Cybercriminals have launched a clever Norton 360 LifeLock scam, which is disguised as a fake document, in order to trick victims into installing a remote access trojan (RAT).
RATs have the potential to cause significant damage. Their ability to remotely control PCs and capture screens, keystrokes, audio, and video makes them far more dangerous than typical viruses and worms.
The scam begins with a phishing email, which appears to be from the anti-virus and software security company. The email which has an attachment containing malicious macros informs the recipient that they have received a protected document from Norton LifeLock. To access the document, the recipient is provided a password and is instructed to enable macros.
Such trojans are often concealed as an anti-virus program, tricking the user into installing it onto their device. Once installed, the trojan then works quietly in the background to steal sensitive data, install a backdoor or take other harmful actions. RATs can be difficult to detect because they often do not appear in the list of the programs running on the device and nor do they affect your device’s performance.
When the user inputs the correct password to access the spoof document, the macro executes a command to install the remote access trojan, giving the cybercriminals free rein to the victim’s machine. Before the script continues its operations, it checks to see if an anti-virus is installed on the system. If this is the case, it stops running on the victim’s computer.
With this access, hackers can then monitor online behaviours, access confidential information, format computer drives, distribute viruses, delete or alter files and even watch the victims via their webcams to use for blackmail or ransom.
How to protect against phishing
With 90% of all data breaches caused by phishing and 3.4 billion fake emails sent every day, users must remain cautious and vigilant. Educating yourself, your staff, and your end users about phishing can significantly minimise your risk. To stay safe, there are a number of simple ways you can protect yourself from such attacks:
- Never click on links or download attachments from unknown sources.
- Ensure that all applications and operating systems are up to date.
- Hover your mouse over the links contained in emails to check if they are legitimate– don’t click unless you are sure they are safe.
- Install the latest anti-virus software solutions on all your devices.
- Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts.
- Install a Firewall to prevent unauthorised access to your network.
- Back up data on a regular basis.
- Question the validity of any email that asks you to submit personal or financial information.
Phishing is the number one cause of all cyber attacks and continues to prove one of the easiest ways to steal valuable data and deliver malware. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to attack. If you would like to find out more about how MetaPhish can be used to protect your business, then contact us for further information.