A user received an email, allegedly from the Federal Treasury. Despite attending security awareness training, whereby she was instructed to never open attachments that were not expected, the user
- found the email in her Junk E-Mail folder,
- moved it to her inbox,
- saved the attached ZIP file,
- extracted its EXE(cutable) contents, and
- ran it…
infecting her PC with the Phoenix Exploit Kit.
The user works at a bank where she’s in charge of things like ACH transfers. Stupid.