This brief article will help you avoid be scammed by demonstrating how phishing scams work with real-life examples. This phishing scam will install malware on your computer where the goal of the scam in part 1, Your Password has Been Stolen, was to steal your email address and password. Installing malware on your computer allows the crook to take control of your computer which is called as being “pwned” in hacker-speak.
A cyber-crook is wants to take control of your computer for two reasons: to install ransomware which encrypts your files and holds them for ransom. Or to control your computer and make it part of a group of compromised computers know as a “botnet.” A botnet is rented to other crooks who will use your computer to generate more phishing scams or bombard a website or Internet service with so much traffic that it will disable it. In both cases, the goal of the cyber-crooks is to make money.
Step 1 - The Phishing Email
This phishing scam arrives as an email in your inbox of the mail program on your computer. Take a few seconds and examine the email address, look for grammatical errors and ask yourself if it sounds suspicious. It’s targeting someone who deals with the FTC and may be expecting a refund for something. The sender’s email address is clearly fake since the Federal Trade Commission’s domain is ftc.gov. The web link looks legitimate because it has www.ftc.gov but if you hover your mouse over the link, it reveals the actual link in the lower left corner. The language in the email is very casual which is not the way federal government bureaucrats normally speak. At this point you should be suspicious and should delete the email. Don’t bother calling the phone number (which is missing the second hyphen) because it just goes to a voicemail.
Step 2 – Clicking the Link
If you click the link, your browser will download a Microsoft Word document. Some variants of this scam will download a PDF document. The document itself is not dangerous or infectious. But you still should seriously avoid clicking links on a suspicious email.
Step 3 – The Download
If you open the Word document, it will have a message like this one which says “oops, something went wrong.” This is a fake warning but the document is actually protected by Microsoft Word app because the file was downloaded from the Internet. The REAL Microsoft warning is at the top as a yellow bar indicating that you are viewing the document in “PROTECTED VIEW.” Take this warning seriously. Of course, the scammer want you to disable the security so they are kind enough to give you instructions.
Step 4 – Activating the Malware
If you by chance click the “Enable Editing” button, you will have only one more chance to avoid infection. This malicious Word Document contains a macro so you will then be presented with another Microsoft Office "Security Warning" in a yellow bar across the top of the Word document. This is a real Microsoft warning which should be read and heeded. Macros are programmatic scripts that are useful tools for performing repetitive tasks like inserting text in letters, for example. But cyber-crooks have been able to craft malicious macros to download malware onto the victim’s computer which will encrypt files and hold them for ransom, activate a identity-stealing keylogger virus or turn your computer into a zombie slave to work in a botnet. Clicking the “Enable Content” button will unleash terrible things, starting with downloading the malicious software. Do never click the "Enable Content" button.
Avoid Being Scammed
Hopefully you don’t ever make it to Step 4 and activate the malware. But the result will certainly be that you would have to pay hundreds or thousands of dollars to decrypt your files and to clean up an infected computer. There is also a high risk of having your identity stolen if the cyber-crooks plant keylogger malware which will steal your personal information as you type it: your drivers license, social security number and bank/credit card information.
As you can see, there are several opportunities to avoid getting infected and ripped-off by this particular phishing scam. But it is only because you now know what to look for. I encourage you to continue to education yourself about these scams because new ones are being developed daily. You can follow me, @jakenonneaker, on Twitter, like the AXICOM Facebook page, listen to the TechCast with Jake podcast, or subscribe to our monthly e-newsletter.