Reply to post: Re: emails contain poisoned Word documents

It is with a heavy heart that we must inform you hackers are targeting 'nuclear, defense, energy, financial' biz

Michael Wojcik Silver badge

Re: emails contain poisoned Word documents

What about the macro enabled *.xlam, *.xlsm, *.xltm

Or the old "encrypted zip archive with the password in the message body" dodge, well-loved by people bypassing email filtering for less-malicious (if still often foolish) purposes.

The whole point of spearphishing is to run a con on a specific target. Anyone who's studied that sort of confidence game knows that various counter-intuitive factors actually tend to improve the success rate. One is asking the victim to help initially, rather than offering a reward - victims who do so tend to fall prey to a version of the sunk costs fallacy, or a related one of acquired responsibility. Another is making it slightly more difficult for the victim to participate in the con (e.g. by having to open a password-protected zip file) - another version of the sunk-costs trap.

That's not to say that there's no value in filtering many of the file patterns associated with unsafe formats. Defense in depth.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019