Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Global Climate Change Phishbait

    close up of businessman hand showing texture the world with digital social media network diagram concept Elements of this image furnished by NASAA number of phishing campaigns have been using Christmas-themed emails encouraging recipients to support climate activist Greta Thunberg, according to Paul Ducklin at Naked Security. Scammers often exploit people’s charitable impulses in order to trick them into handing over their money, but these climate change-themed emails contain links or attachments meant to deliver malware. While the download links in the emails aren’t currently functional, the malicious attachments will result in the installation of the Emotet banking Trojan.

    The attachments are Microsoft Word documents which, when opened, display an image with text informing the recipient that they’ll have to click the “Enable content” and “Enable editing” buttons in order to view the contents of the document. Clicking these buttons will allow the file to run a macro which will execute a PowerShell command to download the malware. Once Emotet is installed, the attackers can essentially do whatever they want with the infected computer, which often includes downloading additional malware.

    While this specific attack delivered Emotet, Ducklin explains that this type of infection chain allows the attackers to customize their payload based on the target.

    “Remember that when malware arrives in a multi-step chain, like here, you can never be quite sure what comes next,” Ducklin writes. “That’s one reason the crooks like to deliver their final malware payloads via a web download that happens at the time and place that your infection started. That way they can tailor the final malware not only by time, but also by your geolocation and even by what type of computer you’ve got. For example, if your laptop turns out to be a Mac, some crooks will deliberately try to hit you with Mac-specific malware instead of sending you a Windows program that isn’t going to run at all.”

    Many malware attacks would be prevented if every employee knew that they should never click “Enable editing” or “Enable content” in a Microsoft Office document, especially if they’ve just received the document in an email. Even more attacks could be thwarted if employees were taught to avoid clicking on suspicious links or opening unsolicited attachments. New-school security awareness training can create a culture of security within your organization by teaching your employees about social engineering tactics.

    Naked Security has the story: https://nakedsecurity.sophos.com/2019/12/27/christmas-malware-uses-support-greta-thunberg-as-a-lure/

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews