This is how your computer and your contacts can be compromised by a simple email with a link or attachment.
Episode #9-35 released on April 14, 2019
This is based on a real event, a series of people that the person in question knows received an email from her. These emails contained links to a file. Some of the people opened the emails, downloaded the file and infected their computers and devices. The odds of this occurring to you are extremely high and there are a number of ways this can be achieved. The number of vectors this kind of event can take is also numerous. Because of the number of devices and types of devices we all use, a few behavioral techniques need to be used to prevent and mitigate the risks of every kind of these kinds of attacks.
The most likely vectors of attack include reused passwords and viruses.
Let's Start with the reused password vector of attack, something we have warned for years to avoid, too. It is easy to access a person's life online when they use the same username, email address, and password. It is even more troubling when the password protecting the email address is the same as the other accounts, too. If the account is from Gmail, Outlook, etc. and contains an address book that can be synced to another device, then we have a very glaring security issue with this scenario. An attacker can use the address book and email account then send each of the contacts an email containing a virus payload in the form of a virus, which brings us to the second scenario.
This scenario is the most common since more and more people use multiple passwords, instead of one common password. This method can, also, bypass two factor authentication as, you, the user is in complete control of the computer or device that this occurs on. In this case, you get an email from someone you know, an email you were not expecting with an attachment you were not expecting either. The attachment can, also, be a link to a file from a Dropbox, or any other similar service. Downloading and then opening the file will immediately infect your device, and depending on the payload type, can do a multitude of things to your computer. Once, the computer has the virus, it can, amongst other things, overtake your email program and then send to all your contacts a similar email from you with a virus payload in the form of an attachment or link to the actual file.
These payloads can be any number of kinds of viruses doing everything from recording keystrokes to encrypting your computer and device and requiring a ransom to recover the data.
How does one prevent these kinds of scenarios from occurring again, or ever?
Do not open email attachments or download files from links, even from people you know unless you were expecting the file and only once you have scanned the file with an antivirus and antimalware scanner, just to be safe.
Make sure you use a unique password for every account, use multiple email addresses and usernames to throw off attackers, and enable two-factor authentication. Also, using multiple email addresses allows you to set up a recovery email address, too, for each account that way you can always regain access to your account.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net