Bah-Humbug

Having been on a customer site all day, I returned home to scan my email.

Over half the emails were festive greetings, with all sorts of creative content: embedded images, attached animated images, links to sites with festive messages and attached files with seasonal offers.

What could possibly go wrong?

I hope everyone remembers their social engineering training, and deletes them all, without opening. Bah-Humbug.

https://www.flickr.com/photos/brizzlebornandbred/6225814173/in/photolist-4aG7ca-4aKYzy-4aLcU7-4aKWpC-4aG7SH-4aFVJP-4aL2CN-4aG1Rz-4aFWJg-4aL6zQ-4aG3ti-4aGc5M-4aKXkh-vdEdsG-4aG3ht-4aFXXX-4aKTys-4aFZCK-4aFRPM-4aFVdM-BSKQs9-ukmPr5-CMXL9j-CQgtYz-Co9gnY-BSKH9b-BSKHRU-CGY4Yx-BivHLf-BSKQaA-CEHHN3-CQgv7X-CQguSZ-CQguD2-CgLj3B-Co9mmW-CQgqTM-Co9hA9-CQgqdP-CEHCqu-BSSYLP-vfY7VR-qfXBCo-q1PVsn-q1Nn7K-od8bk9-aJMnbR-aYeTeX-b2dH1Z-au9VDF

Just in case the training was a long time ago and has been forgotten – if you are not expecting an email from someone, following links can be dangerous and opening the attachments can expose your PC to risk.

There are many people looking to exploit the festive good spirit by spreading some ransomware. Don’t be their next victim – I am sure you don’t want to spend the anticipated holiday exercising your incident management plan (you do have one don’t you?)

Now before you tell me, yes, my employer, Nexor did (hypocritically) send a festive email. Roll on the widespread implementation of active defence, blogged about by Dr Ian Levy of NCSC, so we can regain control of email, and legitimately use it to send season’s greetings – SAFELY.

In the meantime, have a Merry Christmas…