I wake up today with the usual massive dump of emails, two of which looked a bit suspect. The first is from DHL, saying my shipment is cancelled. I don’t use DHL and expect no shipment from them, so delete it. The second is an email from Transport for London with a PDF attachment.
It’s tempting to open it as I often get caught out with congestion charge fines and look, it’s been scanned by Symantec, but something looked fishy. I guess it’s because I don’t use Symantec, so I googled “Email from Transport for London” before opening the PDF and sure enough, on the TFL (Transport for London) website:
Email from Transport for London pretending to come from firstname.lastname@example.org with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer.
I guess I’ve seen enough email scams to know when I’m getting phished but I have been caught out in the past with such scams, from PayPal accounts being locked to confirmation of airline tickets I didn’t buy to the famous Nigerian 419 scam.
It’s just one of those things, but I then wonder how many people get duped by this. Send out 10 million emails and how many click the attachment and get infected?
In a recent Verizon investigation, 23% of recipients open phishing messages, and 11% open attachments. So 1 in 10 computers are infected by Trojans? No. More than that. According to Panda Labs, 36.51% of the world’s computers are infected with some sort of virus in 2015, up 6% on 2014.
So who would fall for such trickery? Surely not high ranking public officials and celebrities? Well a few have been caught out, but you’re more likely to get caught out yourself if you search for Cameron Diaz or Jessica Biel. According to McAfee, if you search for Cameron Diaz, there is a 10% chance of landing on an infected site while searching for Cameron Diaz screensavers increases the risk to 20%.
Oh dear. Well, I guess the best way to deal with such danger is to copy the example of James Veitch. James, a comedian, has spent the last two years replying to spam emails and compiling the often hilarious conversations that ensued into a book released last year called Dot Con. Here’s a great example of what happens when you talk to the scammers: