Getting an email from The Invisible Man — We Can’t Even Get The Basics Right!

Getting an email from The Invisible Man — We Can’t Even Get The Basics Right!

With all this talk about advanced ransomware threats and patching systems, it is easy to forget about the basic things. When a spamming email gets through a filtering system by just converting text strings to Base-64, you really must worry if we are forgetting about the basics of computer security.

Introduction

Go admit it … email is terrible and has not advanced much from the 1980s! We cannot guarantee either the security of our email (that someone else hasn’t read it) and that it really did come from the actual sender.

With spear phishing email being one of the greatest risks just now, you really must worry that it is relatively easy for cyber criminals to trick systems and users, and that we are not even getting basics right.

When the invisible man emails you …

Recently I received an email from an invisible man, and where there was no recipient when I replied:

When I look at the source code (and try and reply, there’s no recipient):

In the subject field they have tricked the system in using Base-64, and where:

=?UTF-8?B?SW52b2ljZSAwMDAwMDE5MSBmcm9tICA=?=

is the same as [try]:

I really scratch my head at how poor our email system is! If you’re interested, here is what the Invisible Man wants me to open:

and which has a Word macro to infect my system!