It looks like that there’s another co-ordinated ransomware attack under way today, judging from reports in the Financial Times and The Guardian this afternoon.

I was asked at one of our Excellimore Insights seminars a couple of months ago how to tell if an email was suspicious or not, and I’ve got an excellent example to show you which landed in my Inbox this afternoon. It is definitely not what it claims to be so I won’t be following the links to find out what happens!

poisoned email example
poisoned email example

 

This screenshot is taken from Outlook 2013, with the email opened but no links clicked.

How to tell if an email links to malware

The points which set off my alarm bells are:

  • I don’t know anyone called Rosetta or Rosett – why would a stranger be emailing me?
  • The name is spelled in different ways in the same email
  • I don’t know anyone else at that company’s email address
  • There’s nothing in the “to” field – no visible recipient
  • I’ve included the “tooltip” in this screenshot – that’s the wee box which hovers on screen when you move the mouse over a link – and you can see that the links (the two lines highlighted in blue) would take you to somewhere other than the sender’s domain
  • You’ll see a placeholder for an image which you can choose to download or not; again, hover the cursor over it and you’ll see the link to the image. In this case the link is the same as the other two links – in a legitimate email you might expect the image to be linked to somewhere different than the other links to the offered document
  • And finally, there’s no email footer in this one such as you would expect in a business email – although there very often is in the extremely plausible phishing emails purporting to be from banks or the like

Because the links from the email to elsewhere are (a) all the same and (b) not to a domain which might be expected, it’s a reasonable guess that this email is prompting you to download malware. Don’t event think of trying it out “to see what happens” – the consequences are far too severe to muck about with this!

We hope this is useful – gang warily!

Tagged on: