Spear phishing is a phishing attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media. Spear phishing attacks on social media often come from fake accounts, but in a recent scam, cybercriminals used real, compromised accounts. After hijacking an account, cybercriminals impersonated that person and targeted their friends and followers.
In this scam, cybercriminals use the hijacked account to engage in friendly conversations with you in an attempt to lower your guard. Since you don’t know that the account has been hijacked, you are more likely to trust information that they send to you. Once they think they have your trust, the cybercriminals will send you a Microsoft Word document asking for you to review it and give them advice. Once you open the document, the program will ask you to enable macros. If you do enable macros, your system will automatically download and install a dangerous piece of malware.
Follow the steps below to stay safe from this scam:
- Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
- Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.
- Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
More information on our NetPro range of services including Security Awareness Training.
Should you need assistance working with your last line of defense, your value staff members and their security training, please let us know if you would like to work with NetAccess, we’d be glad to help. You can also call our main line at 905-524-2001 to speak to someone in sales if you don’t have a managed support engagement with NetAccess.
Thanks for the reminder from our friends at KnowBe4 for the tip!