As reported by the BBC, a novel attempt to convince people to open malicious email attachments is spreading online, purporting to offer nude photos of a friend’s girlfriend. Instead of threatening to distribute stolen private images, this new attempt claims to have already “sextorted” the recipient’s friend, who refused to pay. It tells them it is now emailing nude photos to every contact of the supposed victim – and to check the attachment. Recipients who click on the attachment open a Word document with a blurred image that hints at possibly sexual content – and instructions on how to “enable content”. Doing so downloads a malicious application.
The lure into clicking malicious links will, without doubt, always evolve. This latest technique uses simple psychology to tempt targets into clicking before thinking. That lead time can be the difference between stopping the attack and having a disaster your hands.
Opening word documents sent from unsolicited recipients will of course sound dodgy to most, yet this use of psychology and the “what’s in the box” mentality will undoubtedly cause some to slip up and want to know what’s in the attachment.
Deleting the email and forgetting about it will suffice, but it is worth questioning why you would want to view it in the first place.