Yes, we are talking about Phishing… again! The complex methods used by Threat Actors today makes me long for the days when malicious emails were comprised of either very poor English, or someone telling me that I was being gifted $1,000,000 by some person I never heard of in some far away country!
The current Malware campaign making the rounds right now is using the Election as bait. This isn’t surprising – many folks are concerned about the outcome. What makes this one tougher, is the tactics being used. This is a Qbot campaign. Currently, the folks deploying it are sending out emails asking for your opinion on election discrepancies and asking you to look at a DocuSign document. This isn’t a DocuSign document – it’s actually a malicious Excel spreadsheet disguised to look like DocuSign.
Here is the part that makes this campaign tough to spot. The Threat Actors often camouflage these messages as replies to previously stolen emails, so you’re more likely to trust them and open them without thinking. This is what makes Qbot one of the “oldie but goodie” malware threats that continually, and successfully, comes around. In addition to stealing your data from your computer, Qbot steals emails and contacts lists that it can use to catch your coworkers, family, and friends. It was last used very successfully a few months ago disguised as Windows Antivirus message, asking you to “decrypt the attachment” by enabling the Excel spreadsheet. Qbot will keep coming around and continue to create victims of those who aren’t careful.
Best advice is still the same – if you weren’t expecting it – don’t open it!! Email the sender separately, text them, or call them on the phone. Make sure they sent it before you click on it!
Be safe. Be Secure.