Hello and welcome to the Monday, December 19th, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

This weekend, we had a diary by Guy about a malicious email impersonating HSBC.

The email, oddly enough, used an authentic HSBC phone number,

but it was a phone number in Luxembourg. Now, Guy is in Canada, doubt that was used

of the target, the particular geography, maybe that they try to use a legitimate phone number,

but one that people are unlikely going to call.

But the goal here is not to trick users into logging into a fishing website. Instead, the user is

supposed to open the enclosed attachment, which then of course turns into malware as Guy find out an info stealer.

So that's probably how your credentials are going to get lost, not via fishing.

Guy is demonstrating a quick walkthrough in how to decode and quickly analyze the file with CyberShef.

It's one of those, well, arrives as a zip file.

When you unpack it, it then becomes one file with double extensions in order to confuse

the user and maybe some automated tools a little bit about what the type of the file is.

And then we got more end-to-end encryption news from cloud services.

Google now announced that it will keep email bodies and attachments encrypted in its server.

For now, the feature will be enabled in beta versions for Google Workspace customers.

So that's when you actually pay for Gmail. Not sure if this will eventually

trickle down to sort of the free accounts, but of course it may also hurt somewhat of the

target advertisement and such that Google typically uses to monetize the free Gmail accounts.

If your account is eligible, so you have basically the right

type of account, then the administrator can request access before January 20th. And again,

...