The document presents an official-looking help page that tells you that you need to “Enable editing” to view its content. To get you to agree to run their malicious macro program, the crooks use what you might call a bait-and-switch trick. This is a feature of Word – you can write extensive and powerful Word extensions as macros, using Microsoft’s Visual Basic for Applications (VBA) programming language – but because macros that arrive from outside can be super-dangerous, they don’t run by default. The password is randomly chosen for each recipient, and you really do need to use the one in your own email to open the file:Īt this point, the crooks are aiming to persuade you to enable macros in the open document, which means you’ll be running program code stored in the file by the crooks themselves. If you do open the attachment, which is portentously called Yoursurname.dot, Word prompts you for a password, just as the scammers warned you to expect: So it feels wrong and risky not to open it to see how much is in there. With so many data breaches in the news recently, it’s perfectly reasonably to wonder, “How serious is this?” On the other hand, there must be some truth in the claims about a data leak, because the crooks know your name and address – and not just vaguely, but precisely, so who knows what else they know about you? So it feels wrong and risky to open it to see how much is in there. You know it’s a scam, not only from the terrible mistakes in spelling and grammar, but also from the fact that no official organisation would dare write what amounts to a veiled threat of this sort. The salutation uses your first name (given name) the filename is your surname (family name) and the address is your home address, complete with postcode. The text in the emails vary slightly from sample to sample, but examples seen by SophosLabs go something like this:
0 Comments
Leave a Reply. |