Today a buddy of mine sent me an copy of a e-mail that really looked like it came from me. Here is how convincing it was. It used my regular e-mail “from name”, and had some intelligent text in the body, and the kicker was it contained a couple of altered files in a zip file that had originally been downloaded from a site that I am on a lot. The person trying to social engineer this then spammed that e-mail to everyone on the website the file came from by gleaning their e-mails from a public list.
Talk about tricky, man these hackers are getting serious. The virus software caught the infected attachment thankfully but what if it had not. A little research on my part this morning figured out the e-mail came from a hijacked machine via a cable customer here in Hawaii.
I panicked a little as I was at work at the time, and thought maybe my personal machine got hacked at home, I called my spouse and she checked the IP for me which did not match the header details of the offending e-mail. I followed up with the cable company and as of this afternoon the offending computer is off the network.
That folks is some serious attempts at social engineering. The only thing that stopped the people in that group from being infected was the anti-virus protection. So keep your eyes peeled folks.