Information Hub‎ > ‎The Bad Guys‎ > ‎

Not So Good

One way the Bad Guys sucker people in is by hacking into a legitimate company or organization web site and create some web pages and files for their own use.

Many people on the web can afford a fee to get on the Internet with a web site but most cannot afford the protection that is required to keep it from being hacked or even hijacked.  One major bank spend hundreds of millions to protect their web site only to have card member's information lost yet claimed no responsibility for the release of names, e-mail addresses and other information.

So let's look at this one example of a likely attack against you.

Sun 6/28/2015 11:09 PM

Re:FW:6/29/2015 4:09:25 PM

Ways to spot the red flags in the above:
  1. Notice the time/date received (6/28/2015 11:09 PM) and the time/date sent (6/29/2015 4:09:25 PM)   This is a difference of 17 hours which signals the e-mail server is well outside the US.
  2. Notice the e-mail address, how it ends with ".br" which indicates the country of Brazil.  Do you know anyone in Brazil?
  3. The web address is which suggests it is a web site for a TV station.  Why would a TV station in Brazil be reaching out to you?
  4. Notice after the ".tv" comes "/zkdpcgm".  This is a file directory which other files and directories exist.  This appears to be the name of some systems file that is cryptic to discourage people from going there.  Thus it makes a wonderful hiding place to put harmful programs there that can do harm to your computer.
  5. After "/zkdpcgm" is where the real problem comes as this is a jumble of letters (but no numbers) and a "dot" to make the file more unique and more mysterious as real computer files sometimes have a "dot" in their filename.
So you get an e-mail from an unknown person in Brazil using the website of a television station with a directory name and filename that look very questionable.  It would be interesting to know how many people clicked this anyone because someone sent it to them so they clicked it.

Depending what was in that file could cost you some garbage on your computer all the way up to finding your system was "deep fried" by destructive code and now you are left with unaccessable files on an expensive lightweight boat anchor you once called your computer.

WHEN IN DOUBT call the person by phone and confirm they sent it.  If you can't call them do not click on the link or open any files.