Home The Book Training Events Tools Stats
Unwanted items were >90% of Yesterday's Email.
Dispatches From The Front Lines ...
Fake Adobe Creative Cloud InvoicePermalinkPosted on October 20, 2014 at 10:40 AM

Received this scary (as in Halloween-scary) malware delivery that purports to come from Adobe (From: Adobe Billing; Subject: Adobe Invoice):

Fake Adobe Invoice email message

The attachment in my copy was a file named adb-102288-invoice.zip. If you get the same message, the number part of the file name will most likely be randomized, so don't expect a perfect name match.

What freaks me out about this mailing is that the .zip file passed through VirusTotal with a perfectly clean score. But woe be unto the person who opens that file. That warning should go for both Mac and Windows users (and perhaps even Android). The malware file has most likely been processed through known Bad Guy services that make just enough modifications to such files to eliminate (for a short time) the possibility of being filtered by antivirus incoming email checkers, yet still delivering the damaging part of the malware. Once the file has passed into recipients' inboxes...well, consider an army of undead, crawling through your computer and your company networks to suck brains.

If you try to be careful and check attachments against services such as VirusTotal, it's clear that such vigilance is not enough. Your suspicion radar dial must be turned up to eleven. In this case that would lead you to inspect the header of the email, where it clearly shows the email originated from a block of IP addresses in Morocco—not exactly in Adobe's backyard.

Incidentally, here is a genuine invoice payment notice from Adobe for Creative Cloud:

Genuine Adobe email message

There is no attachment. Even so, I'm not a fan of the use of links to reach your account information. I'd rather they instruct recipients to log into https://accounts.adobe.com manually or via previously set browser bookmarks.

More iTunes 2-Factor PhishingPermalinkPosted on October 09, 2014 at 08:00 AM

Arriving today is a variation of the Apple Two-Factor ID phishing scam I wrote about recently. Claiming to be From: Apple Support with the Subject: iTunes Sign-in Alert!, this one builds on actual wording that Apple uses in a variety of ways (not always email) to the fact that you are using a previously unauthorized device to access your iTunes account. With millions of Apple customers upgrading to iPhone 6-generation devices, those who had previously signed up for two-factor account safety have seen these kinds of alerts, so they may not seem so frightening—more frustrating actually, because they've already registered their new phones. Such users can easily chalk up the email to Apple's systems getting confused and having to re-do their registration.

Crooks know this, and try to trick anyone with an iTunes account into handing over their iTunes login credentials (frequently linked to a credit card and much other personal information). Today's email begins "Your account was accessed from a device we did not recognize." And note how they try to emulate the look and feel of a genuine Apple communication:

Phony iTunes alert email message

If you know to roll the mouse over one of the active links (or press and hold the link if you're on an iPhone/iPad device), you'll soon see that the link goes to a domain other than apple.com. More importantly, if the email message has unnerved you enough to make you worry about your account, log into your account as usual (via the iTunes app), and not through links in email messages. You will quickly see that everything is normal.

Worthless Rewards Spam Piling UpPermalinkPosted on October 06, 2014 at 04:18 PM

I wrote the other day about spam flogging phony retail rewards programs. They seem to breeding like fruit flies. I haven't been keeping a comprehensive log of the retail brands being fraudulently used to trick recipients into taking surveys and participating in all kinds of worthless promotions that never result in getting any rewards.

Here are the brands I remember:

  • Costco
  • CVS Pharmacy
  • Home Depot (high-volume spam on this one
  • Kohl's
  • RiteAid
  • Victoria's Secret
  • Walgreens

In the past, participants who fall for these promotions have had to follow a tortuous trail of site visits, surveys, software installations (always a big signal flare of no-goodness), surrendering personal information, and ratting out your contact list friends and family members. The tactics were profitable for the crooks in the past, so you can be sure they're still at it.

Although there actually are free lunches on the Internet (some fine advertising-free web browsers, for instance), a $50 or $100 gift card offer sent to millions of email users isn't one of them. Save yourself a lot of anguish, and, more importantly, prevent the spammers from making even a fraction of a cent from you. Don't follow the links, and delete the messages.