My father opened up an email and clicked on a link in it that was to “msnbc.msn.com-report3.us/finance/” and now it is forwarding to every single contact on his list, I’m at a loss right now. Please help? Sorry if this is not an appropriate place to ask this.
He’s got a malware infection. Take off and nuke the PC from orbit. Only way to be sure.
Seriously, you could try downloading some AV and detecting and cleaning it, but depending on what got installed, it could leave hooks in there for good. So you should clean it off immediately just to keep it from spreading itself more, then consider reinstalling the OS, installing some decent AV, then restoring any old documents from backup. Even Windows Defender is better than nothing.
Oh, and switch him to Firefox and use NoScript
So this is not something lingering in his email that could just be triggered by opening the email and it doesn’t have access to his email account? He opened it on his work computer, so he’s just gonna give it to the IT.
It’s likely the infection point was a drive-by download on the site he visited. Having the malware payload attached to the email itself is possible, but it’s not as common, and when it is, it’s usually a straight up trojan executable.
Whatever got on the machine could potentially have gotten full control though, so even if it’s not necessarily the message itself that’s the problem, the malware on the machine could have any amount of access to email and more, such as any passwords typed while the malware was active.
Well, I had him change the password from our home computer, so after he gets IT to clean up the computer, he should be good, right?
Probably. I’d at least change the most sensitive passwords anyway just to be sure.
Thanks a ton, my parents were FREAKING out. The problem is that his contacts list is HUGE and at least one person has already opened it.
I dont know why people fall for this
I mean usual email spam is like ridiculously easy to spot… I guess if you dont know that the sender email can actually be fake you could be tricked
never click links, never open attachment unless you really know what it is
but I know even those spam emails that you get from friends email account and the phrasing is so obvious and weird to me that I spot it immediately
fishing emails, I can understand if you’re not familiar with them, but its 2012…
Yeah, the same thing had happened to the person who sent it to him. The address looked legit to him, and it brought him to an actual article, and he got the email from someone he was waiting to hear from.
Sender: Microsoft
Subject: Is your e-mail account safe?
Do not open that sort of thing. Microsoft doesn’t just send out mails like that ^^
So many fall for obvious ones like that. Sender names are very easy to create
If it’s really microsoft, paypal, or legit company, they’ll have their truly own site as mail server like @microsoft.com.
Seriously, for first step change to gmail. The filter is good.
Vigilance is all well and good, but I myself am probably a late evening and a drink away from falling for a phish someday, at least the first click, which may be all it needs. I heard the same thing in a keynote address from a security researcher, and I don’t think you and I are necessarily any better than him. It turns out that moral disapprobation of the target’s gullibility has, over the ages, never really been a very effective security policy.
Have you ever had your account frozen by PayPal? The mails they send out look exactly like phishing, down to phrases like “verify your account”. There’s a reason phishers have had so much success with their phrasing.
One of my banks never sends links in their emails. Another one “helpfully” includes things like “click here to connect to online banking”. Sigh…
Nop, if it contains any keylogges it just reads the new password.
Not that it matters, it probably has root acces anyways.
If i was you i would change all passwords (known and entered on the infected computer) on another computer (email, forums etc).
After that, dont use the infected computer untill its cleaned.
Well especially with Paypal everybody knows that there are so many phishing emails
so IF you are really concerned, log into paypal, but dont click links
at the very least hover over the link and look at the ACTUAL url, possible in thunderbird
it may say www.paypal.com/DontLoseAllYourMoney but the actual url is www.HotBeachBitchesWithKeyloggers.com
I do anti-spam for a living, and for years it was with an emphasis on phishing, so I’m perfectly aware of how to be safe. Still it remains that a lot of financial institutions don’t seem to know or care about best practices like not including direct links to online banking in their emails. Or the case of PayPal, who actually does scrupulously use DKIM, yet doesn’t pay too much attention to how suspicious the actual content often is.
For paypal I always go to the site directly.
@cero
Maybe it’s not http://www.paypal.com/DontLoseAllYourMoney exactly but has little spin like paypall.com/xxx or paypal.com.us/xxx since paypal.com is legit right?
That’s why we need to hover the link first, FF and chrome can spot it.
yeah if its like a short url/acronym you could miss it like “paypal.com” but its referring to “paypal.ytmnd.com”
Also, I guess you guys also get the spam mails which are like “Hey I’m from China, and I have $47385624856, I need you to move it for me” or whatever
those never have links - what do they hope to accomplish ? What IF I reply ? 