On 11/17/21 12:28 PM, Charlie Gibbs wrote:
> On 2021-11-17, 166p1 <
z24ba6.net> wrote:
>
>> On 11/16/21 4:19 PM, Andreas Kohlbach wrote:
>>
>>> On Tue, 16 Nov 2021 12:02:26 +0000, Eric Pozharski wrote:
>>>
>>>> Yup, just today got another .xlsb (what .xlsb is anyway?) to check with
>>>> Virustotal. Not to be proud or something but this year I was first to
>>>> upload twice.
>>>
>>> Those in my opinion are not malicious but contain information how to
>>> contact the scammer. Am interested. If you still have it, could you put
>>> it into an encrypted ZIP file (that the mail ISP cannot check against a
>>> database of scammy files), email it to me (address is valid) and tell me
>>> the password you gave the ZIP file? I'll have a look what's inside then.
>>
>> Is there a usenet group dedicated to e-mail scams and how
>> to spot them ? If not, there OUGHT to be.
>>
>> This has become a PLAGUE of late. How to spot the tricks
>> and, most importantly, how to keep Joe User from just
>> automatically clicking those links ........
>>
>> I'd far rather check 100 iffy e-mails than have to restore
>> dozens of PCs after a ransomware attack. Been there ....
>
> Yup. It's amazing how much a little bit of common sense can
> avoid these mishaps.
>
> If I see a message claiming to be from a long-lost friend,
> or one that promises the world if I just click on this button
> here, the first thing I do is to check the from address.
> A lot of scammers don't even try to disguise it, and seeing
> a suffix like .ru or .tw is a dead giveaway. Also, I'll hover
> my mouse over the magic button and see what URL comes up on
> the status line; again, anything funny here signals danger.
Every time I find a bad one, I mail everybody THAT it's
bad AND include a non-preachy little summary of WHY it's
bad ... including things like links to Russia or mystery
foreign addresses, non-existent companies, really vague
and general content, odd spelling and grammar. The last
bunch had South African links. By not getting preachy it's
possible to EDUCATE - give them more clues to look for in
the NEXT scam mail.
> Plus there's the message text itself. If the message were
> really from a friend, youy'd recognize the style. But even
> with strangers, the kinds of broken English in many scam
> messages should set off alarm bells.
>
> Worst case, I'll use Thunderbird's "view source" option
> to look at the actual contents of the message. There
> can be lots of interesting goodies on display there.
>
> If someone claims to be using your webcam to spy on you,
> are his threats really credible if your machine doesn't
> even have a webcam to begin with?
>
> The trouble with all these techniques is that they require
> time and care to use. In a world where convenience trumps
> everything, most people would rather risk being compromised
> than take the few seconds it needs to check things out.
>
> Too bad "common sense" is such a misnomer...
The IMPULSE is to just click the inviting link, BELIEVE
what's in the mail. Despite contrarians, humans ARE
generally optimistic and trusting. The scammers KNOW
this, it's how they make their money .....
Anyway, within a small/medium environment is IS possible
to inject some skepticism and educate about the signs of
a scam mail. Really BIG orgs though - yer screwed. For
sure SOMEBODY will be fooled.
LibreOffice and Linux VMs are REALLY valuable tools.
You can open weird mails in a protected environment,
with ClamAV, plus open MS files and PDFs with non
MS apps that won't automatically run all the macros
and aren't binary-compatible with Winders. Once in
a while you even need to use GHex or equiv to put a
microscope on things.
Meanwhile, on the Winders boxes, Norton IS pretty
good and I'd rec ZoneAlarm Anti-Ransomware thrown
in underneath as well. Won't save you against all
stupidity but it's better than nothing. Layered,
detailed, daily backups - online, offline and
layered - are the other half of the equation. Oh,
and those backups should be done on Linux/BSD boxes :-)