How long is it since Microsoft have sent messages in anything other than plain text? And with attached files? You guessed it, faking the name of the sender is just another cunning device used by the virus to trick the user.
Any strong security policy cannot ignore the need for user awareness. Even firewalls and content filtering cannot always guarantee total security against the kind of 'social engineering' used by worms like Playh. If security is to be a reality, training users to be aware must be on the agenda of all administrators. This will mitigate, to a large extent, the hidden risks of such apparently innocent e-mails.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.