14 DAY TRIAL // A great part of the success phishing is enjoying is due to users’ curiosity upon receiving a message and documents that they are not expecting. A FedEx campaign spotted recently counts on this and keeps the body of the message as simple as possible.
The cyber crooks drop a single line in the email and include an attachment that purports to be an invoice or a document that could offer more details about the nature of the notification.
Curiosity can get the computer infected
Launching the attached file is actually the end goal of the scammers, since it adds a malware dropper on the system.
After contacting a remote server, the dropper requests to download a threat hosted at that location, which can pilfer sensitive data from the system or add it to a network of compromised computers called bots, expanding the limits of the botnet.
The message in the malicious email simply says, “Please take care of the environment, print only if necessary.” With no details about the nature of the message, the curiosity of the recipient is exploited, and many cannot abstain from opening the file, which is present in archived form (ZIP).
In some cases, curiosity is not the only reason for deploying the malicious item on the computer, as it may happen that the recipient is actually expecting a FedEx notification.
Vague messages are never a good sign
FedEx, or any other professional company, will not engage in sending out alerts that are vague. The name of the recipient, as well as the matter the email is in relation to, are known to the company and are most of the times good indicators that the message is legitimate.
Apart from these hints, if the message claims to deliver only one text document and it does not appear to be a large one, attached archives should be regarded with suspicion.
Unimpeded visibility of the data is generally a good sign, but this is not always the case. Cybercriminals can embed malicious scripts in Word documents and send them out without having to compress them.