We looked at some of the most common types of email phishing attacks in the last part of this Back-to-Basics mini-series and I had promised you today an article on “size matters”, but I have changed my mind. Every day I read up on the latest threats and developments in cyber security – it is important to me that my knowledge is current and relevant to my clients, not just an online certificate or something I passed a couple of years back – and I read an article today that changed this post. (Kopriva. 2024)
Malicious Phishing Email Attachments
One of the most common ways threat actors use to get their malicious links or code to you is to include it in a document or file they attach to the email. Then bait that attachment with a name that will cause you or someone in your organisation to open it.
“Your tax refund notification.pdf”
“Specifications for Government Quote.docx”
“This week’s winning lottery numbers.xlsx”
OK, I made the last one up. As we discussed when looking at social engineering (part 1 and part 2) effective phishing emails will have a message that compels you to take action, short circuiting your cyber security common sense.
Then there is curiosity!
Do you know what a .txz file is? (Kopriva. 2024)
Here is the point I wanted to make today. There are many ways to get people to open an attachment, but present a certain type of person with an unknown type of attachment and curiosity will take over. They have to open this file to see what it is…
Yes, it is malware that is going to steal your life and your organisation’s data! DO NOT OPEN IT! But of course, curiosity killed the hamster. (I am not allowed to say c*t, too many c*t lovers in my family.)
“But,” I hear you say, “two years ago we all had cyber security awareness training, so no one would do that…”.
If no one was opening these attachments, the threat actors would not be making money, and they would stop putting their resources into these cyber attacks and focus on getting at you in another way.
I have two points to make here:
- Did everyone attend that training session? Have you gained new members of staff since then?
- Cyber security is not static and your training should not be either. Encouraging an ongoing discussion and awareness among your team is the aim of training.
Next
Size matters.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Kopriva, Jan. 2024. “Files with TXZ extension used as malspam attachments.” SANS Internet Storm Center. Retrieved May 28, 2024. https://isc.sans.edu/diary/Files+with+TXZ+extension+used+as+malspam+attachments/30958.
Further Reading
Phishing Primer – Social Engineering (pt. 1)
Phishing Primer – Social Engineering (Pt. 2)
The Phishing Email and AI (pt. 3)
Photo by Lum3n