You might have been phished by the gang that stole North Korea’s lousy rocket tech The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group. The warning came after the Democratic People’s Republic of Korea (DPRK aka North Korea) earlier this week tried and failed to launch a surveillance satellite. In their joint advisory, US …
Just because you can't see the need doesn't mean there isn't one.
In MS Office post-2003, Macros already need their own format that explicitly does contain a macro. So any normal DOCX is, by definition, not macro-enabled. Anything else should be treated with suspicion and can be easily automatically recognised and flagged as a potential attack vector.
This seems like the best solution, covering not just your use-case but also the rest of the world.
The attack method is kind of basic, but the rest of it isn't. They do a lot of research into their victims before they attempt to compromise them. They know a lot of information which can be used to convince them they're legitimate, and they do it to so many people that they have chances to practice.
I think we overestimate our own resistance to scams. We have technical knowledge to know about macros in Office documents, which is great, but it doesn't follow that we also have knowledge to detect scams in other areas in which we don't work. I've known people who were great at IT and did not understand finance or law, and if someone tried a scam that wasn't related to computers, they would be more likely to fall for it. It's not even limited to lack of knowledge, as successful manipulation of the victim's emotions can circumvent an otherwise skeptical person's brain. That includes both you and me, if the scammer is good enough at finding our weaknesses.
> the email address could be spoofed?
Impossible: The email headers contain the whole resume of the email, from the initial sender's IP address, through all the mail servers it went, up to your own mail server. It's part of the protocol, so there are no spoofed emails, only careless/gullible readers.
Now I have to admit almost all email clients do whatever they can to obfuscate this dangerous information so you worry your pretty little head about that ugly, complicated stuff, and just believe whatever the nice friendly sender says...
When that protocol was younger, it still contained all of that, but it didn't check any of it. I could open a connection to a mailserver, submit a message with any headers I liked, from any address I liked, with a long fake history if I pleased, and all that would be available afterward to try to track me down would be the IP address with which I connected to the first real server in the chain.
Nowadays, there are a lot of patches designed to prevent that from working, and most servers actually check those. However, it doesn't stop people from trying the old ways. I've run my own mailserver at times, although I don't now, and looking at what bots tried to do was instructive. Several types of attack were attempted, including many spoofed emails and some attempts to get my server to act as a relay for messages going to others. Fortunately, relay attempts were rejected and spoofed emails went to a separate mailbox for curiosity until I just sent them all to /dev/null. Still, not only can a mail client be manipulated to show an inaccurate source, headers can be spoofed if your server isn't careful.
I don't understand the "unless the source is verified" part. Even at work from work for work, I just _have_ to look at the code first. (It helps that I'm a big fan of the horror genre.) When at home I look at the code only out of curiosity, because I'm not running it no matter what it looks like.
So exactly the same rudimentary techniques I invented and implemented successfully 20+ years ago to infect and harvest millions of computers before collating them all into various groups of interest to then further analyse with a view to isolating those of interest.
Not much has changed it seems.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
