Research by security firm FireEye has noted that spear phishing emails often try to trick the recipient into downloading dangerous attachments seemingly related to some sort of important mail delivery or parcel shipment. Shipping and postage-related words are some of the most common words included as part of the names of these attachments.
Popular attachment names used by the bad guys include DHL document.zip, Fedex_Invoice.zip, and Label_Parcel_IS741-1345US.zip. Also popular are words like notification, delivery, label, invoice and post.
“One way cybercriminals fool users is by sending files purporting to be notifications about express shipments,” FireEye states in their research. “Given the ubiquity of these services, and their inherent importance and urgency, users are being compelled to open malicious files labeled with shipping-related terms.”
The Federal Trade Commission manages a website called Onguard Online, which has some good ideas on computer safety. The website has an amusing game you can play to test your spear phishing IQ at onguardonline.gov/media/game-0011-phishing-scams. There are also some clever videos that are good for a laugh, as well as good information; take a look.
Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.davemoorecomputers.com.