General Consultant Discussion

 View Only

  • 1.  Anyone else get this? I haven't opened it because

    Posted 12-12-2017 09:35
      |   view attached
    Anyone else get this? I haven't opened it because the message seemed to brief from Russ and my Gmail auto-flagged it as suspicious.


  • 2.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 09:37
    I didn't get it, but I wouldn't open it. It does look suspicious.


  • 3.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 10:03
    I got one, but didn't open yet. Let me know how it goes.


  • 4.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 10:11
    I emailed Russ but no reply yet. Another thing that made me suspicious is that I received a very similar looking email with almost the same wording (and PDF attachment) about two weeks ago from someone who I didn't know well. I just deleted that one.


  • 5.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 10:22
    Got it. Didn't open and deleted.


  • 6.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 10:43
    Our IT Department here at RKL just sent a broadcast that they are seeing a high frequency of phishing emails recently. Some included a PDF, others direct you to a web page that asks you to then ""log in"". Of course, the suggestion is to NOT click to follow a web link or open a PDF file from someone you don't know, or an attachment you are not expecting.


  • 7.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 10:47
    Ditto, I forwarded my copy to Russ so he can open it.


  • 8.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 11:12
    This is where I maintain a simple VM, not connected to my network or any shares to open these things out of curiosity. Then just 'revert' to a prior 'snapshot' when done.


  • 9.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 12:46
    Has anyone invented a way to automatically open attachments in a secured VM? That would seem like it might resolve a lot of this but I guess the criminals would just invent another way around it.


  • 10.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 13:21
    The attachment is a PDF that had a short message with a link that was a shortened URL. Red Flag. The URL was https: // smarturl . im / 4An1r. You can use http://www.checkshorturl.com/ to see where it is pointing. In this case it was pointing to https : // baicaio . bid / cccc / files / index.php. If you look at the whois for the root domain you will see it was created just a few days ago. Red Flag. There is a link from the checkshorturl.com site that allows you to see if the domain was reported. When I first got the email it was only showing on Sucuri. Now it shows on Google and McAfee (SiteAdvisor). Red Flag. So yeah I sent him an email about it too but like everyone I didn't hear back. Opening in a VM that isn't linked to your network is a good idea but isn't fool proof. http://venom.crowdstrike.com/ Treat it like the plague and wipe it off the face of the earth. Unless you are like me and Mark who like to test the limits at time ;)


  • 11.  RE: Anyone else get this? I haven't opened it because

    Posted 12-12-2017 14:33
    Feedback from Russ - **I was hacked. Sorry.**


  • 12.  RE: Anyone else get this? I haven't opened it because

    Posted 12-14-2017 16:55
    @ToddMartin awesome info, thank you.


Related Content