Doubly Wrong
-
Doubly WrongIt's not bad enough that people get tons of spam, some of it cleverly disguised and hidden in messages we might be expecting, but this idea is doubly wrong. Apparently someone setup a spam message that informed people they'd been laid off. When they followed a link, a keystroke logger was installed on their machine.
So not only did their emotions skyrocket with the news they might be let go, but they potentially could get let go anyway after someone discovers they've installed software on their machine that could compromise the company.
I'd like to think that administrators wouldn't be fooled by this and get something installed that would grab their passwords, but it's not that easy. As an administrator, you should be wary of users on your machine without supervision, even under their own accounts. It's the same reason I don't let me kids work my computer without me being their; I'm not sure they won't get some trojan installed.
The other part of this is ensuring that your security paradigm is properly set up. Anyone could fall for one of these and if they had administrative or other "superuser" rights, who knows what would be compromised. It's also a good reason to ensure that you don't share passwords, especially high level ones, for some quick fix. If someone needs some extra rights for a day, grant them rights and then remove them as soon as possible.
And change your passwords. I've worked in places where passwords were in force for years and everyone knew what they were. Might as well have a blank password.
I think targeted SPAM will become and more common in the future. Writing scripts to change senders, customize messages, change logos, etc. and target specific groups of people is not difficult and as more filters become able to deal with the large blasts of identical email, those looking to trick you will evolve as well.
So spread the word and warn your users. A large part of security is education on everyone's part.
Steve Jones
-
We recently got a similar email, from our company's "Abuse Department", telling you that your email account would be shut down immediately unless you clicked on a link...
Out of some 250 people, the only two who clicked the link were IT programmers!
Boy were they embarressed. The moment it reached my desk I was calling my users warning them about it - just reading the email set off my "red flag" alerts. It had the classic social engineering aspects - "something bad will happen if you don't do this RIGHT NOW", appearance of authority (we don't have an "abuse" department), but no real information about what the problem was.Education is definitely key, in combination with software to reduce the spam inflow. The flip side is that since we so seldom get this type of spam any more, it's not on people's radar screens as much as it once was, and they forget to do that third important thing to prevent infiltration of malicious code - STOP and THINK! We get so wrapped up in the hurry and bustle of our jobs, it becomes automatic that we respond as quickly as possible to whatever crosses our desk. The one person I talked to who clicked that miserable link realized their error as soon as the click was done (if only we had an "unclick" button, along with the "unsend"...
)We all need to remember that it's okay to let an email sit while we take a moment to really LOOK at it, and even make a phone call or two to confirm its validity. If I got an email pink slip, you can bet I'd be on the phone to HR in an instant! Without clicking any links!
Here there be dragons...,Steph Brown
-
I believe the article in question involved a Hospital staff. I used that same article as the basis of an e-mail that I sent to all users once again expounding the fact that they are the last line of defense in keeping the network secure. "If you don't know the sender..."
I also tossed in some other basic security information for those with home PC's as that is also a corporate security issue if they can log in from home.
Just as the spammers have taken a new tactic that is temporally working, new methods of detection will be engineered to resolve this issue.
But in the mean time, "If you don't know the sender..."
Doubly WrongViewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply