Social Engineering At Its Worst

One of the most dangerous forms of social engineering tricks we have found are often the smallest and simplest types of emails.  They come from criminal gangs who are trying to install malware onto your computer to take control of it in some fashion.  In order to do that they must first convince you to click an attached file (or a link) that will open the door for them to your computer.

“Social Engineering”
As related to scams, this term refers to the behavioral manipulation of a potential victim by a scammer.  Typical forms of online social engineering by scammers are to trick someone into clicking a link, downloading a file or visiting a malicious website.

These small and simple emails are meant to arouse your curiosity and commonly have an informal nature as if someone is speaking to you like they know you.  And while many savvy people know there are significant risks to downloading zip’d files or “.exe” files (though some don’t!), most people don’t realize that simple Word and Excel docs, or even pdf files can contain malicious code.

Check out each of these samples and ask yourself if you would have been curious enough to click on the attachments.

1. Subject: Payment

“Any chance of getting this invoice paid, please?”

1-SE-Any chance getting this paid

2. Subject:  RE: contract questions

“I’ve been reading our contract , and I have a few questions.”

2-SE-Contract questions

3. Subject: DHL Tracking Number: 2561991784
“Dear Consignee, We have successfully received a parcel send you from your business partner.”
In case some of our readers had doubts about the threat that can be carried in a pdf file, we downloaded the attached file and asked to review it.  Look below at the threat score.

3-SE-DHL tracking number 4-SE-DHL tracking number2

4. Subject: New Doc 86
“Sent from Yahoo Mail on Android”

5-SE-new doc

5. Subject:  hi (username)
“really you can make a change…”
This scam contains a shortened URL rather than an attached file.  The person clicking has no idea where that URL will lead to unless they know how to unshorten it before they click it.

6-SE-solar power rebates

6. Subject: Your electricity bill -649$
(No text in email; just an attachment.)

7-SE-Your electricity bill


Bottom line…. Don’t let your curiosity get the better of you.  And if you feel ABSOLUTELY compelled to download the file, at least visit and upload the file for them to review it.