Today I was attacked through an existing vendor using a real email thread

(Howard) #1

From Stu’s blog!

So this morning at 5 am I received an email from that vendor with an attached zip file, suggesting that was a new wave file for upload. While I have my first espresso waking up, I use an iPad Pro to handle my email and forwarded to my tech team at KnowBe4. I never looked at the Zip file. I should have known better and used the Phish Alert button instead.

Proceed With Caution

Luckily our tech team was a bit more awake at 9 am! When they came into the office, Jason walked up to me and said: “Hey, that Zip file as a Word Doc in it”. That’s when I realized the red flag and told him to proceed with caution. Next he said: “Hey, that Word File wants access to my contacts!” We started to see a pattern. Next Jason comments :“Hey, the default language of that Word Doc is Russian!”. At that point we knew enough and sent it to our internal team for analysis.

Yup, Malicious