« Dreamweaver CS4 file sync errors: file in use by another process | Main | Stripboard Magic in Windows 7 »
Tuesday
Mar282017

A very convincing spearfishing Word Macro attack

I received this very cunning spearphishing attempt in an Email addressed directly to me, containing what they reckoned was my home address and a Word file attachment called winstanley.dot  It also contains a legitimate-looking sender’s name and a Romanian email address which may have been spoofed, so I have omitted them.

The document seems to contain no virus (according to Kaspersky Anti Virus) but when I carefully peel back the lid, it soon becomes clear that it’s another Microsoft Word macro-laden document.  A macro is a series of commands designed to run like a mini-program as explained by Norton here.  The sequence of commands can also install harmful viruses.

If this was a genuine attempt by someone to warn me of a hack, there would be no need to run a macro in a simple document like this. The password-protection adds some authenticity to the scam.

To: Alan Winstanley  
Date: Tue, 28 Mar 2017 16:54:10 +0000
From: XXXXXXXXXXXXXXX
Subject: Alan

Good day to you, Alan!

I am bothering you for a very significant matter. Allhough you don't know me, but I have considerable ammount of data concerning you. The fact is that, most probably mistakenly, the information of your account has been emailed to me.

For instance, your address is:

XXXXXXXXXX XXXXXXX
XXXXXXXXXXXX
XXXXXXXX
XXXXX
XXXX XXX

I am a law-abiding citizen, so I decided to alert may have been hacked. I pinned the file - Winstanley.dot that was sent to me, that you could explore what data has become available for deceivers. Document password is - 9583

Sincerely,

Vxxxxx Zxxxxxxx

By default, in my Word program macros are disabled, and you should do the same. Go to Options / Trust Center / Disable all macros from running.

This scam is a nice try and it would certainly fool some people.

 

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>