Cautionary Tale
 

I'm reasonably careful in interfacing with the 'net. Don't open anything I don't know, don't visit dodgy websites, run virus scans twice a day, change passwords monthly. And access the net thru a dedicated server with filters turned on.

However: yesterday I received an e-mail from an overseas family member who regularly sends me pictures of the kids. Only this time it wasn't from her and clicking on the photos exposed me to an attack which happened ten minutes later, source located in Buenos Aires (so Google told me when they informed me they had blocked an attempt to access my gmail. Well done, Google ! They knew I wasn't in BA because I had Location switched on. And thanks for the automated SMS sent to my phone confirming it).

I'm tell you this because it just goes to show how easy it was for the expletive deleteds to fool me.

And I'm now setting up a system to id the files she (and others) send me as genuine before I open them.

Be vigilent.

OFSO, do you have file extensions set to "show", and if so, did the pictures present as a normal file extension?

OFSO
IMHO these possibilities exist:
1. these attackers are exploiting an undisclosed zero-day vector, which is unlikely unless you are either a good target e.g. hold a security clearance, or you are well-known and vulnerable to blackmail.
2. you are running some insecure software e.g. XP, Outlook Express, etc. or supported software that is unpatched
3. you acknowledged a UAC prompt when you shouldn't have.

Notwithstanding the above, your "dedicated server with filters turned on" is not doing a very good job. Furthermore, how will this system you are setting up be able to identify a file as "geniune"? Checking for a valid image file extension may not be enough. :ok:

Answers:

a) pictures never came up. I was redirected to another site. As soon as this happened I disconnected.

b) Unrelated to OS. I know an Appple user who has had same thing happen. This was not an attempt to invade my PC, as I thought I'd made clear. It was masquarading as an e-mail from someone I know in order to get me to click on to a distant site. VERY VERY OBVIOUS and something I warn everyone else about. Early Saturday morning and expecting a message, I was vulnerable. Should have known better.

c) Identifying files as genuine will be done by preceeding SMS code. I already do this for sensitive files. I have 500 SMS a month free so it costs nothing.

14:35 - Just heard from a friend running 8 that he also has had an e-mail from a biz acquaintance using hotmail, "click here to look at working docs.." etc., which weren't.

In which case I'd suggest its a nefarious exploitation of a technique employed by email marketing companies.

Image is hosted remotely, you open email, image loads, they correlate on their backend and hey-presto ... they know you've opened the email and they obviously know which gmail address they sent it to. Marketing companies use this technique to track readership statistics, the dark side... well, you've just found that one out !

On a Apple, if you're running Apple Mail, if unsure about the intentions of a message the answer is to mark the email as spam (thumbs down) BEFORE opening it.... then you can open it, because Apple Mail doesn't open remote resources on any messages that are marked as spam. You can then read the text of the message and get a feel for it and decide whether you want to load resources or open attachments, or whether you want to make enquiries with the sender first.

But the old rule still applies... if you're not expecting emails with attachments, even from people you know, then treat with care !

Mixture, you summed it up perfectly.

Only problem is the coincidence of the recipient expecting a mail with attachment when a scam e-mail such as you describe just happens to arrive.

I suspect that my e-mail address was obtained during the Great Hotmail Hack or similar from sender's account. Not mine, I don't use it. Which - since we probably all know people using hotmail, makes us all vulnerable.