{"id":419,"date":"2016-04-28T08:50:06","date_gmt":"2016-04-28T08:50:06","guid":{"rendered":"http:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/?p=419"},"modified":"2016-04-28T08:58:56","modified_gmt":"2016-04-28T08:58:56","slug":"fake-invoice-warning","status":"publish","type":"post","link":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/2016\/04\/28\/fake-invoice-warning\/","title":{"rendered":"Fake invoice warning"},"content":{"rendered":"<p>Here is a quick blog post to warn you of targeted attempts to distribute malware by unknown and hostile persons. Over the last few weeks we have been sent numerous emails similar to the one below:<\/p>\n<p><a href=\"http:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/files\/2016\/04\/Screenshot-28_04_2016-09_02_12.png\" rel=\"attachment wp-att-420\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-full wp-image-420\" src=\"http:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/files\/2016\/04\/Screenshot-28_04_2016-09_02_12.png\" alt=\"Screenshot - 28_04_2016 , 09_02_12\" width=\"702\" height=\"624\" srcset=\"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/files\/2016\/04\/Screenshot-28_04_2016-09_02_12.png 702w, https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/files\/2016\/04\/Screenshot-28_04_2016-09_02_12-300x267.png 300w, https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/files\/2016\/04\/Screenshot-28_04_2016-09_02_12-338x300.png 338w\" sizes=\"(max-width: 702px) 100vw, 702px\" \/><\/a>At a first glance it looks relevant. It is addressed to me personally, it references my place of work, it has some invoicing details that could conceivably be genuine. However, alarm bells should be ringing as it is from a contact I have never heard of, the company is not relevant, the email address is not consistent with the contact name, and the email is hosted from an american cable TV\/ISP company. This type of email\u00a0has been dubbed a\u00a0<strong>spear-phishing attack<\/strong> by threat researchers.<\/p>\n<p>If you were to download and open the MS Word file it contains a macro which deploys a Malware payload which sniffs out data on your computer and sends it back to the command and control server. More info at:<\/p>\n<p><a href=\"http:\/\/www.computing.co.uk\/ctg\/news\/2451215\/the-return-of-the-microsoft-word-macro-virus-with-malicious-documents-that-execute-powershell-scripts\" target=\"_blank\">The return of the Microsoft Word macro virus<\/a><\/p>\n<p>A colleague was recently infected by malware distributed by opening a MS Word document. Whilst the infection was caught and dealt with quickly\u00a0they were unfortunately a victim of online bank fraud a few weeks later which may, or may not be connected, but the timing is highly suspicious. Here is a reminder to:<\/p>\n<ul>\n<li>Only open expected email attachments that come from a trusted source.<\/li>\n<li>Don&#8217;t rely on all anti-malware software to detect viruses in email attachments as\u00a0not all macro viruses are detected by antivirus software.<\/li>\n<li>Delete any suspect emails\u00a0without opening them.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here is a quick blog post to warn you of targeted attempts to distribute malware by unknown and hostile persons. Over the last few weeks we have been sent numerous emails similar to the one below: At a first glance &hellip; <a href=\"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/2016\/04\/28\/fake-invoice-warning\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[41],"tags":[45,43,42,44],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pcqGb1-6L","_links":{"self":[{"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/posts\/419"}],"collection":[{"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/posts\/419\/revisions"}],"predecessor-version":[{"id":425,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/posts\/419\/revisions\/425"}],"wp:attachment":[{"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/media?parent=419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/categories?post=419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/libraryblogs.is.ed.ac.uk\/openscholarship\/wp-json\/wp\/v2\/tags?post=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}