We're now seeing the downside to all the data breaches we've been telling you about. It's bad enough that cybercriminals stole hundreds of millions of emails and passwords, including 117 million from LinkedIn.
Now, they're using your personal information to steal your money. This brand new attack is spreading really fast.
It starts with a phishing email scam. You'll receive an email from a company you've done business with or a person you know. Except, it's cybercriminals posing as these companies or friends.
In this case, they're using those millions of LinkedIn stolen credentials to steal your money. The email's subject line claims to be about an unpaid invoice.
Inside the mail or attached to it is a Microsoft Word document. If you open it, you're redirected to a malicious website where your computer is infected with the banking trojan Zeus Panda (sometimes called Panda Banker). It steals your online banking credentials.
Here are red flags to look for:
- Emails are sent using your LinkedIn profile, like your name, job title and the company where you work
- The email contains a Microsoft Word attachment
- The email is for an invoice
- You're asked to enable macros
Never enable macros. Microsoft automatically disables macros, which are little computer programs that eliminate repetitive tasks. You'll see this warning from Microsoft. Don't enable macros, unless you created them yourself or you asked someone to create them for you.