Microsoft’s recent announcement that the new version of Microsoft Windows, Microsoft Windows 11, will be released soon is capturing headlines around the world. Microsoft will allow Windows 11 to be downloaded and installed to qualified user computers.
It is a great news event to remind security awareness advocates of the high likelihood of phishers to use this event, and especially the download image capabilities, to phish people into installing malware. Certainly, Microsoft’s download process will not be a direct, “here is a URL link in an email” process.
Microsoft’s processes and licensing verification processes will ensure that the actual downloading offering service is sophisticated and safe.
The same cannot be said of phishers. They will no doubt send out tens of millions of emails claiming to be from Microsoft, service providers and IT departments, claiming that the targeted receiver MUST immediately download and install Windows 11 using the provided URL link under some threat of penalty or disruption.
You know it is going to happen. You know that some small percentage of users will fall for it. Hackers would not do it if a small percentage of people were not prone to these sorts of phishing attacks.
It is a great time to remind users about how newsworthy events, like the release of Windows 11, will be used by scammers and phishers. It is a great time to create simulated phishing campaigns based around Microsoft’s announcement and other newsworthy events (e.g., COVID, earthquake, celebrity deaths, global news, etc.) and see who could be susceptible to a real phishing attack using the same tactics.
It is also important to remind users to be very suspicious of any unexpected links to software install disc images. This applies to image file format extensions including ISO, IMG, BIN, MDF, VM, VMDK, VMX, and VHD. Most the phishing attacks will claim to link to disc image files, but really point to executables (e.g., EXE, ELF, DLL, etc.), archive file types (e.g., ZIP, ARC, etc.), scripts (e.g., PS, CMD, BAT, etc.) and commonly used document types (e.g., DOC, DOCX, PDF, etc.).
But many of the links will point to real, but maliciously used, disc image file formats. This is because many computer defenses do not block them by default and many people do not understand what those image files are and can do. Many antivirus programs do not scan them before they launch.
CONTINUED:
https://blog.knowbe4.com/be-wary-of-unrequested-disc-images
Attacks are in the wild already:
https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor
You may be interested in:
>> Is a Chromebook worth replacing a Windows laptop?
>> Find out in detail the outstanding features of Google Pixel 4a
>> Top 7 best earbuds you should not miss
Related Posts:
>> Recognizing 12 Basic Body Shapes To Choose Better Clothes
>>Ranking the 10 most used smart technology devices
>> Top 5+ Best E-readers: Compact & Convenient Pen
0 Comments:
Post a Comment