Imaginary Friends or Foe?

I know it’s 2023. But no, “imaginary friends” emailing you are dangerous.

I’m not talking about “catfishing” or “to catch a predator” and I’m definitely NOT talking about social media friends, influencer following, or bumping up your social’s followers here–although those are all valid “imaginary friends”. I’m pointing out the “old school” phishing scam emails where this invisible new digital friend wants to give you their fortune because you’re such a good person, befriends you, but in reality is asking for all your bank account info and any other items of value. Even better, you’ve gotten the “isn’t it oh so obvious your friend’s email has been hacked or spoofed” email and yet, you click the email to read it. (BTW it’s suspicious so why – why do you click the link? just delete it.)

PROTIP: If you use email message preview that usually gives you some hints it’s not a good email and you can delete it quicker.

Ahhh, but here you are 2023- you’ve clicked and automatically downloaded the morsel (worm, virus, etc.) your new friend has given you – it’s too late, right? Probably. Usually my “foe free” advice falls on deaf ears for any number of valid or invalid reasons. So yes, now you make a go for it – just throw your phone away, start that new Apple ID, and reorder all your credit cards … makes total sense.

I’ve firsthand reviewed or fixed so many work outlook, hotmail accounts, and laptops on this one thing alone. At least once a week the commanding language is the norm: “Change your password! Don’t click that! Don’t open that odd attachment!– yawn. With the built in junk mail problems too, I know several people that simply avoid email. But avoiding email at work, doesn’t work. (Well, maybe it does for some, but that’s another topic can of worms!)

I’m not pointing fingers here, just typing the truth, but the yearbook award of “most likely to succeed” goes to the C-suites opening up suspicious email and macro enabling those Word documents that set “fire” to the company email and servers. Subsequently, email servers can be down for days!? I’ve unplugged and disconnected infected machines, but then there’s the cloud/third party email – sigh, good times.

If it’s too late, you need an “IT Superhero” to save the day. If you’re being preventative as a business, you need a plan. This includes a security policy updated yearly, annual review/assessment, and ongoing EndUser training.

Lessons Learned and Still Too Many Stories to Tell.

Internet imaginary friends are not fun! You don’t want your own story to tell or yet another bamboozled account. Albeit everyone can share a similar woeful story of this email foe, your new digital “imaginary friend” you met from a phishing email will steer you wrong in reality.

Here’s some golden friendly advice, I’ll leave you with:

  1. FTCHow to Recognize, Avoid Phishing Scams, and What To Do
  2. SANS Security Awareness Training – Phishing
  3. IT Crowd” clip.

+ | shew |

Cyber Defense Q & A

Meet James Shewmaker. James Shewmaker is the founder of and principal consultant at Bluenotch Corporation in Long Beach, California, which provides customized security services focusing on investigations, penetration testing, and analysis.

James authored and maintains the post-exploitation content in the SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking course. Before becoming a SANS Certified Instructor in 2009, his creative technical work led him on many adventures, including “The Great Translator Invasion of 2003.” Read more at: https://cyber-defense.sans.org/blog/2018/10/22/shewmaker

James Shewmaker of Bluenotch Corporation.

Find me @jimshew

Instructor for SANS courses https://www.sans.org/instructors/james-shewmaker