This week’s scam involves cybercriminals sending an email that resembles a payment invoice, urging immediate action.
Scammers always look for ways to get you to make impulsive decisions. They usually scare or alarm you so that you react without thinking. In this week’s scam, cybercriminals send you an email with many urgent-sounding words that are designed to grab your attention immediately. The email looks like a payment invoice and contains an Excel attachment. It mentions that the attached forms need to be processed “as soon as possible” and that “penalties” will result from any payment delays.
If you open the attached Excel file, you’ll be presented with a pop-up window that instructs you to “Enable Editing” by clicking a button. If you click the button, the malware will begin installing on your computer. This particular malware is highly advanced. Once installed on your computer, it can steal user credentials and other personal information. The malware is designed to avoid being detected by your antivirus software. Once it has made its way onto your computer, it is very difficult to remove it.
Follow these tips to avoid falling victim to a malware phishing scam:
- Be cautious of emails that create a sense of urgency or fear. Phrases like “as soon as possible,” “penalties,” and other alarming language are common tactics used by scammers.
- Never select “Enable Editing” or “Enable Content” on attachments from untrusted or unexpected sources. Selecting either of these options is a common way for malware to be installed.
- Verify the legitimacy of any invoice or payment request by directly contacting the company using known contact information.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.