Phishing attacks have become a favorite tool for cybercriminals. This is when scammers send fraudulent emails or messages, attempting to get unsuspecting victims to click on malicious links.
Clicking on those links opens the door to multiple threats, depending on what payload the scammer uses. Now, there is a new attack making the rounds that you need to know about.
What's the latest phishing scam?
What we're talking about is, fraudulent emails are showing up in people's inboxes pretending to be from cable TV providers. The email claims that your bill is past due and provides a link to view your invoice.
Warning! The provided link will take you to a fake site and your gadget could be infected with malware.
Once you're at the fake site you'll find a "view invoice" button. Clicking this button will download an infected file that looks like a Word.doc. The text will be jumbled and unreadable and you're asked to enable macros to view it properly.
Image: Example of malicious Word.doc (Source: Nakedsecurity)
If you enable macros, your gadget will be infected with malware. This malware allows the scammer to do several things, depending on what payload they set up.
The criminal can change the payload at any time to create different scams. Here are some examples of what the scammer can do:
- Steal personal data - The cybercriminal can capture keystrokes, do form grabbing, and take screenshots from your gadget.
- Perform DDoS attacks - DDoS stands for "distributed denial of service," which is a techy way of saying "crashing a system or the whole internet." It works when a targeted website or server is flooded by an overwhelming amount of requests from millions of connected machines in order to bring it down.
- Download more malware
- Ransomware - The criminal could turn this into a ransomware attack, locking your gadget and demanding ransom to return control back to the victim.
- Make spoof DNS requests - Domain Name Server (DNS) spoofing is when cybercriminals exploit vulnerabilities found in the domain name server. They do this to redirect traffic from legit servers to fake ones.
If you receive an email like this, delete it immediately. If you have a cable or satellite provider, go directly to its site by typing it into your browser.
You also need to know how to prevent falling victim to a phishing scam.
How to avoid phishing attacks
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Do NOT enable macros - You should never download Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Do an online search - If you get a notification about something that seems shady, do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Typically, there are signs that give away the fact that an email is fake. Can you spot one? Take our phishing IQ test to find out.
- Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts. Click here to learn more about two-factor authentication.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.