A recent blog posting by Cyveillance, the cyber intelligence company, discusses the fake airline ticket scam that you may have been hit with.
This is what the email looks like:
This is the classic email infiltration attack — create a message that triggers Vishwanath’s response triad:
- Perceived Relevance
- Urgency
- Habit
Cyveillance provides an excellent discussion of the malware delivered in this attack. They also provide this closing observation:
The moral of this story is to always beware of unsolicited email and definitely don’t open attachments from unknown sources.
The moral of the story discloses the most important tool in the attacker’s arsenal: PICNIC — Problem In Chair, Not In Computer. All the the computer-based defenses in the world will not solve the PICNIC problem. Telling users to beware of unsolicited email and don’t open attachments from unknown sources is excellent advice. Which is why the bad guys pretend to be someone you know delivering a message you don’t suspect. This is a technically trivial deception for attackers who understand email technology. In this attack, the user sees an email from an airline. If that user has a pending flight, to him the message is urgent, invoking the habit of opening airline emails and attachments.
Good advice doesn’t change the way people’s brains work. Taking human thought processes as a given, defenders need effective tools to address PICNIC. That is where SP Guard steps in. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us using our online form.