back to article If you see 'URGENT tax rebate download' in an inbox, kill it with fire

FireEye has put together a list of the most common words and phrases that appear in fake emails designed to infect corporate networks and steal data. The security firm said that the list spotlights the social engineering techniques that feature as a key component of so-called spear phishing attacks. Hackers tend to use words …

COMMENTS

This topic is closed for new posts.
  1. SuperTim

    Was this an actual study?

    or did they just open their email and count the same spams that everybody else gets?

    I like getting the tax rebate emails to my spam email address (which has such an offensive name I would never ever give it to the government)

    1. LarsG
      Meh

      Talking of Tax Rebates

      I had a rebate, £7.46 then a week later a demand for £6.01 arrived due to an underpayment of tax.

      There was also the threat of legal action if I failed to pay.

      Win some lose some.

      1. AndrueC Silver badge
        Thumb Up

        Re: Talking of Tax Rebates

        Yeah, I've had something like that. I got a rebate of a couple of thousand. Then a new tax coding that included a correct for £35 underpaid :-/

        1. Anonymous Coward
          Anonymous Coward

          Re: Talking of Tax Rebates

          I am convinced that HMRC deliberately set the tax code and their calculations so that you always underpay tax by a very small amount. That way, they don't have to refund any penalties that you may pay if you are late submitting a tax return (it used to be that if they ended up owing you money, the penalty would have to be written off if not already paid or refunded if it had).

          At the end of each of the last three financial years or so, I have 'owed' less than two pounds (sometimes mere pence), and I can't fully understand why. If it were just down to rounding errors, I would expect to have overpaid sometimes, but it just doesn't happen.

          1. johnB

            Re: Talking of Tax Rebates

            Yes - if paying under PAYE the rounding system usually means you pay a few pounds less than is actually due -

            e.g. allowances £6545 gets rounded in the employer PAYE calculation to £6550, so £5 @ your tax rate too little is paid.

            It was explained to me, long ago, that this was to prevent small overpayments arising which would create mountains of clerical staff to calculate & repay.

      2. Anonymous Coward
        Anonymous Coward

        Re: Talking of Tax Rebates

        Had it the other way round, out of work, totally skint (literally a few pennies around the bedsit), opens gas bill for £23.21, sighs and sits down pretty hopeless, opens next envelope with deepening sense of dread, tax rebate £23.16, smiles ever so slightly and rejoices at the order or events.

    2. Ken Hagan Gold badge

      Re: Was this an actual study?

      It's not terribly obvious what their sampling method was. They claim that their headline stats are based not on emails sent but on emails actually making it through corporate defenses, which implies either that they've installed monitoring software that counts malicious emails without actually blocking them (thanks!) or they are trawling through post-mortems.

      If you only count successful attacks, EXEs will score well because however rare they might be they will have a near 100% success rate when they *do* get through.

      Interesting to note that PIFs (remember them?) were still in the top 5 last year. Less interesting to note that ZIP is the number one malware extension by a long way. Clearly they didn't count "URL in the email text" as a vector, although it is probably even more common (and probably more effective) than ZIPs.

  2. jake Silver badge

    Uh ... Duh?

    And while I'm at it, lose the fucking "with fire" meme. That was old and tired long before the "Paris, because ..." meme was old and tired.

    1. mike2R
      Mushroom

      Re: Uh ... Duh?

      You're saying the meme should be nuked from orbit? Because it's the only way to be sure?

      1. jake Silver badge

        @mike2R (was: Re: Uh ... Duh?)

        No, I'm saying it's old, it's tired, it's stupid, it's not funny, it never was funny, and it's a gross waste of bandwidth. As is the meme you referenced. IMNECTHO, anyway.

        1. cyborg
          Mushroom

          Re: @mike2R (was: Uh ... Duh?)

          You're not funny.

    2. Anonymous Coward 15
      Trollface

      Re: Uh ... Duh?

      Your meme is bad, and you should feel bad.

      1. Anonymous Coward
        Anonymous Coward

        Re: Uh ... Duh?

        Oh you!

  3. Anonymous Coward
    Anonymous Coward

    'Words such as "DHL", "UPS", and "delivery"....'

    Working in the business, what never ceases to amaze me is the number of people who open these, even though they're not actually expecting a delivery and then phone us up to a) bollock us for putting trojans in our emails and b) ask where their delivery is[1]!

    [1] I kid you not. There are some very stupid people out there......

    1. Anonymous Coward
      Anonymous Coward

      Re: 'Words such as "DHL", "UPS", and "delivery"....'

      I hear you buddy, it's a constant battle here too.

      Usually I go heavy handed with the hard of thinking brigade, unless they are cute and then I give them some personal security training. So phishing can be positive

      1. Tezfair
        Thumb Up

        Re: 'Words such as "DHL", "UPS", and "delivery"....'

        Couldn't agree more, despite drilling it into staff at various clients they still go and open these emails thinking its real - usually because it happens to coincide with something that was recently ordered.

        In fact at one customers the owner actually printed an A4 warning and pinned it on the wall directly in front of the admin girl and she STILL opened the email.

        I have content filtering (as well as AV / AS) in place where ever it can be installed, but its only a small layer of defence.

        I have noticed there's some unusual ones, such as 'littlewoods' & 'school report'. Just got to be careful.

        1. Fatman
          FAIL

          Re: actually printed an A4 warning ... and she STILL opened the email.

          There is only one way to rectify that situation - immediate termination, and NO SEVERANCE BENEFITS.

          An example of the stupid and clueless must be made often.

        2. Alan Brown Silver badge

          Re: 'Words such as "DHL", "UPS", and "delivery"....'

          "In fact at one customers the owner actually printed an A4 warning and pinned it on the wall directly in front of the admin girl and she STILL opened the email."

          There is a mentality amongst some of the clue-deprived that it might possibly be important and that no email should be left unopened. This leads to such things as "I know my antivirus program said it had some kind of infection but I opened it anyway"

          One of said people filed an official complaint against me for "speaking to her as if she was a naughty child and making her feel bad" after having to clean her computer for the 3rd time in 3 months.

          There is a definite market for snazzier looking etch-a-sketches.

    2. Fatman
      FAIL

      Re: some very stupid people out there......

      No doubt about it!!!

      WRT banking phishing email; if you not have an account at $BANK, then why in hell would they ($BANK) send you an email about some account problem????

      I get shit from BofA and CiShiti-bank all of the time. But, I will never have an account with either one of them (why, is not germane here).

      Too many suffer from Terminal Stupidity, aka "Shit For Brains Syndrome".

      For Christ's sake, people, use your fucking heads!!!!

  4. AndrueC Silver badge
    Megaphone

    Golden rules to apply to life (not just email):

    * If it seems too good to be true - it is.

    * No-one ever contacts you out of the blue because they want to help you.

    * People lie.

    1. johnnytruant

      A friend of mine

      Once got an email claiming to be from an Australian property lawyer investigating some land my friend had supposedly inherited (which he had no clue about). They wanted to sell it for him, taking a 5% cut.

      Sounded dodgy as hell, but it was no cash up front - six months later he was holding a cheque for £27k.

      He was very glad this was in the days before aggressive spam filtering.

      1. Vladimir Plouzhnikov

        Re: A friend of mine

        No lawyer would do any of that for the prospect of getting GBP1,400.-

        Your friend must have misunderstood - it's was not the lawyer who got 5% cut, that must have been your friend's share of the total sales price with the lawyer pocketing the remaining 95%.

      2. Anonymous Coward
        Anonymous Coward

        Re: A friend of mine

        Had an email from a lawyer in Germany asking to contact an old boy of our UK school via our school website. A Google search had thrown up the old boy's name in someone's posting in our Guestbook. Apparently an inheritance was being offered. The boy and his mother had come to England from Germany just after the war .

        Did a lot of thinking and checking of the email domain ownership and German lawyer registrations - before contacting the old boy. There was a double-check from the family information supplied by the lawyer. It appeared genuine - but I still explained to the non-internet old boy how to recognise a scam. Never heard the outcome though.

  5. Will Godfrey Silver badge
    Unhappy

    Don't Bother

    Some (the majority) simply can't be educated, and will actively work round your measures to get to their perceived freebies.

    'Twas ever true. A professor talking to us trainees about workplace safety said something along the lines of "We have to face the fact that intelligent behavior is actually quite unusual."

    1. Steve the Cynic

      Re: Don't Bother

      Just goes to show what I say: Human beings are too stupid to be dumb animals...

      1. Tom 7

        Re: Don't Bother

        Evolution only works for those less stupid than a nanobe.

    2. Stratman

      Re: Don't Bother

      I've heard it as "Common sense isn't all that common"

  6. Anonymous Coward
    Anonymous Coward

    And for those of us

    who work for companies that send and receive a lot of parcels, some of them through DHL and UPS, what happens to our legit stuff?

    1. Smerty

      Re: And for those of us

      Then you will be able to recognise the genuine emails from UPS/DHL/FedEx etc (hopefully).

      I have received a few of these dodgy emails purportedly from FedEx saying my DHL delivery has been held.

      Still waiting from the email from FedEx with the UPS email address about my DHL delivery though...

  7. Anonymous John

    Not just spear phishing.

    Phishing in general.

  8. adnim

    The taxman

    doesn't have my email address. I think It was very nice and kind of him to go out of his way to find me by email.

    I am looking forward to my tax rebate.

    1. Kubla Cant

      Re: The taxman

      The thing that puzzles me is how they manage to send the money in a Zip file. Don't the notes get all creased when they compress them?

      1. TeeCee Gold badge
        Coat

        Re: The taxman

        It doesn't matter. You decompress them, removing the creases, before using them anyway.

  9. Anonymous Coward
    Anonymous Coward

    note to users

    When you do get something that you think (and normally is obviously SPAM) might be SPAM DON'T SEND THE FECKING email to the IT department with a "do you think this is SPAM?" appended to the email WE'RE NOT INTERESTED!

    1. Anonymous Coward 15
      Devil

      Yes, it is,

      and so is that stuff between your ears.

    2. SuperTim

      Re: note to users

      our IT department has an address we are supposed to send spam to. I suspect it is the digital equivalent of a waste paper basket. Still, our corporate spam filter appears to keep much of the crap out.

      1. Fatman

        Re: note to users...supposed to send spam to...a waste paper basket.

        For us, not quite. Those malicious links are "harvested" and fed into out DNS blacklist.

        Nice when you run your own DNS servers. Don't want people going to Failbook, blacklist it.

  10. Anonymous Coward
    Anonymous Coward

    No Genuine Offer of Cash *ever* Arrives, unexpected, by e-mail

    Right, now everybody knows that, we can move on to genuine offers of love.

  11. Anonymous Coward
    Anonymous Coward

    Also hotel bookings...

    In the past couple of months I've received a lot of bogus booking.com hotel and flights bookings bearing trojans. The AV-detection has been about 24 hours behind the mailings, so they don't get caught.

    The latest ones in the past few days are fake Facebook notifications:

    "

    Greetings,

    One of Your Friends added a new photo with you to the album.

    You are receiving this email because you've been listed as a close friend.

    View photo with you in the attachment

    "

    and has as an attachment a .ZIP of a "blahblahblah.gif.exe" trojan

  12. We're all in it together
    Thumb Up

    Makes a change from the Nigerian rubbish

    I'd have thought with all the security alerts from the various banks I don't have accounts with I would be owed a rebate. Mind you the dodgy email is no worse than when you're called by working family tax credits each year and they promptly ask for all your details including NI number and postcode. I thought we' re not supposed to give out details over the phone. The last time I challenged them the woman got quite stroppy and told me to dial 1471. When I rang it turns out the number they use is incoming barred.

  13. Anonymous Coward
    Anonymous Coward

    Not having a facebook account helps

    It means I don't have to check out any of the people who apparently want to be my friend there.

  14. Anonymous Coward
    Anonymous Coward

    Bogus invitation to download and run Trusteer Rapport

    This is a clever take... received today an email as below. Link is apparently straight to an .exe file on a server (with a .fr domain)

    "

    Dear Valued Internet Banking User,

    Your internet banking account is valuable to fraudsters. That's why criminals are always looking for new ways to get your online banking details and penetrate your account. Anti-virus and firewalls can't always detect the latest attacks, leaving you vulnerable.

    To protect you against online fraud, please take a moment to download Rapport - dedicated online banking security software from the experts at Trusteer. It only takes a few minutes to download and install, and there's no need to restart your computer. Rapport will:

    * Shield your online bank account from prying eyes

    * Safeguard your online banking identity

    * Protect your internet banking login details

    * Help our fraud team stop malicious attempts against you

    Please click on the "Download Now" link below :

    [[Download Now]]

    Thanks,

    Internet Banking."

This topic is closed for new posts.

Other stories you might like