                                        
                                   * * * * *
                                        
                     There just aren't enough clue-by-fours
                                        
> In this paper I present an analysis of 1,976 unsolicited answers received
> from the targets of a malicious email campaign, who were mostly unaware
> that they were not contacting the real sender of the malicious messages. I
> received the messages because the spammers, whom I had described previously
> on my blog, decided to take revenge by putting my email address in the
> ‘reply-to’ field of a malicious email campaign. Many of the victims were
> unaware that the message they had received was fake and contained malware.
> Some even asked me to resend the malware as it had been blocked by their
> anti-virus product. I have read those 1,976 messages, analysed and
> classified victims’ answers, and present them here.
> 
> …
> 
> 5. The fifth group is actually the most worrying. I call this group ‘MY
> ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention
> that their security product (mostly anti-virus) warned them against an
> infected file, but they wanted the file to be resent because they could not
> open it. The group consisted of 44 individuals (2.35%).
> 

Via inks [1], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware
attack — accidental study [2]”

Over a year ago, the Corporate Overlords of The Ft. Lauderdale Office of The
Corporation started sending us phishing emails [3] in order to “train us” to
recognize scams. Pretty much all it did for me was to treat all emails from
our Corporate Overlords asking for information as a phishing attempt (it's
also made easier as each phishing email has a specific header designating it
as such to ensure they get through their own spam firewall—I am not making
this up). And I was upset over the practice as I felt our Corporate Overlords
did not trust their employees and felt they had to treat us as children (the
managed laptops [4] don't help either).

But reading this report is eye opening. Over 2% requested the malware be sent
again! Over 11% complained that the “attachment” did not work (they were
infected) and another 14% asked where was the “attachment”—what? 

I … this … um … what? 

I should not be surprised. I mean, someone has to fall for the scams [5] else
the scammers wouldn't waste their time. The scary bit is that this validates
what our Corporate Overlords are doing.

Sigh.

But Bunny will find the following response group amusing:

> 10. One of the biggest surprises were 31 members of group number 10 (1.66%)
> who spent time pointing out all the spelling errors and typos made in the
> original message. I call this group “I'M A GRAMMAR NAZI”.
> 

Via inks [6], “Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware
attack — accidental study [7]”

Heh.

[1] https://inks.tedunangst.com/l/4538
[2] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-
[3] https://en.wikipedia.org/wiki/Phishing
[4] gopher://gopher.conman.org/0Phlog:2019/08/22.1
[5] https://www.419eater.com/
[6] https://inks.tedunangst.com/l/4538
[7] https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-2000-

Email Sean Conner at sean@conman.org

.