Discussion:
Wow - Now Even COL.M - No Posts For DAYS
(too old to reply)
166p1
2021-11-20 05:14:05 UTC
Permalink
Yup, just today got another .xlsb (what .xlsb is anyway?) to check with
Virustotal. Not to be proud or something but this year I was first to
upload twice.
Those in my opinion are not malicious but contain information how to
contact the scammer. Am interested. If you still have it, could you put
it into an encrypted ZIP file (that the mail ISP cannot check against a
database of scammy files), email it to me (address is valid) and tell me
the password you gave the ZIP file? I'll have a look what's inside then.
Is there a usenet group dedicated to e-mail scams and how
to spot them ? If not, there OUGHT to be.
This has become a PLAGUE of late. How to spot the tricks
and, most importantly, how to keep Joe User from just
automatically clicking those links ........
I'd far rather check 100 iffy e-mails than have to restore
dozens of PCs after a ransomware attack. Been there ....
Yup. It's amazing how much a little bit of common sense can
avoid these mishaps.
If I see a message claiming to be from a long-lost friend,
or one that promises the world if I just click on this button
here, the first thing I do is to check the from address.
A lot of scammers don't even try to disguise it, and seeing
a suffix like .ru or .tw is a dead giveaway. Also, I'll hover
my mouse over the magic button and see what URL comes up on
the status line; again, anything funny here signals danger.
Every time I find a bad one, I mail everybody THAT it's
bad AND include a non-preachy little summary of WHY it's
bad ... including things like links to Russia or mystery
foreign addresses, non-existent companies, really vague
and general content, odd spelling and grammar. The last
bunch had South African links. By not getting preachy it's
possible to EDUCATE - give them more clues to look for in
the NEXT scam mail.
Plus there's the message text itself. If the message were
really from a friend, youy'd recognize the style. But even
with strangers, the kinds of broken English in many scam
messages should set off alarm bells.
Worst case, I'll use Thunderbird's "view source" option
to look at the actual contents of the message. There
can be lots of interesting goodies on display there.
If someone claims to be using your webcam to spy on you,
are his threats really credible if your machine doesn't
even have a webcam to begin with?
The trouble with all these techniques is that they require
time and care to use. In a world where convenience trumps
everything, most people would rather risk being compromised
than take the few seconds it needs to check things out.
Too bad "common sense" is such a misnomer...
The IMPULSE is to just click the inviting link, BELIEVE
what's in the mail. Despite contrarians, humans ARE
generally optimistic and trusting. The scammers KNOW
this, it's how they make their money .....

Anyway, within a small/medium environment is IS possible
to inject some skepticism and educate about the signs of
a scam mail. Really BIG orgs though - yer screwed. For
sure SOMEBODY will be fooled.

LibreOffice and Linux VMs are REALLY valuable tools.
You can open weird mails in a protected environment,
with ClamAV, plus open MS files and PDFs with non
MS apps that won't automatically run all the macros
and aren't binary-compatible with Winders. Once in
a while you even need to use GHex or equiv to put a
microscope on things.

Meanwhile, on the Winders boxes, Norton IS pretty
good and I'd rec ZoneAlarm Anti-Ransomware thrown
in underneath as well. Won't save you against all
stupidity but it's better than nothing. Layered,
detailed, daily backups - online, offline and
layered - are the other half of the equation. Oh,
and those backups should be done on Linux/BSD boxes :-)
166p1
2021-11-20 06:17:13 UTC
Permalink
166p1> The PROBLEM is not the Informed ... it' that Average User who
166p1> is both credulous and clicks on those links without a second
166p1> thought. Any one of them can bring down a whole org.
Only if the org has incompetent admins (or no admins at all)
and uses insecure-by-design windows PCs that are not properly
locked.
And IF you try to lock them down THAT tight - emulating
Vista or worse - they won't put up with it. Daily tasks
become almost un-doable. Valuable people QUIT over such
shit. Bosses wonder why productivity has plummeted.

And no, you are NOT going to get everybody to switch
to Linux or OpenBSD. Not nearly enough "world standard"
apps for them, plus users might have to KNOW something
about computers too ....

In short, a fantasy world.

95% ARE going to be Winders forever and always,
that's the truth of it. 95% of the users WILL be
click-pretty-link stupid at least once in a while
(or All The Time). This is the truth the bad actors
are WELL aware of.

So, ASSUME bad things ARE gonna happen.

Here's what I've done of late :

For the important boxes, install Macrium Reflect Free.
Write a Python script or just a batch file to open
a shared backup drive (on a Linux box of course) just
before it's needed, and then close it again after.
Keep at least two backups of each box. Lunch hour
has proven best.

Then, on the Linux box, make dupes of the backups
to at least one other place. A DropBox Pro account
that keeps layered copies is good and not very
expensive.

Encourage, indeed try to coerce, users to store their
working files on a network drive rather than C: ...
then you can backup those at night, again in
multiple places/ways. Always pre-encrypt any data
going to any 'cloud' storage site no matter WHAT
they claim about security or promises about never
selling your data.

In this way you can mitigate the damage that IS
going to happen, have the core of the org back
up and running pretty damned quick.

This is the reality. You will NEVER be able to
impose enough "systemic" security on Winders
boxes - they're just not designed for it and/or
will be such a pain they'll hire a more mellow
IT guru.

Small/medium biz just ain't the DOD's nuclear
weapons lab. THERE you might get away with the
hyper-anal security measures (actually there
should be NO Winders boxes in such an org).
But Mom & Pop org and other smaller biz/govt
sorts, you need to take the "quick recovery"
tact forwards instead.

Loading...