This week, someone attempted to penetrate our systems again. Many of these type of attempts are blast to thousands and some our targeted attempts. Regardless, clicking almost always mean you have been compromised and malware is now on your computer and moving through your organization.
This particular email attempt had a file attached from Dropbox and the body of the text mentioned the file was ready. In this era, it is common for companies and individuals to include file repositories for large file transfers. This makes it even harder and highlights the need to remind everybody to be vigilant and suspicious always when reading email.
While we should all be practicing good email hygiene, bogus email phishing attempts get a lot of people. This is a good opportunity to review phishing awareness.
See the images below:
Notice the following:
- Email address that does not match name
- Generic attachment names
- Generic “Company Dropbox” notification
What should you do if you receive a message similar to this or one you feel is suspicious? It depends on your company’s policy and procedures. Whatever you do, do not click on the attachment ever. It is appropriate to call the sender if you know them and as ask if they sent an attachment. However, attempting to open it to see what is there is a terrible idea!
1. DO NOT OPEN ANY ATTACHMENTS OR CLICK ON ANY LINKS CONTAINED WITHIN THE EMAIL BODY.
2. Create a new email message addressed to firstname.lastname@example.org
3. Drag the suspicious email into the body of the new email so that it gets forwarded as an attachment.
4. Send the email.
5. Delete the suspicious email.