This week’s IT security alert from Lineal – fake invoices which ask users to run a dangerous piece of code.
The example above comes from a fake Word document emailed with a typical text line, such as ‘Please check this invoice’ or ‘Double check my numbers for me’, to an unsuspecting user.
Upon opening, the document appears to load a popup from Office 2016 prompting the user to ‘Enable Content’ for compatibility purposes, before they can view the detail of the ‘invoice.’
In fact, the display is just an image within the word file, and the ‘Enable Content’ content button instead runs a piece of Visual Basic code downloading unknown malware from the internet.
The scam relies on users’ curiosity at the unusual $1999.00 charge, and upon reaching a user still running an outdated version of Microsoft Office.
Several measures can be taken to prevent this kind of attack:
- Don’t click any popup that doesn’t visibly pop ‘open’ in Microsoft and don’t ‘Enable Content’ you can’t see in a document.
- Consider an email filtering service like Barracuda – in the above example, Barracuda had recognised this email as malicious and stripped the code from the document before placing it in the correct email inbox for the intended recipient.
- Invest in a high-quality antivirus and IT security software like ESET – using sophisticated heuristics and live scanning ESET can block this kind of threat, and advanced versions operate a comprehensive watchlist of fake ‘phishing’ scams which might try to imitate legitimate companies online.
- Move to Microsoft Office 365 – Microsoft’s cloud subscription model now ensures that you’ll always have the most up-to-date version of Microsoft Office, and therefore that if a document gives you this kind of message, it may be a scam.
For IT Security advice and guidance – speak to Lineal today.