Cautionary Tale
Guest
Thread Starter
Join Date: May 2008
Location: Somewhere between E17487 and F75775
Age: 80
Posts: 725
Likes: 0
Received 0 Likes
on
0 Posts
Cautionary Tale
I'm reasonably careful in interfacing with the 'net. Don't open anything I don't know, don't visit dodgy websites, run virus scans twice a day, change passwords monthly. And access the net thru a dedicated server with filters turned on.
However: yesterday I received an e-mail from an overseas family member who regularly sends me pictures of the kids. Only this time it wasn't from her and clicking on the photos exposed me to an attack which happened ten minutes later, source located in Buenos Aires (so Google told me when they informed me they had blocked an attempt to access my gmail. Well done, Google ! They knew I wasn't in BA because I had Location switched on. And thanks for the automated SMS sent to my phone confirming it).
I'm tell you this because it just goes to show how easy it was for the expletive deleteds to fool me.
And I'm now setting up a system to id the files she (and others) send me as genuine before I open them.
Be vigilent.
However: yesterday I received an e-mail from an overseas family member who regularly sends me pictures of the kids. Only this time it wasn't from her and clicking on the photos exposed me to an attack which happened ten minutes later, source located in Buenos Aires (so Google told me when they informed me they had blocked an attempt to access my gmail. Well done, Google ! They knew I wasn't in BA because I had Location switched on. And thanks for the automated SMS sent to my phone confirming it).
I'm tell you this because it just goes to show how easy it was for the expletive deleteds to fool me.
And I'm now setting up a system to id the files she (and others) send me as genuine before I open them.
Be vigilent.
Join Date: Jan 2008
Location: Timbuktu
Posts: 962
Likes: 0
Received 0 Likes
on
0 Posts
OFSO
IMHO these possibilities exist:
1. these attackers are exploiting an undisclosed zero-day vector, which is unlikely unless you are either a good target e.g. hold a security clearance, or you are well-known and vulnerable to blackmail.
2. you are running some insecure software e.g. XP, Outlook Express, etc. or supported software that is unpatched
3. you acknowledged a UAC prompt when you shouldn't have.
Notwithstanding the above, your "dedicated server with filters turned on" is not doing a very good job. Furthermore, how will this system you are setting up be able to identify a file as "geniune"? Checking for a valid image file extension may not be enough.
IMHO these possibilities exist:
1. these attackers are exploiting an undisclosed zero-day vector, which is unlikely unless you are either a good target e.g. hold a security clearance, or you are well-known and vulnerable to blackmail.
2. you are running some insecure software e.g. XP, Outlook Express, etc. or supported software that is unpatched
3. you acknowledged a UAC prompt when you shouldn't have.
Notwithstanding the above, your "dedicated server with filters turned on" is not doing a very good job. Furthermore, how will this system you are setting up be able to identify a file as "geniune"? Checking for a valid image file extension may not be enough.
Guest
Thread Starter
Join Date: May 2008
Location: Somewhere between E17487 and F75775
Age: 80
Posts: 725
Likes: 0
Received 0 Likes
on
0 Posts
Answers:
a) pictures never came up. I was redirected to another site. As soon as this happened I disconnected.
b) Unrelated to OS. I know an Appple user who has had same thing happen. This was not an attempt to invade my PC, as I thought I'd made clear. It was masquarading as an e-mail from someone I know in order to get me to click on to a distant site. VERY VERY OBVIOUS and something I warn everyone else about. Early Saturday morning and expecting a message, I was vulnerable. Should have known better.
c) Identifying files as genuine will be done by preceeding SMS code. I already do this for sensitive files. I have 500 SMS a month free so it costs nothing.
14:35 - Just heard from a friend running 8 that he also has had an e-mail from a biz acquaintance using hotmail, "click here to look at working docs.." etc., which weren't.
a) pictures never came up. I was redirected to another site. As soon as this happened I disconnected.
b) Unrelated to OS. I know an Appple user who has had same thing happen. This was not an attempt to invade my PC, as I thought I'd made clear. It was masquarading as an e-mail from someone I know in order to get me to click on to a distant site. VERY VERY OBVIOUS and something I warn everyone else about. Early Saturday morning and expecting a message, I was vulnerable. Should have known better.
c) Identifying files as genuine will be done by preceeding SMS code. I already do this for sensitive files. I have 500 SMS a month free so it costs nothing.
14:35 - Just heard from a friend running 8 that he also has had an e-mail from a biz acquaintance using hotmail, "click here to look at working docs.." etc., which weren't.
Last edited by OFSO; 3rd Aug 2014 at 12:36.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Unrelated to OS. I know an Apple user who has had same thing happen.
Image is hosted remotely, you open email, image loads, they correlate on their backend and hey-presto ... they know you've opened the email and they obviously know which gmail address they sent it to. Marketing companies use this technique to track readership statistics, the dark side... well, you've just found that one out !
On a Apple, if you're running Apple Mail, if unsure about the intentions of a message the answer is to mark the email as spam (thumbs down) BEFORE opening it.... then you can open it, because Apple Mail doesn't open remote resources on any messages that are marked as spam. You can then read the text of the message and get a feel for it and decide whether you want to load resources or open attachments, or whether you want to make enquiries with the sender first.
But the old rule still applies... if you're not expecting emails with attachments, even from people you know, then treat with care !
Guest
Thread Starter
Join Date: May 2008
Location: Somewhere between E17487 and F75775
Age: 80
Posts: 725
Likes: 0
Received 0 Likes
on
0 Posts
Mixture, you summed it up perfectly.
Only problem is the coincidence of the recipient expecting a mail with attachment when a scam e-mail such as you describe just happens to arrive.
I suspect that my e-mail address was obtained during the Great Hotmail Hack or similar from sender's account. Not mine, I don't use it. Which - since we probably all know people using hotmail, makes us all vulnerable.
Only problem is the coincidence of the recipient expecting a mail with attachment when a scam e-mail such as you describe just happens to arrive.
I suspect that my e-mail address was obtained during the Great Hotmail Hack or similar from sender's account. Not mine, I don't use it. Which - since we probably all know people using hotmail, makes us all vulnerable.
