Here’s a story of how I got socially engineered. To be honest, this particular trick might not have worked so well with someone else, but that’s why social engineering is so effective. And I fell for it—hook, line and sinker.
Let me tell you what happened.
A couple of years ago my credit card information got stolen. I’m not sure how it happened, but I suspect it had to do with the time I gave my credit card to a waiter in a bar in Beijing. Just as I had handed it over, I realized it probably wasn’t a good idea to let the card out of my sight. But I did.
A few months later, someone bought airline tickets with my credit card. Thankfully it was easy enough for me to prove to the credit card company that I hadn’t bought the tickets or traveled to the destinations. So I got all my money back.
Another few months further on, I received an e-mail. The e-mail said that X amount of dollars for airline tickets had been charged to my credit card and to please see the bill attached. My first thought was “oh no, not again,” and without thinking, I clicked on the attachment.
And then my computer shut down.
Now all this happened before I started working for an IT security company, so I would like to think I wouldn’t fall for a similar scam now. 🙂 But it just goes to show how easy it is to get fooled.
I think a lot of us nowadays know to be suspicious of e-mail attachments, especially from strangers. But how likely are you to click on a PDF in a search result?
Our Lab recently found a really scary PDF that first appeared to be just that, but given a little time, it morphed to include a prompt to download a plugin which would have installed something nasty on your computer.
So what can we learn from this? As Jason wrote in his post, be careful what you click on.
Do you have a similar story to mine? Did you click on something you later regretted? Please share your experience with us. As you can see, you’re not alone!
Image by szlea.
In less than two months, the world has seen the two biggest ransomware outbreaks ever…
July 7, 2017
UPDATE: For the latest on Petya, check this F-Secure Labs post. Are we still calling…
June 28, 2017