SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Friendly WARNING about a new way to cyber-attack/spam/virus your computer - almost happend to me AT WORK (NOT a chain mail thing)
Go
New
Find
Notify
Tools
Reply
  
Friendly WARNING about a new way to cyber-attack/spam/virus your computer - almost happend to me AT WORK (NOT a chain mail thing) Login/Join 
Rock Paper
Scissors
Lizard Spock
Picture of James in Denver
posted
Ok, so I'm just putting this out there, this is new, and quite ingenious if you think about it.

First, while I'm not in "IT", I know enough not to click on links sent to me and NEVER open EXE files.

Yesterday, AT WORK (!), I receive the following email:

From: Susan Yuan (susan.yuan@scmevt.com)
To: James XXXXXX (work email)
Subject: test
Body: test

That's all. Nothing else. No links, no attachments, no exe files, nothing.

After receiving this email, I was curious if this was legit and if someone was trying to contact me (I'm in a group related to IT, but not IT directly).

So, I googled the website “scmvet.com”. I did not go to the website, I googled it. All the hits on google talked about who owned the scmvet.com web address. It traced back to the Denver area, so it made me more curious.

So, I googled the sender by typing in “Susan Yuan Denver Colorado” to Google. Google responded with it's normal search page.

I scanned down and clicked on the link for LinkedIn and it showed a woman in NYC. I next scanned back up to the top of the search results. The VERY FIRST is titled “Executive Committee - TASP” and had the following as a summary:
achancetoparent.net/about-tasp/executive-committee
Susan Yuan, President, Chair, Ph.D ... of Social Work at Metro State University of Denver from 1992 to 2011 and ... Director at The ARC...

So, this looked like a legit website and even mentioned Denver. I decided to click on the link.

I immediately got a virus website with hard-core porn (remember I was at work) AND with pop-ups that said my computer was infected AND played audio that said "Your computer is infected" loudly. Luckily, I had my headset on otherwise everyone would have come over to my desk.

I could only close these by using “Cntl Alt Del” and killing Internet Explorer. I have 2 screens and was able to do this on one screen while the other had Internet Explorer.

After I reported it to our IT security team, they sent me the following info:

>The IP Address this email originated from
>is on 2 active blacklists.
>
>The link that was followed appears to either
>be hijacked (potentially along with the email
>account), or this is all fake.
>
>I’ve opened the same link up on our test
>machine, and it appears that for the malicious
>payload to work, the user has to click ‘OK’
>on the site. So as long as you had not
>clicked, you should be OK.
>
>I’ve also reported this to Google
>Safebrowsing.

So, moral of the story, do NOT google someone who sends you a blank email.

I have screenshots, but can't post them now.

James


----------------------------
"Voldemorte himself created his worst enemy, just as tyrants everywhere do! Have you any idea how much tyrants fear the people they oppress? All of them realize that, one day, amongst their many victims, there is sure to be one who rises against them and strikes back!"
Book 6 - Ch 23
 
Posts: 4484 | Location: Colorado | Registered: August 24, 2009Reply With QuoteReport This Post
Member
Picture of bigdeal
posted Hide Post
Simple rule of thumb for me, if I do not know a Susan Yuan, the email gets deleted directly from my Inbox. Same with any emails from online marketers and other people unknown to me. Way too many threats out there today to mess with any questionable email.


-----------------------------
Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter
 
Posts: 33845 | Location: Orlando, FL | Registered: April 30, 2006Reply With QuoteReport This Post
Step by step walk the thousand mile road
Picture of Sig2340
posted Hide Post
We need to bring back the Brazen bull for the motherfuckers who do this shit.

Sell raffle tickets to see who gets to light the fire.





Nice is overrated

"It's every freedom-loving individual's duty to lie to the government."
Airsoftguy, June 29, 2018
 
Posts: 32311 | Location: Loudoun County, Virginia | Registered: May 17, 2006Reply With QuoteReport This Post
Member
Picture of cjevans
posted Hide Post
quote:
Originally posted by James in Denver:
<snip>
I decided to click on the link.
James


... human curiosity has no reason. Research and looked up google and whois and ... well all looked good. But that was a giant step from nothing in the email to then navigating to the website!

For the 200 million emails that went out, they only need 1%, or less, after having done their apparent diligence.

shIT happens; being compromised, ransomed or hacked and data stolen ... you did the appropriate actions of researching and should have left it there, forwarding the email to IT and your findings.

Cybersecurity is more entertaining by the hour.



We are all born ignorant, but one must work hard to remain stupid." ~ Benjamin Franklin.

"If anyone in this country doesn't minimise their tax, they want their head read, because as a government, you are not spending it that well, that we should be donating extra...:
Kerry Packer

SIGForum: the island of reality in an ocean of diarrhoea.
 
Posts: 1886 | Location: Altona Beach | Registered: February 20, 2012Reply With QuoteReport This Post
Republican in training
Picture of DonDraper
posted Hide Post
Who does your IT use for email filtering/scanning? They might want to check out Proofpoint.com

Also a little confused on what you are warning about, or what was so ingenious about the supposed attempt of an attack. But just delete the email next time and get back to work Wink


--------------------
I like Sigs and HK's, and maybe Glocks
 
Posts: 2284 | Location: SC | Registered: March 16, 2011Reply With QuoteReport This Post
Security Sage
Picture of striker1
posted Hide Post
I have a 3-second rule. If I don't know or recognize the sender, it gets tossed. This is the mantra in my home for any computer user, period.

Aside: ANYONE who uses a computer to access mail that also contains personal documents should make frequent images of the drive, use a cloud backup, or at least have a copy or two of important data saved to flash drives.



RB

Cancer fighter (Non-Hodgkins Lymphoma) since 2009, now fighting Diffuse Large B-Cell Lymphoma.


 
Posts: 7133 | Location: Michiana | Registered: March 01, 2005Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by DonDraper:
Also a little confused on what you are warning about, or what was so ingenious about the supposed attempt of an attack.

As inferred by cjevans: It plays on human curiosity.

quote:
Originally posted by DonDraper:
But just delete the email next time and get back to work Wink

That's what I would have done.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of C-Dubs
posted Hide Post
So, SIGForum saved me, it seems.
Got the same "test" email at my work address. Google'd "scmevt", and this thread pops up Smile

Deleted it, and set up a mail rule to not accept email from their domain name.

So thanks!



“I won't be wronged. I won't be insulted. I won't be laid a-hand on. I don't do these things to other people, and I require the same from them.”
 
Posts: 2863 | Location: SE WI | Registered: October 07, 2010Reply With QuoteReport This Post
His Royal Hiney
Picture of Rey HRH
posted Hide Post
If anything else, this has made me pay more attention to the green check marks on my google searches.

The site the OP clicked on has no Avast rating and McAfee says it's suspicious. I never did pay much attention before. Now I will.






"It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946.
 
Posts: 20200 | Location: The Free State of Arizona - Ditat Deus | Registered: March 24, 2011Reply With QuoteReport This Post
Oriental Redneck
Picture of 12131
posted Hide Post
I'm sorry, but OP went looking for trouble, and trouble got him. That's how I see it. Should have trashed the email pronto.


Q






 
Posts: 28037 | Location: TEXAS | Registered: September 04, 2008Reply With QuoteReport This Post
Do No Harm,
Do Know Harm
posted Hide Post
quote:
Originally posted by striker1:
I have a 3-second rule. If I don't know or recognize the sender, it gets tossed. This is the mantra in my home for any computer user, period.

Aside: ANYONE who uses a computer to access mail that also contains personal documents should make frequent images of the drive, use a cloud backup, or at least have a copy or two of important data saved to flash drives.


It may be worthy of another thread...but how 'secure' are cloud services? I expect everything I have to already have been exposed as soon as I save it even to my computer, but I don't use cloud services yet because I have concern with what they can do with/who can hack my info.




Knowing what one is talking about is widely admired but not strictly required here.

Although sometimes distracting, there is often a certain entertainment value to this easy standard.
-JALLEN

"All I need is a WAR ON DRUGS reference and I got myself a police thread BINGO." -jljones
 
Posts: 11466 | Location: NC | Registered: August 16, 2005Reply With QuoteReport This Post
Rock Paper
Scissors
Lizard Spock
Picture of James in Denver
posted Hide Post
quote:
Originally posted by C-Dubs:
So, SIGForum saved me, it seems.
Got the same "test" email at my work address. Google'd "scmevt", and this thread pops up Smile

Deleted it, and set up a mail rule to not accept email from their domain name.

So thanks!

You're welcome!

James


----------------------------
"Voldemorte himself created his worst enemy, just as tyrants everywhere do! Have you any idea how much tyrants fear the people they oppress? All of them realize that, one day, amongst their many victims, there is sure to be one who rises against them and strikes back!"
Book 6 - Ch 23
 
Posts: 4484 | Location: Colorado | Registered: August 24, 2009Reply With QuoteReport This Post
Member
posted Hide Post
I don't open any email if I don't know the sender, such emails are blocked and deleted immediately. Even if I recognize the name of the sender if the subject line is vague or generic I immediately delete the email. 99.9% of the people I know will text me and very rarely try and contact me via email. You could have easily avoided getting this virus on your computer by deleting the email but curiosity got the best of you which is what these scumbags rely on .
 
Posts: 1768 | Location: USA | Registered: December 11, 2005Reply With QuoteReport This Post
"Member"
Picture of cas
posted Hide Post
My work place willingly turned everything over to the beast years ago so our system is all Google. Last week we got hit with the massing phishing bug. Emails from people you DID know with documents on Google Drive that you would need to log in to see. (Of course if you were at work and seeing the email it meant you were already logged in.). If like me you weren't at work and viewing from a device it would be easy to fall for.


_____________________________________________________
Sliced bread, the greatest thing since the 1911.

 
Posts: 21458 | Location: 18th & Fairfax  | Registered: May 17, 2003Reply With QuoteReport This Post
Member
Picture of Seotaji
posted Hide Post
quote:
Originally posted by chongosuerte:

It may be worthy of another thread...but how 'secure' are cloud services? I expect everything I have to already have been exposed as soon as I save it even to my computer, but I don't use cloud services yet because I have concern with what they can do with/who can hack my info.


Even with two factor authentication, I wouldn't say cloud services are secure in the least. I wouldn't store anything online that has any value (tax returns, bank account info, passwords, etc...). Even so, I still use them for music, photos (non nude of course), file storage, etc...).

Just like storing stuff in your vehicle, I wouldn't put anything there you couldn't replace easily.

That's just me though.
 
Posts: 6917 | Registered: February 19, 2008Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Friendly WARNING about a new way to cyber-attack/spam/virus your computer - almost happend to me AT WORK (NOT a chain mail thing)

© SIGforum 2024