I would think this would counter users into opening it…Most people dont really read the email and click the attachment. They see a password prompt and their brain melts.
Great point.
I would argue the opposite
I think the password adds a level of potential realism causing users to drop their guard
Bolding the password section and increasing the font size would probably help
In the email above it also spoofs internal emails, so it looks pretty legit. Most users at work are pretty good with these. Especially since I send out chronic emails about this stuff. Having those group policies in place I think helps battle these types of emails.
I launch phishing campaigns on a regular basis for work.
Usually we a buy a domain name similar to the company example ABCCORP-healthbenefits.com(thanks Obama) or secure-ABCCORP.com
Use all the company logos on the phishing site
Use the companies signature line in the email
Add a warning about being safe online
I also own quantumaupdates and efax-corp where I send fake UPS updates and eFaxs from
On the website usually add a malicious java applet/credential capturing then for fun add a help/goto assist(download this exe and run)
It’s funny the number of users we get who reply to the email asking for help because the Java applet won’t run or they get a popup.
Sometimes we combine this with calling from a spoofed phone number the company owns
grab ABCCORP-<CopierBrand> as well spoofing a scan to email. Works all the time.
Those big multi function printers are awesome for pentests a lot them integrate with AD and it makes it extremely easy to retrieve an account OR if they use 802.1x the port or printers MAC are usually exempt.
This has been my experience as well. Adding a minor complexity greatly enhances perception of security with an average end user.
We added content filtering in our email security setups for any encrypted files. It caught a ton of stuff over the past couple of days. We don’t get many incoming file attachments that are encrypted so it’s been fairly easy to sort thing out.
Your users sound a bit more savvy than mine. We can’t even get them to modify their own spam filters.
Our company got this on a few servers…a few times lol. idiots
^ if they fire anyone at the Buffalo office let me know lol, I wouldn’t mind going back in the non-factory side.
Maybe they should get some security consulting
Or maybe too many people have server access?
Well if a user gets it and has mapped drives which every company uses…
I don’t think he meant actual servers as much as the file share
Ah ok…I thought people were using the servers as personal computers…
Sent from my XT1060 using Tapatalk
You don’t surf porn while on the server? It’s in a safe room, no better privacy and the air cooling keeps you comfortable. LOL
Yeah, my buddy has dealt with 2-3 file servers being fubar by crypto…through the drive maps.
Well only when I’m logged in as a domain admin. Those GPOs are working well for me…too well actually.
Sent from my XT1060 using Tapatalk
You silly people using your domain admin accounts all the time.
They are just trying to make your job easier. 
How else can I install iTunes?
Sent from my XT1060 using Tapatalk