A new Windows 10 phishing scam has been described by security firm SophosLabs. In a twist, the problem was found when the threat actors’ email found its way into the Sophos inbox.
According to the company, it received strange emails in an obvious phishing attack. Unlike increasingly sophisticated phishing emails that look to copy legitimate companies, these emails were written poorly, badly formatted, and the obvious prompt to click a link.
“The messages themselves were very short, but they were crafted with an understanding of the human psychology behind the adrenaline-rush of fear, and had been personalized with both the name of the recipient and the targeted organization in both the subject line and the body. The spam trope here – a complaint, filed against you, and the insinuation that you’ve been attempting to cover it up.”
Clicking the link takes users to a website where they are asked to preview an “important” PDF. Of course, the PDF is not important and is in fact dangerous. Opening it forces the user into clicking a link with ms-appinstaller, which brings app Windows 10 AppInstaller.exe.
This in turn will start a download and run file that will install the BazarBackdoor malware, which aims to steal user credentials and data.
Sophos says this is a new way of attacking the Windows 10 App installer process. However, the attack itself is well known as phishing continues to be a major threat. These attacks rely on users to interact with what is sent. Microsoft has since blocked the websites.
That means the golden rules to avoid becoming a victim of phishing is to ignore emails you do not know the source of, and never click links in unknown emails. While it is relatively simple, phishing is one of the leading causes of attacks against individuals and organizations.
Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.