Curiosity Killed the Network

Chris Hannan (Sep, 2019)

We have all gotten the email that the $200 item you ordered is on its way and there is an attachment with the invoice. The problem is that you never ordered a $200 item. Your first reaction is to click on the attached invoice to find out what this is all about.

Curiosity is what hackers thrive on. Whether it is an item you never purchased or long lost money, they prey on human nature. As humans, if there is a problem or issue, we just have to investigate it. That investigation comes at a price if the person on the other end has bad intentions.

With Ransomware and identity theft exceeding the billion-dollar mark annually, the world of hacking is now on the front burner of theft around the world. Hackers do everything in their power to get your money, using whatever means necessary, including curiosity. Perfect examples of this are found daily in the news. A company or organization suddenly goes offline, and reports that their outage was a result of Ransomware. What is Ransomware? It is where hackers encrypt all of a company’s data, then tell them to send payment in order to get it unencrypted. The payments have to be made in Bitcoin (so it cannot be traced). In the meantime, the company is completely shut down, losing money and productivity. The ransom can either be paid (which is not easy to do and everything may not be decrypted so the hackers can get even more money), or your IT support can restore all your data (it may be days later before you are functional again). What is odd about this is that the affected company always says the attack happened either months or a year ago, begging the question of why is it being reported now and not contained back then.

So, back to the topic about curiosity as the answer to “why so long” is explained, with steps on how it is done. Hackers acquire a list of email addresses, then send out a legitimate looking email containing a very big potential problem, like the $200 example at the beginning of this article. The receiver of the email reads it noticing that it does not really look legit, but the human brain is wired to investigate. So the receiver ponders deleting it, but in the end, curiosity that the $200 charge is real makes the receiver decide to open the attachment. Voila, two randomly named files are written to the computer’s operating system without the user’s knowledge.

Anti-Virus software will not detect the newly added files because they are actually not an infection, they are just some code that sends information to remote servers somewhere in the world. They lie dormant for a random period of time (days, weeks, or months). The computer runs fine moving forward. The file names are random, so a company’s IT cannot find them and nothing is being destructive. This non-destructive behavior is created on purpose, as hackers do not want anyone to know about their invasive files and risk a call to an IT professional.

Months later that small bit of added code turns active, and information begins being sent to several computers around the world. Your computer’s Anti-Virus may detect it, or it may unfortunately be a new form of infection that none of the anti-viral software on the market will detect. So, to make a long story short, hackers go to work either executing the encryption, or worse yet getting access to the network, controlling the encryption, plus stealing data with your company going offline for however long it takes until the data is restored.

Now you see how curiosity plays a major role in a company’s electronic production, but it gets worse. Lately the new tactic by hackers is to take control of an organization’s email account. This is a very effective tactic as it forms a direct communication between the victim and the hacker. The process is much more formal, thus making it more effective.

Here is how it usually plays out. A hacker gets access to a person’s company email, and begins a dialog with several people on their contact list (this can all happen in minutes by the way). The first notification usually contains an attachment (ZIP or PDF file) asking the receiver to review the enclosed information. The receiver is curious as to why the sender is asking for their review and sends an email back asking for clarification. Since the hacker has access, they immediately reply with some sort of explanation. The receiver opens the attachment only to find that nothing happens. With that simple act, the whole infection is in full motion.

Eventually, the person whose email was compromised figures out something is wrong. Hopefully, the person reports it not only to their IT people, but also to all the people who received the infectious email. Unfortunately, this is not always the case, with some receivers of the scam never knowing what happened and new companies becoming infected.

To help alleviate this potential debacle, it is necessary to make everyone in a company aware how important it is not give into their curiosity. Yes, that email may very well be legit, but research it first if there is even the slightest doubt something seems amiss. Did you request information recently from this person? When was the last time you spoke to them? Check spelling, grammar, and look for clues that may present a red flag. Check the full email address to be sure it matches prior emails. Finally, when in doubt, DO NOT email them back. Instead, call them directly and wait for a response before moving forward. Even if it looks urgent in nature, wait and confirm it first. Call your IT support team and ask them to check it for a payload (old computers not connected to the Internet are used to test attachments).

If you do click on the link and something strange happens or nothing at all, turn off your computer immediately and call your IT team. DO NOT WAIT to turn it off, as it can spread very fast. Do not assume it is OK to keep working, even if you are working remotely from the office.

If you are the unfortunate one who had their email compromised, be sure to notify your customers immediately. Yes, it is embarrassing and awkward for your company, but it can be far worse if you lose business because you did not notify them. Also, if the breach is traced back to your company as the source of the infection, there could be potential legal ramifications. Cyber insurance is a necessity nowadays, providing protection against legal response to a distributed infection.  It is only a phone call away to your trusted insurance agent to get it.


The information reflected in this article was current at the time of publication.  This information will not be modified or updated for any subsequent tax law changes, if any.

Return To The Focus Front Page

I would like my DB&B tax advisor to
contact me regarding this topic.