There has been an increase in invoice scam campaigns being produced by spammers. These campaigns trick you into clicking on what you presume to be an invoice link but is actually a download to a malicious file.

This file will either download malware to your computer or it will phish for information.

Read More

O365 Phishing Image

Office 365 Business Email Compromise Attacks

The Office 365 (O365) platform has experienced tremendous growth and there is no sign of that trend slowing.  More businesses than ever reside with – or plan to migrate accounts to – the expanding Microsoft Business or Enterprise services. Scammers have taken notice and have crafted simple, effective social engineering attacks targeted to (and from compromised) O365 users.

Since the last quarter of 2017, we have blocked an abnormal quantity of Business Email Compromise attack campaigns.  These are a version of man-in-the-middle attacks exploiting the trust that goes with the victims known contacts.  Western African (likely Nigerian) scam groups have improved social engineering techniques, which ultimately lead to credential theft and financial fraud. Our SecureTide Filtering and Phenomenal Care Support teams have documented data for this attack. The information provided below details the tactical phases of ongoing Office 365 Business Email Compromise attacks and credential harvesting by these scammers.

Read More

AppRiver Trojan Protection

Trojan Droppers Exploiting Symbolic Link Files

Malicious actors routinely attempt to confuse recipients of messages with obscure file extensions to load malicious files on the victims machine.

For most users the .slk file is recognized in Microsoft Office software as an Excel file. However, as detailed here, it also is recognized by other applications among various hardware and mobile platforms. They are designed to link data between spreadsheets and databases. Similar to Excel .xls/.xlsx files, these .slk files also support the ability to execute malicious commands.

Fortunately with this attack vector, the user receives quite a few warnings that should set off red flags before the infection begins. However, few anti-virus engines are catching these attacks.

This blog steps thru the chain of infection for one of these malicious .slk trojan droppers and details what users should watch out for.

Read More