The first place in any “security strategy” should be to train the human. Most malware infections today are caused by a user clicking through when they should not have.
The posters below give a very clear set of workflows for an infection.
Excellent posters via MALWARE-TRAFFIC-ANALYSIS.NET
Note the STEP IN RED! It takes a human to click past those warnings!
Besides the posters above the e-mail below can be used to help train users to be aware of exactly what they are clicking on and being prompted to do.
With anti-SPAM services getting better and better the malicious folks out there are getting a lot more crafty in their efforts plus we’re seeing an uptick of baddies in the Inbox.
Things to note in the message below:
- The FROM domain @fmelaw.com does not match the domain in the link
- After hovering the mouse over the Here link the URL listed contains a bunch of gibberish
- Watch for language, spelling, and grammar errors as there tends to be a lot of them
- Is the Subject and/or Sender legit?
- Note the call to sign a bill?
- If in doubt, call them first!
- Do NOT open any Word documents and especially do NOT click Enable Macros if prompted!
- Be cautious with any PDF attachments. If in doubt call the sender or forward to here with a question.
NOTE: We are seeing _a lot_ of compromised e-mail addresses and mailboxes sent to our own Inboxes as a result of users we have worked with or are working with opening something or clicking on something they should not have.
One attack vector via Macro enabled Word document harvests both E-mail and Addresses to send out _replies_ to a legitimate e-mail thread/conversation. If the Word document gets clicked on and a prompt comes for enabling Macros the Word document is BAD. CLOSE Word and SHIFT+DELETE the e-mail!
If in doubt, don’t open or click on it! Do _not_ hesitate to call or forward the questionable content!
Thank you and have a wonderful day! 🙂