STO

Fake Email Followups

Leave a comment

Fake Email Followups

      Recently I’ve been seeing an interesting form of spam: Fake Email Followups. The most recent message on the chain is bogus, but the rest includes valid back and forth between people. Including the recipient (ie you).

      Thus the request to follow the link and download a file seems reasonable at first glance. On second glance, the email address is wrong. The name is right, but not the address. And the verbiage doesn’t match the person it claims to be from. The rest of the content tends to be old enough a reply at this point is unlikely. All adds up to downloading the file being a bad idea.

      So it comes as no surprise that the downloaded file is reported as a virus. In the one example I’ve actually seen downloaded, the payload would have generated popup ads. So relatively harmless as far as viruses go. But as it’s code running on your computer, it could do any number of damaging things. Best not to get it in the first place.

      There was also the twist of needing a password to access the file. I suspect that was there so that the file host couldn’t scan the file for a virus, which meant they wouldn’t automatically take it down.



      Just goes to show scammers never stop, and good safety habits are prudent. In this case that means:

Never click on links in email. If you trust the source, because it’s from an address you recognize and a link is reasonable considering past conversations, still don’t click it. Copy/paste the link into a browser. That gives you one more chance to look at it and see if you really want to go there.

If someone wants you to download a file, make sure it’s one you have reason to expect. Doubly so if passwords are involved.

When all else fails, bounce it to whoever your technical support is. Running the wrong file will ruin your computer. How much impact that has on your day, well that depends on how important your computer is.



      Perhaps more concerning is the ability to do this at all. In order to send a message containing parts of previous messages, the attacker has to have the previous message. Whether it’s the results of previous hacking, or an ongoing penetration, a malicious party having access to company email is worrisome. Who knows what kind of damage could be done with that. In this case, it’s rather obvious nonsensical spam. But if it was an intelligent attacker? Who took the time to actually read previous messages so as better gauge bait? That’s how ‘professional‘ hacking happens. Go after the person, always a weak link.

      On the plus side, that you received the message implies it’s not your email that is compromised. That misfortune belongs to whoever appears to have sent you the email.

Leave a Reply