Chinese salesmen in your inbox

The last days I have seen a few traditional unsolicited mails I wanted to post about.

The gist of the mails are that someone claiming to represent some formal-sounding venture in a (to you) remote location, like China, are kind enough to inform that some other entity is going to register your brand name and domain names in the region. And with swift action from your side they are willing to help you avoid that, of course, at a premium price.

These mails lack a few of the tell-tell signs we are all used to looking for by now. There are no “click here” links and no attachments. As far as I can tell there is no malware involved, no exploitation of digital software, only of meat-based software.

If you reply to the mail they will send back a form to fill out and sign, and if you don’t they will start calling and really push the urgency of the issue.

Someone might even say that it is not a scam, just a sneaky way to sell a product. These kinds of mails has been known from 2011 and probably beyond. Instead of saying too much about this particular unsolicited mail, I would rather want to share a few general key point you should learn, signs that will help you identify a much broader scope of scams.

First warning sign, someone you don’t know is approaching you about buying/updating/renewing something you did not intend to buy/update/renew in the first place. When and if you plan to start a business in China, you will plan for it in advance, and it will not take you much to learn who to buy domain names from. When you need a Java update, the Java software will let you know, not some image or ad in your browser.

Second warning sign, the issue at hand is something you (or at least they don’t expect you to) known little about. This gives them an obvious advantage, and is supposed to make you a bit more insecure.

Third warning sign is that something is very urgent. This great offer is only available to you right now, or within a relatively tiny time frame. Maybe the seller already has someone else interested, that the seller lets you know about, and then it might be gone forever.

The hope is that when you get a bit insecure by not really knowing much about the issue at hand, that you will putt a little trust in the wrong hands, and it’s not really that huge amount of money anyway. Better be safe than sorry, right? What if you are wrong and the seller is right?

Nah, save the money. Stay secure.

More technical details in this 2013 blogpost from European Domain Centre.

Recent weeks spam\malware trends; refunds or delay complaints

Greetings good people!

I wanted to share with you the latest trends of spam and\or malware I see coming in to Basefarm this last week. Thanks to everyone who is spamming me making this possible. 🙂

The latest trend is sending a mail with very little detail, complaining about a delay in shipping, lacking tracking information, anything really. And then attaching a .doc file with a simple name like “order-confirmation.doc” or “invoice.doc”.

We, as good people, want people to be happy with our service, so we get a little worried that there has been something we have missed and rush to open the .doc-file to see how we can correct this misunderstanding. The .doc file is loaded with a bunch of macros, and upon opening it downloads whatever malware recently paid the last bid to the spammer. Mostly I have seen botnet installs, and no more crypto-software so far, but this can be changed on the fly by the malware authors.

The purpose of the botnet-infection is the traditional proxying of malicious mail or web traffic, participating in DDOS or to the more modern mining of crypto currency. Also have in mind that it is not uncommon for them to exfiltrate any address books, stored passwords and passwords typed during the infection.

Unfortunately, having an up-to-date antivirus is not enough these days, so to keep yourself from enjoying a borrowed computer from Internal-IT while yours is getting reinstalled and you changing all the passwords you have in fear it might be captured, slow down and think about what files you are opening. Being more security aware is the best solution to this challenge.

As always, if you are not sure about something, talk to your closest internal-IT or SIRT person about your concerns. It is much easier to handle this while it is still in your inbox.