Cybersecurity Blog

MRU community hit by tech support scam – 04/29/21

 

 

The tech support scam is back. This week a MRU community member had a virus warning popup on their screen while they were working. The virus warning listed a phone number and appeared to come from Microsoft.

The individual phoned the Service Desk. However, when they couldn’t get through they called the ‘Microsoft’ number in the pop up.  The fake Microsoft rep hung up on them when the caller didn’t provide the rep with the information they were looking for.  Our MRU community member avoided being scammed simply by not being cooperative.  However, had they been dealing with a more patient scammer, this could have gone very wrong very quickly.

This is a reminder if you see a dialog box with a virus warning and a phone number, it is a scam. Most likely there is no virus on your machine. instead, the website that you have visited has been compromised by a hacker to display a fake virus warning to anyone who views it. If this happens to you, close your browser and then open it again. Do not close the pop up. Do not visit that website again.

If you are concerned that your MRU issued device may have a virus, contact the Service Desk. Be patient, they will get back to you. If it is your personal device you are concerned about, run a virus scan. If something appears to be amiss and the virus scan does not find anything, take your device to a repair shop to have it checked.

 

 

Don’t take candy from strangers – 09/16/20

All malware is not created equal.  This week a particularly devious piece landed in an MRU inbox.  It was wrapped up in a zip file attachment. Here is what the malicious email looked like:

 

 

This malicious email is hard to identify as it contains a previously sent email thread. Interestingly enough, there is no human behind this email. It was sent by malware. When it gets on your machine it picks an email in your inbox and replies to it. Sending a copy of itself to an unsuspecting recipient.

The email is generic enough to work with pretty much any email. However it is the vagueness that flags it as suspicious.  The other tell is the sender’s email address. Because this is malware and not a person sending out the email, the sender’s email address is incorrect.

If you decide to click and open the attachment, you see an Excel spreadsheet with this in the first cell.

 

 

If you missed the other two red flags, this one is your last chance to dodge the bullet. This very official looking graphic is asking you to enable editing and content to be able to “decrypt” the document  It is also telling you what type of device to use to view it.  Anytime you have this kind of instruction given to you to view a document, close it immediately and report it.

The instructions are not there to enable you to view the document. They are there to ensure the malware can be installed and will function.  By asking you to enable editing and content, it is bypassing the safety controls we have in place to prevent the running of macros. It is not “decrypting” anything.  If you can’t open a document just by clicking on it, consider it a threat.

This is another reminder how important it is to check the sender’s email address before you open an attachment or click on a link.  If you recognize it, contact the sender using another method and confirm that they sent the email. If you don’t recognize it, don’t click. You wouldn’t take candy from a stranger, you shouldn’t take attachments from them either;  no matter how enticing they are.