A client recently sent this e-mail screenshot asking if it was legitimate. This individual is with a company that recently posted a job opening in TN. The body of the email seems innocent enough, stating they are looking for a job. This looks legitimate. However, the telling sign here is in the “Sender’s” domain (the first line starting with “From”. A quick look at this line reveals that it originated, most likely from Russia as indicated by the “.ru” at the end Obviously, we advised the client to ignore and delete that message. There are various foreign country codes, but for someone looking for a local job in TN, it is quite unlikely that they would be sending from that address. This client was sent this message, it made it through their hardware spam filter, it made it through junk filtering and gateway antvirus, and landed right there in their inbox with a completely legitimate looking attachment and body.
Since the inception of email, individuals with malicious intent have used the service to trick people into sending money to a phony organization, relinquishing private data, or downloading malware. Various methods are used to entice recipients into trusting the sender (e.g. appeals to emotion, appeals to desire, and impersonation of a friend.) Those methods of enticement combined with an assumption that emails are inherently safe have seen an unimaginable number of people being scammed. Most people are aware of this sort of thing taking place in some capacity, but do not know what to avoid – social engineering has evolved beyond the Nigerian prince scams. Some of these malicious emails go beyond directly asking for money. They will send messages explaining how they found the recipient and even respond to a request that might be found on an organization’s website. An attachment will be sent along with those messages with a relevant title that will contain some form of malware. Once the attachment is opened, the PC is infected. These infections could have a number of implications: complete access to personal data, locking the system down, etc. It can be quite easy to open an attachment before thinking twice about whether the sender is legitimate or not.
Who is at risk?
In short – Everyone. It is easy to assume that a mail filter will block any and all bad emails. While it may be true that they block most, some may still slip through the cracks. That sense of security might even put you more at risk to download anything that makes it through to your mail client.
What to look for…
As stated before, if you receive an email from a sender sending from a foreign country code – it is almost always a message to avoid. Delete immediately. This is anything outside of “.com,” “.org,” “.edu,” “.gov,” “.net.” They are generally two letters as opposed to three. The example mentioned previously from “.ru” is a Russian address. A job seeker in Russia wouldn’t likely be sending their resume to a company in TN. Outside of foreign address, be vigilant to make sure all attachments are expected. If you receive something unexpectedly from a strange address, do not open it – delete it immediately.
As always, if you suspect you’ve been infected, or need help protecting your company from scenarios like this, give us a call.