We have recently seen an increase in a phishing/virus scam where the scammers send out a plain looking email that appears to be a receipt for a purchase. The dollar amount for the receipt is high enough to make most people panic that they did not make any such purchase and below it is a link to view said invoice. The link in these emails actually takes you to a public Dropbox folder that contains a zip file which contains a malicious virus.
There are a few things to note here. First the “receipt” is rather non-descriptive. It does not provide any information on the purchase other than a dollar amount and a random purchase number and date. Also of note is the subject line is actually the “To” email address.
Your best protection is to always use caution when opening emails, especially ones you were not expecting. Think Before You Click is something we try and educate all our users on and when in doubt contact your IT department and have them review any suspect emails. Never forward emails of this kind, even to support as this could create additional risk depending on the type of malicious code contained in the email.
Keeping your anti-virus and firewall solutions up to date is also critical. New threats emerge almost at an hourly rate and almost every anti-virus solution and firewall manufacturer provides a daily update to their services at minimum. Security is a serious business and the days of buying a firewall off the shelf and installing a commercial anti-virus solution to protect yourself are long gone. Security is a 24 x 7 job that needs to be managed by professionals who are properly trained and have well documented processes to make sure these critical systems function properly at all times.
As always thanks for reading and remember to Think Before You Click!
Dedicated to your security,
StoneHill Technical Solutions, Inc.