954-434-1968 brian@brianhaines.com

These days computer users have to think suspiciously to avoid infecting their computers. Especially if you use Social Media sites like Facebook. Even if you take precautions on Facebook by only “Friending” people you know personally anyone of your friends can make an unscrupulous connection which can help hackers socially engineer an email message that you might click on if you are not paying attention.

The image above was in my Inbox this afternoon. John Roy is an old friend from childhood and it is perfectly plausible that he might send me an email with the message “you might find this interesting” with a link. Okay, this really isn’t likely because people that I am connected to on Facebook are more likely to share something on Facebook. It is one of the things I like about Facebook – people can stay in touch without having to do so through individual or mass email messages.

Be that as it may, this is still a very common scenario for most computer users. A friend sends a message and asks them to check out a link. Let’s have a look at this message a little further…

screenshot-2016-09-22-13-15

Now there are a few things that are notably wrong with this email. It looks like the link is trying to peak my interest by using my name and the word news in a way that might make me think that my name was in the news. That fact alone might be alarming enough to make me want to click it to find out what it is all about. Look closely, though. The domain name is very strange and ends with .ru

Think of some of the local news sites you might be familiar with. Does lp6a-news3813f-ru  look like anything that your known news outlets use? No, I didn’t think so. According to GoDaddy “The .ru country-code top-level domain name (ccTLD) is an extension that represents Russia.” How likely is it that my name would somehow be in a Russian News Story?

Let’s turn now to the email address for my Friend John Roy – john.roy262@telus.net. Is that my friend’s email address? Most of my friends have Gmail, AOL, Yahoo or ATT even Comcast email accounts. Not @telus.net.

It is not random that the email came from a name that I know. It was socially engineered that way. Someone very likely put together the connection from Facebook. Anybody at all that is friends with me or friends with John are able to see who the person’s friends are. That is a good feature of Facebook as it helps us to find and make connections with people we may know.

In the case of this email, it is being exploited. I was sent an email with a link that likely would infect my computer if clicked and the email was seemingly sent from someone I know so that I might not be suspicious.

Be careful out there. If you think you clicked something like this and potentially infected your computer, do seek out resources to help you be sure your computer isn’t infected. Take all computer infections seriously as they can lead to data loss or even identity theft.