Recently, there's been a new virus called "Locky" that comes in Word files. When opened, they contain a macro that sets the virus free on your computer; it then encrypts your files, and you are supposed to pay money (probably a lot of it) to get the key to decrypt your data again. Ransomware like that has been around for a while, but "Locky" spread quite furiously, since it took a while for antivirus software to be able to detect it.
(So - don't open word files that come from sources you don't know. And make sure your word security settings regarding macros are set to "high". That is the default setting; if you're not sure, here are instructions on how to change macro security settings.)
Everyone, though, should know by now that opening email attachments from unknown sources, especially if they are not a .pdf, is a bad idea. What I personally find really disturbing is not the stable-ish number of sketchy attachments arriving in my inbox, however. It's the quality of the most recent phishing emails that I've been getting.
Just this morning, I got a "payment confirmation" from "Paypal". Which told me that I have successfully transferred money for a one-month membership to a porn site. Helloooo? What?
The mail looks almost exactly like legit payment confirmations from Paypal. It uses the original images from the PP server, and layout and design are very similar.
The differences are very subtle: there's a reference number in the top right corner that looks like a link but is not (it is in the legit version). Same with the item description. In the mail I received, there was also a question mark in front of every number.
The scam is also missing the imprint data that PP includes at the end of the mails. The biggest (and most important) difference, however, is the inclusion of a nice, big, friendly button to cancel the payment.
Here's how the lower part of a legit payment confirmation looks:
[caption id="attachment_2244" align="alignnone" width="650"]
This is only the bottom part of a legit payment confirmation, received just this morning (I had to buy postage). There's an invoice number just above the light grey line on the top of the picture, which I'm not showing due to privacy reasons.In comparison, this is how the scam/phishing email looks:
[caption id="attachment_2243" align="alignnone" width="651"]
You can see that the invoice number is missing. The "problems?" thing is in red, to make sure you see it... and then that nice, friendly, ohsohelpful button (which, you guessed it, will not lead to Paypal proper, but somewhere else).In case you get something like that, from Paypal or from any other banking/finances site (I received one about a credit card a while ago, if I remember correctly), take a deep breath, open your browser and go directly to Paypal or to your bank. Log in and check - you will find that nothing has actually happened on your account.
You can then report the scam - there's various ways to report various scams, but it's always a good idea to forward the scammy mail to the actual company that it is spoofing.
These scams have gotten much, much better over the course of the last few months, and they really do look a lot like official stuff. With so much of commerce and invoices going through the 'net these days, I guess that they are a very good strategy to making money by fraud. So please beware, double-check, and be safe. Have a backup or two. Never click links in sketchy emails, open dubious attachments, and don't believe everything a random email tells you.