October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

Hacker’s Dirty Tricks!

October is Cybersecurity Awareness Month and you need to make sure you are doing your part. Being cyber aware and cyber smart is the most important thing you can do to protect yourself from hackers, cyber crooks, identity thieves and all other miscreants lurking online.

Lets start this Cybersecurity Awareness Month by talking about some of the dirty tricks hackers are using to get inside you computer and your life.

PowerPoint Mouse Over Attack

I don’t know many people who work with a computer either at work, home or school. PowerPoint is a wonderful presentation tool but guess what? The hackers have found a weakness in the PowerPoint software and to get at you all you have to do is…nothing!

Russian hackers have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. In other words they are using your mouse to introduce malware into your computer and PowerShell is how they send commands to your computer.

Strangely this is not a new attack. Its has been known since 2017.

Now currently the threat is most prevalent in Europe and targets government and military sectors. But you know that its just a matter of time before they start using it against the unsuspecting consumers like yourself.

When you open the document into presentation mode and hover your mouse over a hyperlink, a malicious PowerShell script is activated to download a JPEG file (“DSC0002.jpeg”) from a Microsoft OneDrive account. Its that easy. Just pass your mouse over the link and BAM! GOTCHA!

One of the tricks they are using to send these PowerPoint presentations as an attachment to unsuspecting victims using content or words that are meant to stoke your interest. Right now they are using the Organization for Economic Co-operation and Development (OECD), an inter-governmental entity working towards stimulating worldwide economic progress and trade to snag government workers. But you know that that subject matter could quickly change up.

Just keep in mind one of the fundamental rules of online survival. Don’t click on or download any attachment unless you are absolutely sure of its origins and why you are receiving it. It takes only a minute to call your friend and ask “…what are you sending me and why?” And keep this in mind, hackers love to spoof their emails to look like its coming from someone you know.

SO DON’T CLICK ON ANYTHING YOU ARE NOT CERTAIN OF!

Fake Zoom Accounts

Just like PowerPoint Zoom is another useful too that allows the user to collaborate with the his co-workers anywhere in the world and at anytime. But of course the hacker are there too!

Even when it is not Cybersecurity Awareness Month you need to think twice before downloading Zoom online. Why? Because multiple fake sites are popping up claiming to offer free Zoom downloads only to trick people into downloading malware instead. Yeah; another GOTCHA!

A report is out from the cybersecurity firm Cyble’s Research and Intelligence Lab (CRIL) that explains how the scheme works and is worth reading.

An watchdog listed the URLs of six different but similar malicious websites, and it’s what first kicked off the CRIL investigation. This might go without saying, but please don’t visit those URLs:

/zoom-download.host

/zoom-download.space

/zoom-download.fun

/zoomus.host

/zoomus.tech

/zoomus.website

You need to pay attention! Victims who stumble on one of these fake websites while trying to download Zoom won’t see anything out of place because they are not looking closely at the URL. But one click later, it’ll be too late. BAM! GOTCHA!

As I said, these fake websites are the work of highly motivated and clever hackers and are designed to replicate the Zoom software’s home page. The duplication is complete with the same designs, colors, and friendly orange “Sign up, it’s free” button to snag a victim And since the official Zoom URL — https://zoom.us — uses a “us” domain rather than the more common “com”, it’s already slightly unusual, meaning that the fake URLs don’t stand out quite as much. BE ALERT!

Now here is where the trick gets really dirty. If you click on the link YOU WILL GET ZOOM! AND THE MALWARE TOO! Told you it was dirty trick!

The victims won’t even realize they’ve been tricked! While they happily using the Zoom app the malware, undetected, is siphoning off personal data.

Staying safe from this scam is not hard; Don’t download Zoom or any so-called free software unless you’re positive it’s from the official website. Or, as CRIL says “identify the legitimacy of the source before downloading any executables.”

Hackers are very smart and they are also very knowledgeable of the how humans think and behave. Trust me they study this stuff. These tricks are surprisingly easy to fall for and they know it, And so should you! Let tell you how smart these hackers are; they know that the people most at risk for getting tricked are the ones who are the most confident that they’re safe. This is the internet, trust no one or any website. Be suspicious of everything until you are certain of your actions.

October is Cybersecurity Awareness Month.