Search my site

Amazon AStore

A selection of relevant products available direct from Amazon. You'll find lots more practical info in various articles on my website.

Visit My Amazon AStore

 

Key Web Links

Entries in spearphishing (1)

Tuesday
Mar282017

A very convincing spearfishing Word Macro attack

I received this very cunning spearphishing attempt in an Email addressed directly to me, containing what they reckoned was my home address and a Word file attachment called winstanley.dot  It also contains a legitimate-looking sender’s name and a Romanian email address which may have been spoofed, so I have omitted them.

The document seems to contain no virus (according to Kaspersky Anti Virus) but when I carefully peel back the lid, it soon becomes clear that it’s another Microsoft Word macro-laden document.  A macro is a series of commands designed to run like a mini-program as explained by Norton here.  The sequence of commands can also install harmful viruses.

If this was a genuine attempt by someone to warn me of a hack, there would be no need to run a macro in a simple document like this. The password-protection adds some authenticity to the scam.

To: Alan Winstanley  
Date: Tue, 28 Mar 2017 16:54:10 +0000
From: XXXXXXXXXXXXXXX
Subject: Alan

Good day to you, Alan!

I am bothering you for a very significant matter. Allhough you don't know me, but I have considerable ammount of data concerning you. The fact is that, most probably mistakenly, the information of your account has been emailed to me.

For instance, your address is:

XXXXXXXXXX XXXXXXX
XXXXXXXXXXXX
XXXXXXXX
XXXXX
XXXX XXX

I am a law-abiding citizen, so I decided to alert may have been hacked. I pinned the file - Winstanley.dot that was sent to me, that you could explore what data has become available for deceivers. Document password is - 9583

Sincerely,

Vxxxxx Zxxxxxxx

By default, in my Word program macros are disabled, and you should do the same. Go to Options / Trust Center / Disable all macros from running.

This scam is a nice try and it would certainly fool some people.