Oh, my God! Some BBC reporters got a phishing email with their home addresses within them! Stoke the fearfest. Then watch as other Chicken Littles join in and proclaim that this “new” way of delivering ransomware is endangering us all.
Please. Get a grip.
The payload, Maktub Locker, is new, but the ways it can infect you date to the days of AOL email addresses.
You have to do some fundamentally stupid things to get infected by Maktub Locker. Let’s go over the basics, shall we?
First, just because you get an email that contains your real address, or some other personal data, doesn’t mean the contents are real. Phishing attacks have been using personal details, including home addresses, for at least a decade.
It doesn’t take a rocket scientist, or much of a security hacker, to find your home address. Every other week, there’s a new data breach — the Office of Personnel Management and Scottrade are memorable ones from the past, but next week it will be some other large agency or company. Any of those breaches could release sensitive information about you to the world. That means your address is out there. But it’s not worth much. Phishers can easily and cheaply buy your personal information off the Darknet.
Another thing to keep in mind is that there are overwhelming odds that you would have to be running Windows for the malware to pose any sort of threat to you. Sure, it’s possible to hack Linux and Mac OS X, but the vast majority of attacks are almost always on Windows PCs. That’s not because Windows users are dumber than Linux and Mac users (well, I’m not going to say that, anyway); it’s just that there are a whole lot more of them.
But let’s say that you are running Windows. That hardly means you’re doomed. For the malware to get a toehold, you need to open a Windows format file — from a stranger. And why would you do that? Opening a Windows format file sent by someone you don’t know has been a mug’s move since the late ’90s, when Word macro Trojans, such as Melissa, were the last word in malware attacks.
Let me remind you of some security commandments that many of you seem to have forgotten:
1) Thou shall not trust messages from strangers.
2) Thou shall not fool around with anything remotely dangerous on a Windows PC.
3) Thou shalt never open an attachment from a stranger.
4) Thou shalt never, ever open a Windows-specific file from a stranger. Or from your mother, for that matter.
Sign up for CIO Asia eNewsletters.