It's no longer news, is it? Scammers are spamming us with fake emails, featuring fake attachments and fake links that can lead to very real and negative consequences.
A colleague just sent me an email asking if the Officeworks email you can see above was real, or not.
At first glance, it looks legit – there's an invoice for a product that was allegedly purchased, with a link to let you take a look at the supposed invoice.
Obviously, I did not click on the link, but it went to a page called "order" after the domain name seen in the address link above, and it is presumably a site that offers a drive-by download trying to take advantage of a poorly patched computer, or some zero-day vulnerability.
Here's where it's important to have Norton, Trend Micro, Malwarebytes, BitDefender, Kaspersky or some other Internet security software that can try catching this presumably infected page.
You also have software like Trend Micro Internet Security and the Acronis Anti-Ransomware tool, or the compete Acronis backup suite, to help you to identify ransomware as it is encrypting your files, and with Acronis, actually roll back the changes, not just stop them.
But whether you have any such software or not, taking a close look at every email you receive is clearly worth the time.
Garrett O'Hara, Principal Technical Consultant at Mimecast offered us a quote on the situation, stating: "This is another example where the trust in well-known brands is being used to socially engineer people into clicking a link in a phishing email. We hope that end users will see the email doesn't come from Officeworks.Garrett O'Hara, Principal Technical Consultant at Mimecast offered us a quote on the situation, stating:
"This is another example where the trust in well-known brands is being used to socially engineer people into clicking a link in a phishing email. We hope that end users will see the email doesn't come from Officeworks.
"At this time of year phishing campaigns will use branding for well-known online stores given their EOFY sales. Lots of people will be expecting packages so it is easier to fool people. And given we're into tax return time we can expect to see more of the 'ATO refund' emails circulating."
Anyway, let's take a look at the email above (with a larger version below), where we can see the "From:" field says "Officeworks", but purports to be from someone called Scott Graham, at a website named "Project Absurd".
Absurd though that is, it's clearly easy to miss if you aren't paying attention, and there's no guarantee your email software is going to expose the true email address below who it says it is from.
Also it's important to hover your mouse over a link, although try doing that on a smartphone or tablet – even if your smartphone or tablet isn't likely to be the target of such a link.
That said, smartphones and tablets can be attacked via such links and infected pages, too, and various Internet security suites for those platforms can certainly help.
As an example, Trend Micro demonstrated at the Sydney PC and Technology User Group last week that a link opened via the Mail app on an iPhone could be identified by Trend's Safari content blocking extension on iOS - so even such protection can now be afforded to iOS devices too, and not just Androids.
Ultimately, scammers are trying to scam us from all directions, on all devices.
Clearly, you simply can't afford to get complacent, because as always, scammers gonna scam, and we're always going to hate them.
The trick is to win and not get scammed, so stay alert and be alarmed, because even if you're not paranoid doesn't mean they're not out to get you!