How do you react if you receive an email with subject “Your file has been uploaded”?

A spam campaign sending emails from an “Auto ImageService” with the subject “Your file has been uploaded” is making its round on the Internet.

The content of the email (see below) is very simple and advertises a link to a photo taken with a digital camera (DCIM stands for Digital Camera IMages) which was allegedly uploaded to some online image service.

And now to my question: How do you react if you see such an email in your Inbox ?

 

spam-upload-picture

 

I guess, most people would think: “What file? Oh, a photo? Hmm…”

And here it goes:

– You know that JPG is a photo. Do you have compromising photos on your computer ? Is it maybe one of those photos? Better quickly check it…Click.

Btw, if you are in this situation, you may want to check this article: Tips to secure your photos (including those with you naked)

– You don’t know that JPG is a photo. You react to “file uploaded” and you click.

 

Fortunately, at the moment when I checked this URL it was redirecting to a Russian website with online pharmacy.

However, the target website at the first level of redirect was an obfuscated Javascript file that was just redirecting to the final website (Russian).

Such websites might look at the first glance completely  safe, but don’t be so sure that they remain like this.

At any point in time this can change.

DO NOT CLICK! NEVER!

Just erase such emails.

Always have an antivirus software up and running. Ideally have a more complex solution with antispam and web filtering as well so that you have all attack vectors covered.

 


© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close