Wednesday 6 September 2017

Client E-mail Warning for the Current Malware Campaigns

This went out this morning. The first place in any "security strategy" should be to train the human.


I hope you had a great summer!

With anti-SPAM services getting better and better the malicious folks out there are getting a lot more subtle in their efforts plus we’re seeing an uptick of baddies in the Inbox.

Things to note in the message below:

  1. The FROM domain does not match the domain in the link
  2. After hovering the mouse over the Here link the URL listed contains a bunch of gibberish
  3. Watch for language, spelling, and grammar errors as there tends to be a lot of them
  4. Is the Subject and/or Sender legit? Call them first!
  5. Do NOT open any Word documents and especially do NOT click Enable Macros if prompted!
  6. Be cautious with any PDF attachments. If in doubt call the sender or forward to here with a question.


NOTE: We are seeing _a lot_ of compromised e-mail addresses and mailboxes as a result of users opening something or clicking on something they should not have.

One attack vector is via a Macro enabled Word document harvests both E-mail and Addresses to send out _replies_ to a legitimate e-mail thread/conversation. If the Word document gets clicked on and a prompt comes for enabling Macros the Word document is BAD. CLOSE Word and SHIFT+DELETE the e-mail!

If in doubt, don’t open or click on it! Do _not_ hesitate to call or forward the questionable content!

Thank you and have a wonderful day! :)

Philip Elder
Microsoft High Availability MVP
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service
Twitter: @MPECSInc

No comments: