Last Updated on January 19, 2020 by Christopher G Mendla
I received an email that appeared to be a response to a craigslist posting I made. The email said to open the Word document with the supplied password for the contact information. As soon as I saw that I pictured the goofy robot with it’s arms flailing saying “Danger Will Robinson. DANGER, DANGER”, or the weird fish guy saying “It’s a trap!!”. Here is how to identify these traps.
There were a number of obvious clues that this was not a legitimate email.
- Why would anyone put their contact information in a password protected document?
- The wording of the email was not that of a native English speaker.
- The body of the email was not text, it was an image. This helps the email evade anti malware tools that protect your email.
If a document is encrypted virus scanners cannot determine that it carries malware because they cannot read the contents until it is decrypted.
NEVER enter a password given for a password protected MS Office document or PDF file unless you are absolutely sure of the identity of the sender. Opening such a file could allow it to execute malicious code.
In order to infect a user, the following has to happen:
- The receiver needs to try to open the attached .doc file with Microsoft word
- The receiver needs to enter the correct password
- Macros must be enabled in Word.
I don’t use Word on my Windows 10 laptop, I use Libre Office. Even so, I would be leery of opening the document. I switched to a Ubuntu (linux) machine and opened it there. A message pops up telling you to enable macros to view the document.
This is how the body of the email appeared.
This Post has some technical details about the malware trap