Security Street Knowledge
  • Malicious E-mails with Urgent Request for Money
  • If you receive an email with the subject line “Sad news.. urgent“, please do not respond, take action or click any links within this message.  The e-mail will appear to come from someone you know stating that they are traveling and all their money was stolen.  The attacker will plead for you to send X amount of funds through Western Union money transfer.    The message is a classic “social engineering attack.”  Depending on your action, it could result in the compromise of your personal information, lost of nonrefundable money and/or leakage of company confidential data.

    To combat these types of threats, you should take prudent measures by ensuring you have the latest antivirus updates installed, use some form of URL blocking of known malicious Web sites like Google Safebrowsing, and train your SPAM filter on your free email account to trash email with undesirable content (Viagra Sales).

    To protect yourself from malicious e-mails you should:

    • Never respond to external e-mail requests for confidential information.
    • Be suspicious of any e-mails with urgent requests from unsuspecting senders. Attackers will trick you into complying by faking a request from a common support or business group e-mail address.
    • Never open attachments that you are not expecting.  Even if you recognize the name of the person, that person could have a computer virus resulting in their contact list being compromised.
    • Set your Outlook to open e-mails as TEXT or avoid having Microsoft Outlook render links, pictures or other additional content by default. When prompted to, “Right click here to download picturesDO NOT do so if you are suspicious of the e-mail.

    To protect yourself while browsing, you should:

    • Make sure the Web site in the e-mail hyperlink matches the Web site you intend to visit.
    • When suspicious, ALWAYS type in the URL in the address bar instead of clicking a link.
    • Never install an application when prompted by a visiting Web site.  If you are prompted to download the most recent version of Acrobat, do so directly from www.adobe.com .
    • Avoid opening unknown or suspicious Adobe Acrobat, Flash and QuickTime media files. These attack vectors are on the rise because of outdated software containing well-known vulnerabilities.
    • Web site http://www.google.com/ is not the same as fake.google.com
    • Be careful about clicking links in unexpected pop-ups warning of a virus on your computer.

    If you get spam email that you think is deceptive, forward it to spam@uce.gov. The FTC uses the spam stored in this database to pursue law enforcement actions against people who send deceptive email.

  • Comments: Off Category: Uncategorized

Comments are closed.

cyber3.jpg