The latest anticipated release of Windows should be a reminder that even IT folks can be driven into a frenzy enough to miss the signs of a malicious campaign.
Whenever there’s a new version of Windows, a material portion of techies are interested to see what’s new. Whether it will address issues the current version doesn’t, and to better understand how it will work in their home or business environment.
This week, Microsoft is expected to release Windows 11, nearly 6 years after the release of Windows 10. But the frenzy started much earlier with articles discussing how they’ve tested Windows 11 already. This only makes the techie who wants to get their hands on a copy willing to potentially visit some less than reputable parts of the Internet.
It’s this emotional connection to the end result that is the basis for social engineering; without the user’s own desire to see a specific outcome, it’s difficult for cyber criminals to get the victim to act. That’s why you should expect to see a campaign (whether web- or email-based) about downloading a copy of Windows 11 Preview, or even a malware-laden page about the top 10 new features – whatever will get the victim to engage.
Today’s it’s about Windows 11 pre-launch. I guarantee months from now, when this is deployed into organizations, there will be a specific attack that will warn the victim that their copy of Windows 11 requires a “critical update” (and to “click here”). Mark my words. In either case, the user involved – techie or not – needs to be enrolled in Security Awareness Training to ensure that even the most vigilant eyes – that of the IT staffer – don’t fall victim to a scam that finally tickles their fancy.
Here's how it works:
