This week’s social engineering hack

The latest attempt to trick you into opening an infected document.  Includes swearing and then a new enticing warning message.

Today I received this message (I have edited out the swear word.)

yea , we finally did it.

here is the bank confirmation:

bofa_card_statement_bill.doc

now fXXk off and try not to contact me again or else.

On Feb 6, 2017 at 3:25 AM,  bill@kinetics.co.nz wrote:

did you send the money? i need the proof

Others have received a similar message “Who the fXXk are you and why are you on my credit card statement”.

When you click on the link it downloads or opens a word document.  Most systems will block the documents active contents.  So it displays this rather official looking message encouraging you to unlock the document.


 

 

 

 

 

 

 

 

 

 

 

 

 

Needless to say, if you do there is a nasty macro hidden inside.

Good news - if you have your setup correct and in accordance with our best practice, then you are safe!


When I tested this on our isolated system, I found that the nasty would not run if the user account did not have administrator rights on the PC.  When the user had Administrator rights, KARE AV found and disinfected the attempt.