Phishing campaigns get more effective the more closely they can imitate a trusted source. Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect.
Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.
To lure victims into infecting themselves, the Phishing campaign's contact emails are all designed to appear as a payment report from a legitimate trusted source, which contains an attached Microsoft Excel document. It is conveniently included for the recipient's review. Naturally, anyone opening the attached document dooms themselves, as it is poisoned and contains scripts designed to install malicious payloads in the background.
Phishing campaigns remain one of the most popular infection methods in the hacking world. They tend to gravitate to those techniques that work and require relatively little in the way of effort.
Phishing fits that bill perfectly. It's usually a trivial matter to create an email that's virtually identical to one you might get from a trusted source, and hackers have been poisoning Microsoft Excel files since the earliest days of the internet.
As ever, the best defense against these types of attacks is vigilance and mindfulness. A quick phone call to the trusted source that supposedly sent you the email communication is almost always enough to verify whether it is real. Shockingly, few users take this step.
In a similar vein, clicking on embedded links in an email or downloading files should be done with a healthy dose of caution. That includes another phone call to the trusted source to be sure they did in fact send you something.
Unfortunately, that's a lot easier to teach than it is to implement, as employees don't have a good track record with either of those things.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
