Suppose you’re devising an security attack on the hospitality and restaurant industry meant to get unwary email recipients to click on an infected file, thus unleashing malware capable of stealing banking records. What do you think would be a good psychological pitch for you to use? [Dan Goodin, ArsTechnica]
One variation started with an e-mail threatening a lawsuit because a visitor got sick after eating at one of the company’s restaurants. To increase the chances the attached Microsoft Word document is opened, the attackers personally follow up with a phone call encouraging the recipient to open the booby-trapped file and click inside. The attacker calls back a half-hour later to check if the recipient has opened the document. The attacker immediately hangs up in the event the answer is yes.