READ THIS NEXT: If You Get This Call From the Police, Hang Up Immediately, Officials Warn. Anyone who has an inbox is all too familiar with the concept of suspicious unsolicited emails. Some famous inbox scams, such as a foreign prince desperately trying to get in touch with you, are so common they’ve become something of a punchline. But as technology has progressed, so has the ability of cybercriminals to deceive unsuspecting victims into handing over sensitive information with “phishing” scams. These days, this can even include making it appear as though someone you know or a company you trust is trying to reach you. A recent report from email security firm Avanan outlined one new email scam they detected targeting Gmail users, which allows fraudsters to change the “from” field in messages. In some cases, scammers will pretend to be a financial institution, utility company, or service provider requesting payment on an outstanding bill. In others, they can force users to unknowingly download malware that then mines their computer’s files and personal information. “Within Gmail, any Gmail tenant can use it to spoof any other Gmail tenant,” the company explains in the post. “That means that a hacker can use the service to easily spoof legitimate brands and send out phishing and malware campaigns.” Unfortunately, another version of this style of scam appears to be making the rounds. According to cybersecurity company Fortinet, PC owners are at risk of a new phishing attack that appears to come from a trusted source such as a friend or company regarding a payment of some kind. The email instructs the recipient to download what looks like a legitimate Excel spreadsheet attachment, commonly seen with “Remittance-Details-951244.xlam” as a file name. In reality, the file is loaded with malware that can infect the user’s computer.
RELATED: For more up-to-date information, sign up for our daily newsletter. Fortinet explains this Trojan-style attack uses malware known as AveMariaRAT, BitRAT, and PandoraHVNC that hackers can use to take over a computer. When a user opens the file, automated actions within the spreadsheet known as macros will begin to install the nefarious software onto the device, Express reports. The programs then grant hackers access to files and information stored on the computer. But it also gives them the ability to tap into the device’s microphone and camera to spy on victims in secret. “This is an extremely severe phishing campaign that is seeking to victimize Windows users with Trojans that give the attacker complete remote control over the infected computer,” Ray Walsh, a digital privacy expert at ProPrivacy, told Express. Walsh went on to call the latest phish scam a “severe” threat to anyone using Windows. “We urge consumers to keep their devices up to date with reliable antivirus software, consider every single unsolicited message which looks genuine, or emails that evoke an emotional response and call to action,” he recommends.ae0fcc31ae342fd3a1346ebb1f342fcb If you’re ever unsure of an email’s authenticity, cyber security experts also recommend calling your friend or independently looking up the company’s customer service department and speaking with them directly. It’s also best to hover over a link without clicking to double-check which web address it might actually be sending you to. READ THIS NEXT: Never Use Your Phone to Do This, FBI Says in New Warning.
