SharePoint scam used to steal passwords, new Microsoft Word scam installs ransomware and sextortion attempts now using another way to trick victims
Welcome to Cyber Security Today. It’s Friday August 17th. To hear the podcast click on the arrow below:
There’s a new way hackers are trying to fool users of Microsoft Office 365 to fall for a phishing scam: Include malicious links in SharePoint documents. Attackers often spread malware or malicious links through attached Microsoft Word documents or web page links in an email. But a security vendor called Avanan says it recently detected a hacker campaign against Microsoft Office 365 users that includes a link to a SharePoint document. SharePoint is a collaboration platform. The attacker’s goal is to get you to click on the link, which as expected asks you to enter a username and password before giving access to the document. That’s how the attacker steals your credentials. The scheme bypasses Office 365’s security protection, which scans for suspicious links.
You can protect yourself first by activating multi-factor authentication wherever possible on any important service where you have to log in. Second, be skeptical of any email with a subject line that capitalizes words like URGENT or ACTION REQUIRED. Third, be suspicious of URLs in the body of email. And if you are asked through an email to log into a page, make sure the URL is actually hosted by the service it is asking you to log into.
Speaking of malicious Microsoft Word documents, the SANS Institute had a blog this week about an email campaign with password-protected Word documents. A typical message might be about an attached invoice. All you have to do to open is use the supplied password, which might be something as simple as 1234, and enable macros to run. But when you do that it downloads ransomware. Here’s a good rule to follow: No one will send you a message to open a document and include a password.
Last month I told you about a sextorition scam that’s going around where people get threatening emails that lists one of their passwords as proof their computer has been hacked. The message says they’ll expose you as going to porn sites unless you pay a ransom. This week there’s news that the scam has been altered. Now the email contains the last four digits of your phone number as proof the attacker knows who you are. It isn’t clear where the criminals are getting the phone numbers from, but they’re likely stolen. Whatever the source, it’s important not to pay these thugs. They really don’t have anything on you.
Finally, remember that this week Microsoft issued its monthly patches, and so did Adobe. Make sure they’ve been installed on your computers.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.