There just aren't enough clue-by-fours

In this paper I present an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. I received the messages because the spammers, whom I had described previously on my blog, decided to take revenge by putting my email address in the ‘reply-to’ field of a malicious email campaign. Many of the victims were unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it had been blocked by their anti-virus product. I have read those 1,976 messages, analysed and classified victims’ answers, and present them here.
5. The fifth group is actually the most worrying. I call this group ‘MY ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention that their security product (mostly anti-virus) warned them against an infected file, but they wanted the file to be resent because they could not open it. The group consisted of 44 individuals (2.35%).

Via inks [1], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study [2]”

Over a year ago, the Corporate Overlords of The Ft. Lauderdale Office of The Corporation started sending us phishing emails [3] in order to “train us” to recognize scams. Pretty much all it did for me was to treat all emails from our Corporate Overlords asking for information as a phishing attempt (it's also made easier as each phishing email has a specific header designating it as such to ensure they get through their own spam firewall—I am not making this up). And I was upset over the practice as I felt our Corporate Overlords did not trust their employees and felt they had to treat us as children (the managed laptops [4] don't help either).

But reading this report is eye opening. Over 2% requested the malware be sent again! Over 11% complained that the “attachment” did not work (they were infected) and another 14% asked where was the “attachment”—what?

I … this … um … what?

I should not be surprised. I mean, someone has to fall for the scams [5] else the scammers wouldn't waste their time. The scary bit is that this validates what our Corporate Overlords are doing.

Sigh.

But Bunny will find the following response group amusing:

10. One of the biggest surprises were 31 members of group number 10 (1.66%) who spent time pointing out all the spelling errors and typos made in the original message. I call this group “I'M A GRAMMAR NAZI”.

Via inks [6], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study [7]”

Heh.

[1] https://inks.tedunangst.com/l/4538

[2] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-

[3] https://en.wikipedia.org/wiki/Phishing

[4] /boston/2019/08/22.1

[5] https://www.419eater.com/

[6] https://inks.tedunangst.com/l/4538

[7] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-

Gemini Mention this post

Contact the author