Real People Trick You Downloading Malware

Data Security: Story

 Search Stories
Hot Words
Key Words
In Field


 By Huan Miles
Real People Trick You Downloading Malware
Keep secret data safe experienceA recent social engineering scam uses real people in a call center to trick you into downloading malware onto your computer. It exploits the MS Excel macro to install the seed malware and then control your computer. Here's how the scam works:
  • You receive an email claiming that your trial subscription to a publishing company will expire soon;
  • The email states that you will be charged if the subscription is not canceled;
  • It directs you to call a phone number for assistance

If you call this number a representative happily walks you through how to unsubscribe. The representative directs you to a generic-sounding web address, asks you to enter the account number provided in the original email, and tells you to click a button labeled “Unsubscribe”. If you click, an excel file is downloaded onto your computer. The representative tells you to open that file and enable macros so you can read a confirmation number to them. If you enable macros, a malicious file is installed that allows cybercriminals backdoor access to your system. The bad guys can use this access to install more dangerous malware, such as ransomware.

Follow these tips to stay safe from this social engineering attack:
  • This attack tries to spark feelings of alarm and frustration by claiming that you will be charged for something you didn't sign up for. Don't let the bad guys toy with your emotions.
  • Remember that cyber attacks come from real people and real people can lie over the phone, just as they do in phishing emails.
  • If you're concerned that a warning could be legitimate, look up the company and try contacting them another way—not by using the phone number that they provided in an email.

More tools and apps to anti-malware and email safety.