As anti-racism marches and rallies take place across the world, opportunistic fraudsters have turned their attention to the Black Lives Matter movement, in an attempt to exploit the public.
It’s common for cybercriminals to craft their phishing campaigns and social engineering scams around major crises and global news. For example, as the public continue to seek information about the coronavirus pandemic, cybercriminals have preyed on the heightened sense of fear which has resulted in a surge of COVID-19 scams in recent months.
Now, fraudsters have launched a Black Lives Matter campaign leveraging the popularity of the movement against racism to spread Trickbot, which is malware that specialises in information theft.
The Black Lives Matter scam begins with a phishing email using the subject line “Vote anonymous about Black Lives Matter”.
In an effort to spread the TrickBot modular banking trojan, the email asks recipients to fill out and return an attached document named ‘e-vote_form_3438.doc.’
Individuals who open the document are asked to enable macros that download and execute a malicious DLL payload onto the victim’s computer. Unbeknownist to users, their personal information can then be accessed and stolen by the Trickbot malware.
Originally developed to harvest bank login credentials, TrickBot has evolved to carry out an array of malicious actions, such as execute brute force attacks, steal sensitive information, connect to criminally controlled networks and download further files including ransomware and remote access tools. This is one of the reasons it is so popular among cyber criminals. They can customise it and develop it further to make it more effective and profitable.
Although not the most sophisticated attack, the Black Lives Matter scam makes an effort to add authority by claiming to be from the “Country administration”. Spoofing the sender of an email is a common tactic by many cybercriminals. However, if the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be suspicious.
Other common warning signs in this particular phishing scam include the lack of personalisation. Commercial emails from legitimate organisations will be addressed to you by name rather than a generic greeting and, if an email purports to be a “confidential” request, it’s likely that the sender is trying to keep you from verifying the email with another party.
How to Prevent Phishing Scams
- Never click on links or download attachments without confirming the source.
- Install the latest anti-virus software solutions on all your devices.
- Regularly back up your data.
- Avoid clicking on links or opening attachments within unexpected or suspicious emails.
- Only download attachments from sources you can trust.
- Always take time to think about a request for your personal information, and whether the request is appropriate.
- Pay close attention to the spelling of an email or web page. If there are any inconsistencies, users should be cautious.
- Ignore and delete emails with unexpectedly poor grammar and formatting.
- Question the validity of any email that asks you to submit personal or financial information.
- Use strong passwords to reduce the chance of devices being hacked.
- Consider the use of a password manager to maintain the security of multiple accounts.
Create a More Security Conscious Workforce
To truly change Cyber Security behaviours, organisations must commit to a Cyber Security awareness program that enables staff to recognise and embrace the important role they play in safeguarding sensitive company data.
Cyber Security Awareness for Dummies acts as an indispensable resource for implementing behavioural change and creating a culture of cyber awareness.
In this guide, you will learn:
- What Cyber Security awareness means for your organisation
- How to implement a cyber risk awareness campaign
- The critical role of policies to establish safe baselines
- How to maintain momentum and staff engagement
- 10 Cyber Security awareness best practices
Click here to claim your free copy of Cyber Security Awareness for Dummies.