Another Phishing Email
I got an odd email today. It contained an attached Word file, came from someone named “Kayden Brown” and said that the money transfer will be posted in four days… of course, I don’t know of anyone by that name and, as much as I like receiving money, I generally like to know the people it comes from. Needless to say, I was suspicious.
I did a quick google search (using “phish money transfer word document” as my search terms and found this article describing how the scam works. In a nutshell, the Word doc includes an embedded macro program which automatically runs when the document is opened and infects my computer with something nasty. I didn’t bother to investigate further.
This is a tricky scam because the kind of software which scans email attachments (used by Google and other email providers) is unable to scan inside password-protected attachments. So, if I was naive enough to open this document to investigate, I’d have been infected. Needless to say, I marked the email as spam and trashed it.
Some final details. First, as dangerous as this kind of thing can be, I would have been perfectly safe because I use Apple products: iOS and MacOS are not at all susceptible to this kind of macro virus because they don’t allow applications to run code outside of the app sandbox. Just good to know.
Also, the take-away here is that you should always be suspicious of email attachments, even from people you know, and especially from strangers. It would have been simple for the author of this scam to make it look like this email came from someone I know so it’s not enough to only be suspicous of email attachments from strangers. If you’re running Windows, any email attachment is a potential vector for computer infection.