Ok, so I'm just putting this out there, this is new, and quite ingenious if you think about it.

First, while I'm not in "IT", I know enough not to click on links sent to me and NEVER open EXE files.

Yesterday, AT WORK (!), I receive the following email:

From: Susan Yuan (susan.yuan@scmevt.com)
To: James XXXXXX (work email)
Subject: test
Body: test

That's all. Nothing else. No links, no attachments, no exe files, nothing.

After receiving this email, I was curious if this was legit and if someone was trying to contact me (I'm in a group related to IT, but not IT directly).

So, I googled the website “scmvet.com”. I did not go to the website, I googled it. All the hits on google talked about who owned the scmvet.com web address. It traced back to the Denver area, so it made me more curious.

So, I googled the sender by typing in “Susan Yuan Denver Colorado” to Google. Google responded with it's normal search page.

I scanned down and clicked on the link for LinkedIn and it showed a woman in NYC. I next scanned back up to the top of the search results. The VERY FIRST is titled “Executive Committee - TASP” and had the following as a summary:
achancetoparent.net/about-tasp/executive-committee
Susan Yuan, President, Chair, Ph.D ... of Social Work at Metro State University of Denver from 1992 to 2011 and ... Director at The ARC...

So, this looked like a legit website and even mentioned Denver. I decided to click on the link.

I immediately got a virus website with hard-core porn (remember I was at work) AND with pop-ups that said my computer was infected AND played audio that said "Your computer is infected" loudly. Luckily, I had my headset on otherwise everyone would have come over to my desk.

I could only close these by using “Cntl Alt Del” and killing Internet Explorer. I have 2 screens and was able to do this on one screen while the other had Internet Explorer.

After I reported it to our IT security team, they sent me the following info:

>The IP Address this email originated from
>is on 2 active blacklists.
>
>The link that was followed appears to either
>be hijacked (potentially along with the email
>account), or this is all fake.
>
>I’ve opened the same link up on our test
>machine, and it appears that for the malicious
>payload to work, the user has to click ‘OK’
>on the site. So as long as you had not
>clicked, you should be OK.
>
>I’ve also reported this to Google
>Safebrowsing.

So, moral of the story, do NOT google someone who sends you a blank email.

I have screenshots, but can't post them now.

James

Simple rule of thumb for me, if I do not know a Susan Yuan, the email gets deleted directly from my Inbox. Same with any emails from online marketers and other people unknown to me. Way too many threats out there today to mess with any questionable email.

We need to bring back the Brazen bull for the motherfuckers who do this shit.

Sell raffle tickets to see who gets to light the fire.

quote:

Originally posted by James in Denver:
<snip>
I decided to click on the link.
James

... human curiosity has no reason. Research and looked up google and whois and ... well all looked good. But that was a giant step from nothing in the email to then navigating to the website!

For the 200 million emails that went out, they only need 1%, or less, after having done their apparent diligence.

shIT happens; being compromised, ransomed or hacked and data stolen ... you did the appropriate actions of researching and should have left it there, forwarding the email to IT and your findings.

Cybersecurity is more entertaining by the hour.

Who does your IT use for email filtering/scanning? They might want to check out Proofpoint.com

Also a little confused on what you are warning about, or what was so ingenious about the supposed attempt of an attack. But just delete the email next time and get back to work

I have a 3-second rule. If I don't know or recognize the sender, it gets tossed. This is the mantra in my home for any computer user, period.

Aside: ANYONE who uses a computer to access mail that also contains personal documents should make frequent images of the drive, use a cloud backup, or at least have a copy or two of important data saved to flash drives.

quote:

Originally posted by DonDraper:
Also a little confused on what you are warning about, or what was so ingenious about the supposed attempt of an attack.

As inferred by cjevans: It plays on human curiosity.

quote:

Originally posted by DonDraper:
But just delete the email next time and get back to work

That's what I would have done.

So, SIGForum saved me, it seems.
Got the same "test" email at my work address. Google'd "scmevt", and this thread pops up

Deleted it, and set up a mail rule to not accept email from their domain name.

So thanks!

If anything else, this has made me pay more attention to the green check marks on my google searches.

The site the OP clicked on has no Avast rating and McAfee says it's suspicious. I never did pay much attention before. Now I will.

I'm sorry, but OP went looking for trouble, and trouble got him. That's how I see it. Should have trashed the email pronto.

quote:

Originally posted by striker1:
I have a 3-second rule. If I don't know or recognize the sender, it gets tossed. This is the mantra in my home for any computer user, period.

Aside: ANYONE who uses a computer to access mail that also contains personal documents should make frequent images of the drive, use a cloud backup, or at least have a copy or two of important data saved to flash drives.

It may be worthy of another thread...but how 'secure' are cloud services? I expect everything I have to already have been exposed as soon as I save it even to my computer, but I don't use cloud services yet because I have concern with what they can do with/who can hack my info.

quote:

Originally posted by C-Dubs:
So, SIGForum saved me, it seems.
Got the same "test" email at my work address. Google'd "scmevt", and this thread pops up

Deleted it, and set up a mail rule to not accept email from their domain name.

So thanks!

You're welcome!

James

I don't open any email if I don't know the sender, such emails are blocked and deleted immediately. Even if I recognize the name of the sender if the subject line is vague or generic I immediately delete the email. 99.9% of the people I know will text me and very rarely try and contact me via email. You could have easily avoided getting this virus on your computer by deleting the email but curiosity got the best of you which is what these scumbags rely on .

My work place willingly turned everything over to the beast years ago so our system is all Google. Last week we got hit with the massing phishing bug. Emails from people you DID know with documents on Google Drive that you would need to log in to see. (Of course if you were at work and seeing the email it meant you were already logged in.). If like me you weren't at work and viewing from a device it would be easy to fall for.

quote:

Originally posted by chongosuerte:

It may be worthy of another thread...but how 'secure' are cloud services? I expect everything I have to already have been exposed as soon as I save it even to my computer, but I don't use cloud services yet because I have concern with what they can do with/who can hack my info.

Even with two factor authentication, I wouldn't say cloud services are secure in the least. I wouldn't store anything online that has any value (tax returns, bank account info, passwords, etc...). Even so, I still use them for music, photos (non nude of course), file storage, etc...).

Just like storing stuff in your vehicle, I wouldn't put anything there you couldn't replace easily.

That's just me though.