Phishing email advice
Discussion
Staff at work have been receiving an increasing amount of Phishing emails, purporting to be from a bank and asking us to click a link to download documents. The link follows the same format -
http://xxxxxxxx.com/dropbox/document.php
Our staff are in general pretty good with these and delete the email.
however, I'm curious as to what the capability of the document.php 'script' could be but i dont want to try and view it incase i inadvertently activate it. Do they just present a log in page and try to get you to enter your details, or can it download further code (key loggers etc) that can cause trouble. Do they have the capability to work across all platforms - windows, android, apple?
http://xxxxxxxx.com/dropbox/document.php
Our staff are in general pretty good with these and delete the email.
however, I'm curious as to what the capability of the document.php 'script' could be but i dont want to try and view it incase i inadvertently activate it. Do they just present a log in page and try to get you to enter your details, or can it download further code (key loggers etc) that can cause trouble. Do they have the capability to work across all platforms - windows, android, apple?
can do anything, is the text link the same as the actual link, or is it changed? Sometimes what's shown in the email is often a redirect to something else anyway. Chances are it'll be a keylogger or something along those lines designed to extract info from someone for an attack later down the line.
Nat West seem to be a particular target at the moment, not sure why, but they do seem to have messed about with their SPF records a bit, and last time I checked dont publish a DMARC record
On a separate note, spear Phishing is getting more and more prevalent and there's a lot of malware going around at the moment where employees are receiving email from what appears to be an executive, or a network admin (names are on LinkedIn etc) so it increases the chances of people opening it and filling in the blanks.
If you want to stop or lessen them, my company do a free cloud based, no logs, no snoop email anti malware service, website is inumbo.com
There are other options of course, having desktop and server based security software (Sophos is good, as is Trend Micro and Kaspersky), a UTM device (Sonicwall/WatchGuard/Netgear/Juniper), or AN Other cloud service (symantec, Mcaffee etc)
Nat West seem to be a particular target at the moment, not sure why, but they do seem to have messed about with their SPF records a bit, and last time I checked dont publish a DMARC record
On a separate note, spear Phishing is getting more and more prevalent and there's a lot of malware going around at the moment where employees are receiving email from what appears to be an executive, or a network admin (names are on LinkedIn etc) so it increases the chances of people opening it and filling in the blanks.
If you want to stop or lessen them, my company do a free cloud based, no logs, no snoop email anti malware service, website is inumbo.com
There are other options of course, having desktop and server based security software (Sophos is good, as is Trend Micro and Kaspersky), a UTM device (Sonicwall/WatchGuard/Netgear/Juniper), or AN Other cloud service (symantec, Mcaffee etc)
I changed the link so there was no risk of somebody clicking on it and having an issue. The only change i made is to the change to xxxxxxx, the rest of it is as per the email, which purported to be from Lloyds Commercial Bank. (I can PM the complete link to anybody who is interested.)
The emails are sent (generally) to members of our marketing team but then they bcc a lot of our other staff.
Our emails are scanned with Fsecure and this also resides on all computers.
The emails are sent (generally) to members of our marketing team but then they bcc a lot of our other staff.
Our emails are scanned with Fsecure and this also resides on all computers.
http://blog.dynamoo.com/2014/10/malware-spam-you-h...
PHP link redirects to a ZIP file with an executable inside with double extensions pretending to be a PDF (.pdf.exe).
Payload is upatre, which downloads other malware, mostly file-encrypting stuff and banking trojans.
PHP link redirects to a ZIP file with an executable inside with double extensions pretending to be a PDF (.pdf.exe).
Payload is upatre, which downloads other malware, mostly file-encrypting stuff and banking trojans.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff