Just when I thought I was too smart to be fooled by malicious email, a report from German researchers made me start thinking about it again. The researchers, from the email security firm eleven, have identified drive-by download spam, which means that your computer will be infected if you simply open the message. No link or attachment to be wary of. You can be compromised even if you have disciplined yourself not do overtly stupid things on your computer.
Just when we’ve gotten to the point, after hammering the message home again and again and again, so that most users seem to get that they shouldn’t open attachments or click on links even in the slickest looking email messages, we see a new example of HTML malware proliferation . I just got a very nice phishing message purporting to come from Intuit, complete with the corporate logo. I didn’t bite, but it was good enough to make me hesitate, even though the salutation was “Dear valued customer” rather than “Dear Neil” or “Dear Mr. Roiter,” an instant giveaway. At any rate, I am not an Intuit customer, valued or otherwise.
The particular emails cited by eleven (see the image below) carry the subject “Banking Security Update” and advise that “Your Wire and ACH transactions have been temporarily suspended. Please open the attached document for more information.” It appears to come from the legitimate fdic.com address. I’ve gotten a lot of phishing messages dealing with ACH (automatic clearing house) transactions, so I dump them without opening them. But a small business owner might well check it out. Or I might open an email that looks like it comes from my bank, or Amazon.com, my credit card company, etc. What if a Zappos.com customer gets drive-by email that carries his name, address, phone number and last four digits of his credit card number? Wouldn’t you at least look?
So, after reading about the latest drive-bys, I switched my incoming email so that everything comes in plain text. It’s a little bit of an inconvenience, but I think it’s worth the extra peace of mind (if you are using Outlook, go to Tools/Options/Email Security/Read as Plain Text. It's easy to switch the view to HTML if (a) I am sure I trust the source and (b) I care. I should have been viewing in plain text long ago, but I'd gotten a little complacent and a little lazy.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us