* * * * *

                    There just aren't enough clue-by-fours

> In this paper I present an analysis of 1,976 unsolicited answers received
> from the targets of a malicious email campaign, who were mostly unaware
> that they were not contacting the real sender of the malicious messages. I
> received the messages because the spammers, whom I had described previously
> on my blog, decided to take revenge by putting my email address in the
> ‘reply-to’ field of a malicious email campaign. Many of the victims were
> unaware that the message they had received was fake and contained malware.
> Some even asked me to resend the malware as it had been blocked by their
> anti-virus product. I have read those 1,976 messages, analysed and
> classified victims’ answers, and present them here.
>
> …
>
> 5. The fifth group is actually the most worrying. I call this group ‘MY
> ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention
> that their security product (mostly anti-virus) warned them against an
> infected file, but they wanted the file to be resent because they could not
> open it. The group consisted of 44 individuals (2.35%).
>

Via inks [1], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware
attack — accidental study [2]”

Over a year ago, the Corporate Overlords of The Ft. Lauderdale Office of The
Corporation started sending us phishing emails [3] in order to “train us” to
recognize scams. Pretty much all it did for me was to treat all emails from
our Corporate Overlords asking for information as a phishing attempt (it's
also made easier as each phishing email has a specific header designating it
as such to ensure they get through their own spam firewall—I am not making
this up). And I was upset over the practice as I felt our Corporate Overlords
did not trust their employees and felt they had to treat us as children (the
managed laptops [4] don't help either).

But reading this report is eye opening. Over 2% requested the malware be sent
again! Over 11% complained that the “attachment” did not work (they were
infected) and another 14% asked where was the “attachment”—what?

I … this … um … what?

I should not be surprised. I mean, someone has to fall for the scams [5] else
the scammers wouldn't waste their time. The scary bit is that this validates
what our Corporate Overlords are doing.

Sigh.

But Bunny will find the following response group amusing:

> 10. One of the biggest surprises were 31 members of group number 10 (1.66%)
> who spent time pointing out all the spelling errors and typos made in the
> original message. I call this group “I'M A GRAMMAR NAZI”.
>

Via inks [6], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware
attack — accidental study [7]”

Heh.

[1] https://inks.tedunangst.com/l/4538
[2] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-
[3] https://en.wikipedia.org/wiki/Phishing
[4] gopher://gopher.conman.org/0Phlog:2019/08/22.1
[5] https://www.419eater.com/
[6] https://inks.tedunangst.com/l/4538
[7] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.