Links and attachments in emails continue to be a major threat to enterprise users. These missives are usually capable of bypassing most antivirus or antispyware systems. Criminals hide behind the anonymity of email and send several thousand emails at a very low cost. They expect that even if a small percentage of their intended victims respond, their financial rewards will be quite large.
With electronic ordering and billing becoming more common, sophisticated email scams are on the rise. Recently I received an email asking me to verify my order over $900. There was no attachment. There were no obvious grammatical or spelling errors. And there was a helpful, tempting link for me to click.
When I hovered my mouse over the link, I could see that the actual destination was different from the claimed destination in the link. It was a new type of ruse -- quite cleverly prepared.
Though I knew this was a ruse, and surely I'm no naïve end user, the email still caused me to go through several emotions in rapid succession -- disbelief, desire to verify, curiosity, desire to rectify the situation, shock, and anger. These are precisely the kinds of reactions that the creators of the ruse had planned to get me to click on the link!
