How Could People Be So Stupid In 2022;
Or, A Newbie Goes Online Every Minute (fresh meat)

It was with a certain amount of incredulity when I read the news in September 2022 that a new strain of ransomware was spreading via a ZIP file that disguises itself as a Windows 10 Update.  I mean seriously, folks.  Who would open a ZIP file that purports to be a Windows Update?  Who would, indeed!?  A whole bunch of Newbies, ripe for the taking.  That's who.

Hackers literally bank on users being too stupid and uninformed to manage their own computer security.  Conventional wisdom says that any update must be installed.  Ipso, facto, if an update is pushed at me, then I must click on it to install the update.  Or, so goes the thinking of the digitally ignorant.

These attackers bet that the hapless newbie does not know what a ZIP file even is.  To define what is a ZIP file, let's consult the Oracle, Wikipedia.  "ZIP is an archive file format that supports lossless data compression.  A ZIP file may contain one or more files or directories that may have been compressed."  So a ZIP file is a perfectly fine place to hide one or more hand grenades to blow up your computer. 

What I find very frustrating is that these attacks are easily thwarted by just a modicum of knowledge about how networks and computing in general works.  No one goes on a journey to a strange piece of geography without a map.  (Unless they enjoy getting lost.)  Likewise, one should always look at the map beforehand and evaluative the direction that map will take you, whether on an actual highway, or when traveling upon the Information Superhighway.  And your Digital Roadmap is the Uniform Resource Locator (URL) that will clearly tell you where you are headed on your trip if you would ONLY TAKE THE TIME TO READ THE GOD DAMN MAP!!!!!

Within, and because of, my never-ending research into how malware affects users in the real world, I saw this coming.  More to the point, it's always been here.  I posted an article July 7, 2022, entitled "The anatomy of an address There is more than what meets the eye."  The problem my clients have with me, is that, besides me being 98% right on the subject of malware over the last 20 years, there still exists a high degree of "There he goes again.  That's just Gerry being Gerry."  That's right.  It's Gerry being Gerry: 6 to 12 months ahead of the curve concerning malware.  In fact, there are more people who read the Dispatches From the Front in Boardman, Oregon, and Council Bluffs, Iowa, than there are in Palos Verdes Peninsula, where invitations to my blog are sent via email.  What do they say about a Prophet In His Country?  Lord, Freakin knows, I have tried! 

But I digress...

The first clue that may reveal the fact that an email is an attack is the sender's ACTUAL email address.  In web email applications like Google Gmail, Yahoo Mail, etc. simply mouse over the email message and, in a second or two, the full address of the sender will be made visible.  The example below is using Gmail.

Well, we can't see the complete email address yet, but that username sure doesn't seem like a real person.  So, to get a full view of this sender's email address using Gmail, we click Open Detailed View.

In Detailed View, we can ascertain the complete email address of our sender.  Clearly, "something whatever@ somethinghomes.com" has nothing to do with my or anyone else's Medicare.  I can happily delete this POS.

But, you might say, "I am a 21^st Century Titan of Industry.  I don't play with toys and other freebie dreck.  I use Outlook as my email client, like any real man would."  Well, I hear ya.  So just keep boogie-woogieing down this path.  You will soon cop to the notion that Outlook can easily free you from the ever tightening grip of the ever growing paranoia wrought by the deluge of evermore malware laden emails.  But it ain't no fun.  Ain't got no pretty pictures, no sir.

But it ain't got no FUD, either.