How I got tricked into downloading a virus

Threats & Hacks

Here’s a story of how I got socially engineered. To be honest, this particular trick might not have worked so well with someone else, but that’s why social engineering is so effective. And I fell for it—hook, line and sinker.

Let me tell you what happened.

A couple of years ago my credit card information got stolen. I’m not sure how it happened, but I suspect it had to do with the time I gave my credit card to a waiter in a bar in Beijing. Just as I had handed it over, I realized it probably wasn’t a good idea to let the card out of my sight. But I did.

A few months later, someone bought airline tickets with my credit card. Thankfully it was easy enough for me to prove to the credit card company that I hadn’t bought the tickets or traveled to the destinations. So I got all my money back.

Another few months further on, I received an e-mail. The e-mail said that X amount of dollars for airline tickets had been charged to my credit card and to please see the bill attached. My first thought was “oh no, not again,” and without thinking, I clicked on the attachment.

And then my computer shut down.

Now all this happened before I started working for an IT security company, so I would like to think I wouldn’t fall for a similar scam now. 🙂 But it just goes to show how easy it is to get fooled.

I think a lot of us nowadays know to be suspicious of e-mail attachments, especially from strangers. But how likely are you to click on a PDF in a search result?

Our Lab recently found a really scary PDF that first appeared to be just that, but given a little time, it morphed to include a prompt to download a plugin which would have installed something nasty on your computer.

So what can we learn from this? As Jason wrote in his post, be careful what you click on.

Do you have a similar story to mine? Did you click on something you later regretted? Please share your experience with us. As you can see, you’re not alone!

Signing off,
Hetta

Image by szlea.

Rate this article

0 votes

4 Comments

A couple of years ago I was sitting in a bus and got a text message. My Nokia showed a new message and I wanted to press the read-button shown on the screen. At the exact same time, I got a bluetooth file sent to my phone, and the button functionality changed to accept that transfer. I didn’t have time to react to the change before it was too late… Luckily I was running F-Secure Mobile Security, as the received file was harmful.

Hi Eero!

Good to hear that our Mobile Security saved your mobile. I wasn’t as lucky with my PC and I had to ask for help to get it up and running again. Thankfully no information was lost.

We’ll be blogging about mobile phone security a little later in the spring. Thankfully there isn’t close to as much malware for mobile phones as there are for PCs, but unlike PCs, mobile phones are very likely to get lost or stolen. Many of us have very personal information on our phones (photos, special text messages) that we really don’t want to get into the wrong hands.

Cheers,
Hetta

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like