Mon. Oct 21st, 2019

Spotter Up

In Depth Tactical Solutions

E-Mail. It can be the best and worst thing ever. The inbox is a low tech way to gain control of your computer system. There are many threats out there, but this attack vector is pretty easy to close off.

Phishing (sounds like fishing – you are the trout)

This is where you get that weird email from your long lost rich Nigerian uncle’s barrister or an email from your bank stating a problem with your account and a link to log in, except, it’s not your bank.
How it works: You are being enticed or coerced to give up sensitive information that can be used to compromise your security or banking information.
What the phisher uses: These emails are sent from zombies or bots (which are basically the same thing). These are other people’s computers that have been compromised and operate as members of a bot net unbeknownst to the owners. 90%+ of these machines are running Microsoft Windows.
How to tell: First, the email just plain looks off, but that may not be noticeable without careful inspection. The low quality uncle emails, or the Lonely Anna from Russia emails have horrible grammar. Often, the machine address (IP) will not resolve back to the sender’s email domain.
Tricks: The links may look like this one: http://bankofamerica.com . It looks like it goes to Bank of America’s homepage right? Not so much, it opens up our home page. If you hover over the link it will show you in the bottom that the link takes you to https://spotterup.com not Bank of America’s home page. In email they do the same thing to mask where they are taking you to. However, they have set up an exact copy of the page, you enter your credentials, it says wrong password and sends you to the legitimate login page. Now the nefarious phisher has garnered your login credentials.
To Avoid This: Do not follow the links in email, type them out yourself into the address bar of your browser.

The Trojan Email

You get sent an email with an invoice attachment, word document or some other type of attachment; this could also be an attached or linked funny or lewd video.
How it works: You are being tricked into opening an attachment that has malicious software embedded in it. This malicious software attacks the [overwhelmingly] Windows Operating System and turns the computer into a zombie or bot. The software will hide itself by copying itself to an Alternate Data Stream where Windows Explorer cannot see, it will attack the Anti-Virus software by removing its signatures or it’s operational files from scanning, install a component to reinstall itself if some parts are deleted and start checking remote websites for instructions.
How to tell: Sammy has a question about the open invoice, you didn’t by anything. The email just looks off. The attachment icon does not match what it is supposed to be (pdf with the icon for a zip file). Sally from accounting sent you an offer for hunting knives. It just looks plain bad.
Tricks: the attachment name will be similar to invoice.pdf______________.exe or the link to the video will be like the Bank of America link above that sends you to some address similar to http://24.193.43.225/h/43432198/funnycat.mp4
To Avoid This: just delete the email. The video is not funny, the invoice is fake and Sally hates knives.

Regular Spam

You know that Disney Rocking Roller Coaster picture you bought that they emailed the download link to you from the kiosk? You know, where you are looking all suave and everyone else’s hair is up and they are screaming… Yep, you just got added to, (I kid you not, I counted), 36 different mailing lists, and it’s not just your email, it’s you name, address and all your Disney verified payment info. It took me a whole year to get off of those, but here is an easier way. Using google, search for “free email alias” there are a couple hundred entries, but stick with inboxalias or 33mail. The trick? every time you sign up for something, create an alias for them. like facebook@domain.com or cabelas@domain.com and all email that goes to that address gets forwarded to your private email account.start getting spam, kill the alias. You never give out your actual email address, privacy is attained for receiving email. Just remember to turn off the HTML mail viewer, as that tracks the images displayed to the email alias and IP Address of your computer. I would also like to add that this allows you to track who sold/gave away your email information by looking at who the email is sent to in the TO: line of the email.

*The views and opinions expressed on this website are solely those of the original authors and contributors. These views and opinions do not necessarily represent those of Spotter Up Magazine, the administrative staff, and/or any/all contributors to this site.

Comments

comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.