Curiouser and Curiouser - Odd Letter Showing Up At State And Local Government Agencies
By: Jim Stickley and Tina Davis
September 15, 2018
Yes, we harp on the whole phishing thing here. It’s very pervasive, so we really want you to know what to look for so you can avoid being lured in by some phisher’s hook. This is a reminder that phishing doesn’t only come in email messages. In fact, some state and local government agencies recently reported receiving some strange letters in the regular old U.S. Postal mail. Receiving the letters isn’t what is so odd. It’s what is inside the envelopes with the letters that is causing the eyebrow raising.
Brian Krebs reported on his blog Krebs on Security that a non-public alert was sent to various agencies by the Multi-State Information Sharing and Analysis Center (MS-ISAC). It warned of this envelope with a Chinese postmark that also includes a CD. Yes, you did indeed read that correctly. Not a more modern USB stick that people seem to love inserting into their computers, even if they find them on park benches; but a CD. The letter accompanying it also included a “confusingly worded typed letter with occasional Chinese characters.”
If you are not expecting to receive a letter with unclear English writing that includes a CD, don’t put that thing into your computer. In fact, it’s so strange these days because many of us have laptops or other devices that don’t even have a CD drive. However, government computers often still do have these, and those organizations appear to be the target here.
On the CD were some Microsoft Word files. MS-ISAC said that so far, State Archives, a State Department of Cultural Affairs, and State Historical Societies have received this strange item. No one has confirmed if anyone did put that CD into a computer, but we sure hope not.
In any case, this is yet another way phishing can happen. Always be on the lookout for such clues. If you didn’t ask for it, don’t execute it or put it into the computer. That’s just asking for trouble.