Beware malicious email

[Jean Shimp]

I was at a local vendor's website looking at their products for purchase. I've bought from them for several years and they are a good company. I did not buy anything, just looked around. About a day later I get an email from this same company with an attachment saying "invoice". I figured this was a simple mistake and was going to click the link to get it straightened out. But instead I called the company directly. They said it was not from them and was probably malicious. Thankfully I didn't click anything even though it really looked legit.

 

[Solventinkjet]

I was at a local vendor's website looking at their products for purchase. I've bought from them for several years and they are a good company. I did not buy anything, just looked around. About a day later I get an email from this same company with an attachment saying "invoice". I figured this was a simple mistake and was going to click the link to get it straightened out. But instead I called the company directly. They said it was not from them and was probably malicious. Thankfully I didn't click anything even though it really looked legit.

This is a perfect example of good internet security practices. I always tell people that they don't need a fancy antivirus if they practice good internet skepticism. I haven't used an antivirus except for the built in one from Microsoft for about 20 years. Pretty much any email asking you to click on a link that you weren't expecting is a phishing attack.

 

[WildWestDesigns]

It used to be, back in the old days, didn't have to click on anything for malicious code to execute, especially if using Outlook Express. How it handled attachments back then.

Stuff like this is why I always suggest keeping production machines off a WAN. If something happens, even by accident, it can be bad. Especially if backups aren't being done.

Good thing that you called first.

 

[Santimus]

Stuff like this is why I always suggest keeping production machines off a WAN.

Do you mean LAN? My production machines don't have wireless capabilities and even if they did a wired connection would be faster and more reliable. Even a wired LAN is susceptible. You could have production machines on a separate LAN from email/web surfing computers but good/smart email opening practices are going to go a long way. The internet security programs and separate WAN or LAN should be used as safety net not a primary method.

 

[WildWestDesigns]

Do you mean LAN? My production machines don't have wireless capabilities and even if they did a wired connection would be faster and more reliable. Even a wired LAN is susceptible. You could have production machines on a separate LAN from email/web surfing computers but good/smart email opening practices are going to go a long way. The internet security programs and separate WAN or LAN should be used as safety net not a primary method.

No, a LAN configuration is fine. It's your internal network. It doesn't have anyway of getting stuff from the outside. If I believed in keeping things of a LAN, I wouldn't have NAS machines to share working files within my local network. This should not be connected to an outside connection or a WAN network.

WAN (doesn't matter if it's wired or wireless) is a network that has outside connections. It's how one gets email, internet, those delightful updates that makes one's life hell.

Email/internet/updates on my setup doesn't see anything within my local network unless I manually bring it in. I do scan things, even though I run things off Linux. While sometimes, built in utilities are decent, I don't like sacrificing security for convenience. In some instances, that has been a problem with some OSs. 9X era anyone?

 

[ams]

Hover your mouse pointer over the link and see where it's trying to take you. That always shows if it's legit or not. Unless they are super hacker and put a redirect in it.

 

[WildWestDesigns]

Hover your mouse pointer over the link and see where it's trying to take you. That always shows if it's legit or not. Unless they are super hacker and put a redirect in it.

Some of them can be really tricky. It could be off by an "s" from the original one.

I'm not actually used to the ones that have the links to them. I'm used to the ones that are in zip files that they want you to extract and view.

Thankfully, none of my vendors send invoices in such a manner. I just delete those emails right away without even clicking on them to view.

 

[Santimus]

No, a LAN configuration is fine. It's your internal network. It doesn't have anyway of getting stuff from the outside. If I believed in keeping things of a LAN, I wouldn't have NAS machines to share working files within my local network. This should not be connected to an outside connection or a WAN network.

WAN (doesn't matter if it's wired or wireless) is a network that has outside connections. It's how one gets email, internet, those delightful updates that makes one's life hell.

Email/internet/updates on my setup doesn't see anything within my local network unless I manually bring it in. I do scan things, even though I run things off Linux. While sometimes, built in utilities are decent, I don't like sacrificing security for convenience. In some instances, that has been a problem with some OSs. 9X era anyone?

Ah, I always thought WAN was wireless area network referring to your wireless connections. OOPS. Google cleared that right up, Thanks!

 

[ams]

Some of them can be really tricky. It could be off by an "s" from the original one.

I'm not actually used to the ones that have the links to them. I'm used to the ones that are in zip files that they want you to extract and view.

Thankfully, none of my vendors send invoices in such a manner. I just delete those emails right away without even clicking on them to view.

Yeah never accept an invoice in a zip format or any other document than your customers sending photos or other information retaining to a job.

EDIT: Also for Heaven's Sake, don't give your Credit Card Information out to anyone through email!

 

[decalman]

If you get malware....spyware that records your keystrokes...youll y never know.
It comes disguised as anything. It could be from a familiar contact too so you'd think it's ok, but it's not ok. I only use junk laptops for online. You CANNOT get rid of malware with programs like Malwarebytes, and the others.
I get rid of the crap by resetting my unit back to the factory. It wipes out absolutely everything. Takes two hours of Hassel.

 

[WildWestDesigns]

If you get malware....spyware that records your keystrokes...youll y never know.
It comes disguised as anything.

It depends, sometimes you can spot it by looking at what processes are going (for Windows users that would be Task Manager) and if you don't recognize it. Can look to see if there is anything setup at a start up process (Windows users that would be MSConfig) as well that you don't recognize.

Some do hide from those programs as well. Can look at hardware usage if there is allocation of resources that can't be pinpointed with what processes do show up in aforementioned programs. Usually says something is on there.

But it can come from anywhere and even with "trusted" programs, those can be used as vectors as well and sometimes they affect 3 of the major desktop OSs. Why I don't suggest running Windows in an Admin account and certainly don't give programs su(do) rights (which any modern program worth their salt shouldn't need). Unix systems handle things a little bit better. Windows generally sacrifices security for convenience.

I get rid of the crap by resetting my unit back to the factory. It wipes out absolutely everything.

If it were to happen to me, I would just reinstall the OS, takes about 4-8 minutes (that's extracted, installing and reboot, but no, I'm not talking about Windows) and then just move my portable programs back on and create start menus for those programs (got bash scripts to automate it, I would be surprised if couldn't automate some of that with PowerShell).

Sometimes I miss the early 9x days, even though those versions were more prone to malware, could always boot into DOS and remove them that way since they weren't locked from uninstalling like they were when in GUI.

 

[player]

I can look at the email's source code in my email viewer. Then I can see who really sent it, where the links are really trying to take me etc. Like USPS is going to send me an email from sqwirty@russia.hack

 

[Travissedu]

"Hover your mouse pointer over the link and see where it's trying to take you. That always shows if it's legit or not. Unless they are super hacker and put a redirect in it."

I usually do the same thing.