Information Hub‎ > ‎The Bad Guys‎ > ‎

Attachment Attack

Attachments from unknown or unverifiable sources should be considered hostile and should not be opened except as noted below.

While normally used to electronically send larger files, attachment (and especially "ZIP" files) have the ability to hide the true content of the file, compressed files should be viewed as potentially dangerous unless you can confirm from a trusted source the e-mail and attachment are legitimate.  A compressed file may contain an self-starting program that could:
a)  copy your Address book and send it to bad guys
b)  look for financial files and forward the data to the bad guys
c)  implement a password based lock and hold your files for ransom
d)  use a simple technique to simply erase the information on your computer

Here is a rather simple attack launched using a well respected company as the means to sucker you in:
======
E-MAIL ADDRESS:  FedEx 2Day <jonn.snowjob@gonnagitchagood.com.tr>

SUBJECT:                Problem with parcel shipping, ID:00000846419

MESSAGE:               Label_0000086419.zip (3 KB)

Dear Customer,

 

We could not deliver your item.

Delivery Label is attached to this email.

 

Yours trully,

Jonn Snowjob,

FedEx Support Agent.

 

(c) 1995-2014 FedEx. The content of this message is protected by copyright and trademark laws under international law.

 

=====

So how do you determine this is a dangerous message?  EASY!

  1. A non-corporate foreign e-mail address?
    Why would a global company like FedEx be using the e-mail address of another company or an Internet Service Provider?   Notice the ".com.tr" at the end of the e-mail address?  This is a commercial account in a foreign country, Turkey

  2. A generic ID number?
    FedEx uses Tracking Numbers or Airbill Numbers not a generic ID number.

  3. Notice the implied sense of urgency?
    Second day air shipments need to arrive on-time with no delays.  What has happened?.
    Your shipment can NOT be delivered.  This is pressure for you to act quickly and most
    importantly, WITHOUT THINKING.  When you stop thinking and just react, the bad guys win.


  4. Notice the attachment has the same number as the ID?
    This draws you into the attack.  Why would someone provide an attachment when they could easily provide the needed information into an e-mail?  That saves time, reduces the size of e-mails sent out and requires less data transmission time which can save millions of dollars.  This bad guy is focused on inflicting pain not cost savings.

  5. Dear Customer?
    You shipped it, they have your name from the Airbill ... why Dear Customer?
    The bad guy has no idea who you are or even care about you.  This is an attempt to inflict injury through destruction or exposure of private or confidential information, extortion, embarrassment or other acts.  They know what they are doing and enjoy it. 


  6. Who is this person?
    If you need to, call the shipper and ask about Jonn Snowjob the FedEx Support Agent.  You may first learn that Job Title does not exist then that they cannot find any Jonn Snowjob in Turkey or anywhere else.  A little knowledge is very powerful to stop the bad guys.

  7. Lack of Customer Service?
    FedEx is a well managed company that cares about their customer, their shipments and their people.  Would they not have their systems updated to show the current year in their Copyright notice?  Would they not have used the traditional Copyright Mark (a capital C within a circle)?  Would there not have been some images from the company included?  Why not a message about contacting the company for your loss claim or package return process which would not be part of the attachment?

  8. Did you notice the language?
    While rather short, the use of English is relatively good compared to most attempts where spelling, punctuation, use of verbs, capitalization or abbreviations are often incorrect.  Often these are immediate clues.  Any large corporation has notices and other communications to the public and customers reviewed extensively prior to release and are often initiated by their computer systems or employees with very limited means to alter the message sent.  Messages are also often reviewed for hidden meanings or differences in the many languages their customers use natively.  The bad guys do not pay such detailed attention to messages.
The bad guys normally will be defeated IF you STOP, READ, THINK AND CHALLENGE BEFORE TAKING ACTION.  The person who pays the high price for not taking these steps?  It is you.  Often our impulse is to act first and worry about the rest later.  The bad guys count on that behavior!









NOTE:  The generic reference to "bad guys" is just that.  These activities and behaviors are non-exclusive to any gender, gender preference,
            age, race, religion/non-religion group, profession, economic group, geographic or political group, creed or biological kingdom.