Be on your toes folks, because malicious attackers have another trick up their sleeves. They are now resorting to another email trick – they impersonate domain administrators by sending out emails with the subject matter, ‘Internal Only’ and from the ‘Administrator’. Their aim is to get you, the recipient, to download malware.
In the email, the recipient is asked to follow a link to read an Adobe Reader format file.
As Hoax-Slayer reports, to make the message seem relevant, the URL (see Definition) leading to the supposed file contains the domain used in the recipient’s email address. For example, if your email address is in the format, [email protected], the link in the malware will be displayed as https://my-company-name.com/file/internal/EncryptedMessage. How many recipients do you know who would not click on that link if they were to receive such an email? Even if a few unsuspecting victims click on that link, the cybercriminals would benefit.
The link is a fake. The real link lies underneath and opens a fraudulent website that has no connection to your company. Clicking the link will download a .zip file that contains a Trojan. Once installed, this Trojan may download more malware, which in all likelihood will capture your personal information. It will also allow the criminals to control your computer for their own purposes.
Cybercriminals has used the same trick before by utilizing the Upatre downloader Trojan, which has become the favourite way for scammers to deliver malware to the victim’s computer.
It is difficult to filter the legitimate emails from the fake. Nevertheless, you will always have to be alert to such scams.
What makes this scam dangerous is the belief that it is coming from the Administrator. In other situations, such emails may seem to come from other people in authority such as a CEO or MD of a company. This convinces unsuspecting victims to click the malicious link or attachments in the emails.
Stay alert as YOU are the last line of defense! – Kevin Mitnick
Recommendation
1. Always be vigilant when you receive emails.
2. Always think before clicking that link or opening that attachment.
3. DO NOT click links or attachments in emails from unknown senders.
4. When in doubt about the emails received, throw it out. There are numerous ways that internet criminals will try to scam you, and only one way to stay safe. (see quote above by Kevin Mitnick)
Definition
Uniform resource Locator (URL) – it is the site address of a web page.
Source
1. Help Net Security.
2. Hoax-Slayer.
The Week That Was
1. Simada botnet takedown – Interpol announced the takedown of Simda botnet which has compromised 770,000 computers worldwide.
2. Patch Tuesday – Microsoft, Adobe and Oracle released critical patch updates to fix flaws and vulnerabilities in their software.
3. MYNIC breached – Malsysian domain registrar MYNIC Bhd confirmed that there were unauthorized modifications to its Domain Name Server (DNS) for several sites including Google Malaysia and Yahoo Malaysia on April 14.
4. HSBC Finance Corporation (New Hampshire) breached – the bank suffered a data breached where sensitive mortgage information of customers of a number of its subsidiaries had been compromised.
5. TeslaCrypt ransomware – a new addition of ransomware being pushed to users. It encrypts files associated with video games and game related software, as well as iTunes related files.