypassing some email filtering.  If you don’t know who sent the file, don’t open the zip file! The other thing this email is trying to do is get me concerned that I have been charged for something I didn’t order.  Obviously I wouldn’t have ordered a tax return from Louisiana; in fact my taxes were done some time ago.  The email looks like I am being charged for something, so naturally curiosity will want to see what it is.  If you receive an email similar to this, you must fight the urge to look and just delete it.  If you just can’t stand it contact your bank or credit card company and check your statement for any suspicious charges.

The next two emails are similar:

email3

Flags to look for in these two emails:

  • Someone I don’t know
  • No salutation (This in and of itself wouldn’t necessarily be a flag, but taken with the others I would expect to see my name here.)
  • They are vaguely requesting information, then referring to the attached document.  These emails are usually sent to thousands of people and the goal is to pique curiosity so you will open the attachment.
  • The attachment is a Microsoft word .doc file – yet another route to infiltrate malware into a computer.  Microsoft Word is a very powerful program that is capable of scripting.  Because of the scripting and other vulnerabilities in Word you shouldn’t open a .doc file from anyone you don’t know.  Make sure all your software updates are done promptly to limit the possibility of infection, but understand there are constantly new vulnerabilities that are found – so again, just delete the email without opening any attachments!

The interesting thing about the last two emails is that I looked up the companies and they appear to be legit businesses.  So either someone just copied their information for the email or their computers have been compromised.

One final email that is more obvious:

email-4

This one is typical of emails generally caught by spam filters.  It appears to be written by someone for whom English is not their primary language.  It’s vague and leaves a lot of questions.  I also like that the email is from Country court, not County court.  I am not sure if that’s a federal court or the Supreme Court.  ????  Again this email has the attached zip file that you should avoid.  The email is just supposed to entice you to try to open the attached documents, and that’s when you could get a virus or other malware launched on your system.

If you have had and used an email address for some time, you likely will receive mail like this.  Various entities around the internet collect email addresses and then sell the lists.  These emails are probably sent to thousands if not millions of addresses.  It’s an odds game.  If they send out 10,000 emails and they can get 1% of people curious enough to click on the link or zip file, then they have nabbed 100 people or computers.  If they do this every day, all year – that’s 36,500 people or computers that they can do whatever they want since the person opened the document and let the bad guys in.  There are enough back doors in computer systems to guard against without letting someone walk through the front door.