I was hoping that December would bring a drop off in Orb reports, helpline calls and email requests for assistance here at NetSafe after a multi-million dollar year of cyber-enabled crime.
Surely cybercriminals must get into the Christmas spirit too, decorating trees in their cavernous evil lairs and taking out their workforce of cold calling scammers for a nice lunch? No more bulk spam emails or setting up cloned websites recruiting unwitting money mules.
How wrong I was! This week has seen a spike in reports and calls for help with file encrypting CryptoLocker infections on the horizon and today a new Trojan posing as a booking invoice just before the holiday season begins in New Zealand.
This morning I received this innocent looking email in my inbox from Booking.com, subject line ‘Booking.com Invoice 801490457278′.
It happens I’m looking for a bach at present but I’m wary about opening the email as I don’t remember using that website and can’t think who would send me an invoice already. Opening the mail – always a little risky – shows me this message with some kind of file attached that my email thinks is a .zip file:
This is when you should get suspicious – phishing emails are always a problem but in this case we’re dealing with that nastiest of phish, the Attachment Flounder – if you click on the file link and download the attachment it’s highly likely it may invade your computer and then be capable of logging your keystrokes, capturing what’s on your screen and potentially stealing from your online banking service.
Always think before you click - and remember that deleting the email is the safest option.
But, if you’re still curious try scanning the file with your up to date anti-virus software or by using an online malware scanner tool like www.virustotal.com to check just what that file is.
In my case, the Zip file when I download it turns out to be a supposed PDF but with a .exe suffix (Invoice 801490457278 PRINT pdf.exe), so now I know it’s highly likely to be an executable file will create chaos.
And a scan at VirusTotal confirms this with a nasty score of 9:
So the lesson is, always be careful when receiving unexpected emails, especially invoices that have a vague connection to what you’re up to. Think before you click and the safest option if you are suspicious is simply to delete dodgy emails with odd files attached.
If you want to check the files without opening them, use a reputable anti-virus or online scanner to see what threats if any you could be exposing your system to. Stay safe this Xmas and assume the bad guys will be working everyday over the festive period.