Evil e-mail has your name and address!

Reports today are somewhat concerning. Below are two examples of evil e-mail that has been doing the rounds in the last day or so. The greeting addresses you by your first/given name and the file that is attached to the e-mail is called after your surname. The postal address shown IS also your address. I’ll bet if you got this e-mail, it would get your attention pretty fast.







Even though it is written in the scam-iest possible language with the bad spelling and poor English, because it is addressed direct to you, you are going to sit up and take notice. So much so, that you might be very tempted to open the attachment to see what other information this person has on you. You should know me by now – Just DON’T open the attachment on an e-mail from a stranger – delete the damned thing, as set out in Commandment 5.

If you did open it, it will ask for the password, which is specified in the evil e-mail:

evil e-mail asks for password

And after you enter that, it will want you to disable all of the security protections in Microsoft Word, so it can attempt to do it’s nasty work on your desktop/laptop:

evil e-mail asks to disable security

If you follow through and do what it asks you to do, you wont see any further information about you, you will see an “alternative fact” – It will tell you the file is corrupted and can’t be opened:

evil e-mail shows corrupted message

In fact this is a sign that the evil e-mail has done it’s worst and may be scrambling your files and locking you out of them. The payload can vary, depending on what the evil doers decide they want to achieve. Trust me on this, it will not be anything in your best interests.

So please, JUST DON’T do anything with the e-mail! Delete the damned thing and go on with your life.

The fact that they have your name and address, while concerning is maybe not terribly surprising. After all in 2016, there was at least 3.1 billion records reported as being leaked in various data breaches. So it is possible that your name, address and e-mail have made it into the hands of the criminals who are now trying to exploit the data in this nasty phishing scam.

Delete the e-mail and move on.

And let’s be careful out there.