Have you updated your awareness program lately?  A sample of the new email used to social engineer the new Zbot variance, crossed my desk recently and prompted me to wonder if  our security awareness had a variance to include this type of attack?  Do your users know that no one will send a password over clear text?  Do your users know the difference between plain text and encrypted text?

The tactic being used is skillful and easy to fall prey to.  Are your users "aware" of this method?

Dear Prey,

Your account has been deactivated for whatever reason and requires you to download and execute the following file.  The password for the file is 12345.

Thank you for your prompt attention to this Zbot social engineering email! 

Reputable Company

Mari Nichols

Handler on Duty