Friday, December 6th, 2024 | Profile|Contact| | |||||||
Home | Profile | Freedom | Philosophy | Technology | Other topics | Links & Resources | ||||||||
False court appearance notices with malicious software attachments disguised as .zip or .pdf files (or other types of documents)Tuesday, August 18th, 2015 by Randolf RichardsonRecently I've noticed an increase in spam (a.k.a., junk eMail) that falsely claims to be a court appearance notice. The details tend to be somewhat vague, and there is always a file attachment (usually a .zip or .pdf file) that contains malicious software. Here's an example of one such notice I just received today:
From: "County Court" There are a number of problems with this junk eMail message, and I'm including hereunder some of my key suspicions for your convenience in the hopes that it will be helpful to you:
In my opinion, there are too many problems with this message that lead me to question its legitimacy, and the absence of a telephone number (which I should be able to verify actually belongs to the court by simply asking my telephone company to look it up for me) is a major hint that this eMail is bogus (or at least highly suspicious). With regard to the file attachment, if the body of the eMail message doesn't provide adequate contact information for the court official who allegedly sent this notice (e.g., because it's a forgery), then it's reasonable to assume that the file attachment won't either. The risk of opening the file attachment is that it may have a filename that can appear to be a harmless data file when it's actually a program file that runs instructins on your computer -- one step to improving your chances of detecting this deception is to ensure that your computer is configured to "display file extensions for all files" (this is disabled by default on most computers, and unfortunately this has unwittingly facilitated abuses as was attempted in the spam eMail cited above that I received). Consider also: Would you trust an adversary to operate your computer or install software on it? This is a very bad idea because it provides an opportunity for third parties to install software that can monitor your activities and access your private data, then secretly send copies to your adversary. If you still feel it necessary to verify the legitimacy of the notice by contacting the sender, then it's important to do so in a manner that doesn't divulge new information about you (they already have your eMail address, but they may not know your name), so the following approach may be helpful:
If they send it to you in an attachment, then it's bogus because it's trivial for them to provide this information in a regular eMail message, plus they are not respecting your stated policy of not accepting file attachments. If they don't provide you with this information, then it's bogus because they're not cooperating in a reasonable manner by answering your reasonable question. If they ask other questions, then it's bogus because that's a diversion tactic which indicates that they're not being straightforward with you. (Questions they might ask include requesting additional information about who you are or how to send you a letter via postal mail, or to ask you to provide information about your security setup or policies {which is information an adversary desires but shouldn't possess}). One of the reasons for not providing unverified anonymous third parties with information about who you are, where you work, etc., is "social engineering" which involves obtaining as many portions of information no matter how small from as many different sources as possible, then combining that information to appear legitimate during future attempts to gain goods or services from you or your company without having to pay for them beforehand, or to deceive you or your company into paying for fake invoices -- after those goods or services or money are received by the social engineer, they often disappear with little or no trace of who they really are or their new location(s). The more likely possibility, it seems to me, is the intention of these spammers to install malicious software on your computer that spies on you, or encrypts your data and holds it for ransom, etc. |
||||||||
Copyright © 2001-2024 Randolf Richardson. Beautiful British Columbia, Canada. All rights reserved. All trademarks are the property of their respective owners. |