If it’s in the news, it’s a phishing attack waiting to happen. First, it was the popularity of the show Game of Thrones. Then it was the new Star Wars sequel. More recently it was the fear of COVID-19. And now, in response to all the recent protests over police brutality, it’s the Black Lives Matter movement. Apparently, hackers get their ideas for phishing attacks from the news.
The most recent phishing campaign asks “you to vote anonymously about Black Lives Matter,” but in reality, all it’s really doing is “spreading the TrickBot information-stealing malware. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior.”
How does this scam work? An email pretending to be from “Country administration” asks recipients to vote anonymous about Black Lives Matter. “The email states, ‘Leave a review confidentially about Black Lives Matter’ and then prompts recipients to fill out and return an attached document named e-vote_form_3438.doc.”
“When a recipient opens the Word document, they will be greeted with a message stating that they need to click on the ‘Enable Editing’ and ‘Enable Content’ buttons to view the contents properly. Once they click on these buttons, the Word document will run macros that download a malicious DLL to the computer and execute it. This DLL is the TrickBot trojan that, when executed, will download further modules to the infected computer to steal files, passwords, security keys, spread laterally throughout the network, and allow other threat actors to install ransomware.”
This phishing attack is in direct contrast to most other phishing attacks. Most phishing attacks use a phishing website to steal your credentials. The scam is to get you to click on a bogus link, go to the website and enter your credentials. But none of that happens here with this phishing scam. There’s no phishing website and no bogus link. This makes it even harder to protect yourself without the proper defense.
To protect yourself from this type of phishing attack, you’ll need email security that is not only capable of screening emails for malicious links, but also for malicious attachments. You need protection like Advanced Threat Defense available from Phish Protection.
Advanced Threat Defense from Phish Protection has real-time link click protection against both domain name spoofing and display name spoofing. More importantly, it has malicious attachment blocking, which means emails with a malicious attachment never even make it into your inbox. That’s protection.
Phish Protection sets up in 10 minutes, works with all major email services and only costs pennies per user per month. Don’t let the latest news-based phishing attack catch you off guard. Get Phish Protection with Advanced Threat Defense and keep those hackers at bay. Try it free for 60 days.