Whereas previously, a lot of attacks have been based around JavaScript download applications, it seems hackers are now using a different - and more familiar - type of infected file to infiltrate the networks they target with the ‘Locky’ virus. DOCM files – also known as macro-enabled Microsoft Word files - are increasingly being used to transmit viruses onto company networks.
The trend was spotted by researchers, who identified a spike in phishing emails containing the Locky virus. They reported that attachments were accompanied with a message stating that someone else had asked finance files to be forwarded on – a tactic commonly deployed in ransomware attacks.
Mohammed Shah, who runs the Dynamic helpdesk, says, “The Locky virus is so-called because it essentially ‘locks down’ your network, scrambling your files and renaming them all with .locky extensions before demanding payment to reinstate your original data. This is just one kind of ransomware, but it is one that’s widely used and becoming more prevalent.
“The fact that hackers are now using Word documents to transmit this virus means that people need to be more vigilant than ever when opening email attachments from people they don’t know. These latest attacks also show that we all need to treat emails from people we do know with caution, too, and look out for covering emails that don’t sound quite right.”
Here’s his advice on how to spot suspicious attachments:
Check for spelling mistakes – legitimate messages or attachments from genuine senders rarely include major spelling mistakes.
Look out for mismatched URLs – many phishing emails use what look like real addresses, but behind them is a fake domain. So while it might look as though the email has come from an official source, it might be directing you to an unsafe website. To check, hover over the web link and you’ll see where the target URL is trying to send you. If the URL doesn’t match the organisation the email says it’s from, that’s a good indication that the site is fake and you shouldn’t enter your information or open any attachments.
Don’t get personal – if an email is asking for personal information, that’s a bad sign. Your bank will never email you asking for your account number or credit card number by email, and no genuine email will never ask you for a password or personal information.
Watch out for fake bill requests – if a message asks you to transfer money for damages or bills, be suspicious. Scam emails will often say that you owe money to a bank or you need to pay a bill in advance, usually with something that looks like a Word document attached. This isn’t the way genuine bill payment requests are made, so don’t be fooled - and certainly don’t open the attachment.
A good rule of thumb is never open attachments if you are slightly unsure. If you are in any doubt, call the alleged sender via official channels, and not via any contact numbers included in the suspicious email. It’s always better to be safe than sorry.