16 Feb Phishing, Scamming and Learning when not to open Infected Emails in your inbox
Your email is a nexus point for user interaction and for potential vulnerability from scammers. It is the door to your data home and the place where many users are most likely to compromise their information.
As you know the internet is rife with scammers who are always looking for the next way to take advantage of the public. They use ever improving techniques and changing tool-sets to come up with the next way to get your information and create vulnerabilities in your network.
In most cases this is as easy as convince users to click on links and attachments that they should not.
Recently we have seen a growing malware/phishing/virus threat being spread through legitimate looking voicemail attachments in user emails.
In almost all cases email scammers convince users to click on or open attachments by including just enough information that could be perceived as correct and accurate that it may be appropriate to be receiving the attached information. In the case of the Voicemail attachment – Users may see an “Email ID” that appears to be coming from an internal email address at the recipient’s organization, as well as a “Download Message” link that appears to host the fake audio file on the recipient’s organization’s domain. All these work together to throw off recipients better judgment and convince them to trust the email enough to click on the download link.
This phishing attempt fools users by appearing to be a legitimate, automated email from Outlook. The scam targets Outlook users, who are sent official looking emails with the subject line “You have received a voice mail.” The body of the email contains the Microsoft Outlook logo, fake data about the voicemail and caller, and a link to download the voice message. Although the download link appears to be a .wav audio file, it’s actually an HTML link to a website that tries to install a Trojan virus. If you are current with your Antivirus Protection and Ant-malware Protection the software should stop the Trojan from installing, however we have had users who have manually overridden these protections and allowed the blocked content to install.
Another version users are seeing with more frequency is the appearance of a “voice message” which appears to come from the “admin” of your organization. This email includes a zipped attachment which when downloaded will install malware on your computer.
Deleting the email should be enough to avoid downloading any malware. but accessing, or downloading, or even opening and allowing the email to load any embedded images may be enough to confirm the validity of your email address and open your system up to potential vulnerability.
If you do click on the download link or believe that your system has been compromised as a result, You should take steps to quickly mitigate the damage.
The best strategy is to exercise additional diligence when opening email. If you cannot confirm the authenticity of an email or sender, it is always best to avoid opening it.