A very convincing spearfishing Word Macro attack
I received this very cunning spearphishing attempt in an Email addressed directly to me, containing what they reckoned was my home address and a Word file attachment called winstanley.dot It also contains a legitimate-looking sender’s name and a Romanian email address which may have been spoofed, so I have omitted them.
The document seems to contain no virus (according to Kaspersky Anti Virus) but when I carefully peel back the lid, it soon becomes clear that it’s another Microsoft Word macro-laden document. A macro is a series of commands designed to run like a mini-program as explained by Norton here. The sequence of commands can also install harmful viruses.
If this was a genuine attempt by someone to warn me of a hack, there would be no need to run a macro in a simple document like this. The password-protection adds some authenticity to the scam.
To: Alan Winstanley
Date: Tue, 28 Mar 2017 16:54:10 +0000
From: XXXXXXXXXXXXXXX
Subject: Alan
Good day to you, Alan!
I am bothering you for a very significant matter. Allhough you don't know me, but I have considerable ammount of data concerning you. The fact is that, most probably mistakenly, the information of your account has been emailed to me.
For instance, your address is:
XXXXXXXXXX XXXXXXX
XXXXXXXXXXXX
XXXXXXXX
XXXXX
XXXX XXX
I am a law-abiding citizen, so I decided to alert may have been hacked. I pinned the file - Winstanley.dot that was sent to me, that you could explore what data has become available for deceivers. Document password is - 9583
Sincerely,
Vxxxxx Zxxxxxxx
By default, in my Word program macros are disabled, and you should do the same. Go to Options / Trust Center / Disable all macros from running.
This scam is a nice try and it would certainly fool some people.
Reader Comments