October is Cybersecurity Awareness Month

Published On October 28, 2022 | By Tom Huskerson | News and Analysis

Hacker’s Dirty Tricks!

October is Cybersecurity Awareness Month and you need to make sure you are doing your part. Being cyber aware and cyber smart is the most important thing you can do to protect yourself from hackers, cyber crooks, identity thieves and all other miscreants lurking online.

Lets start this Cybersecurity Awareness Month by talking about some of the dirty tricks hackers are using to get inside you computer and your life.

PowerPoint Mouse Over Attack

I don’t know many people who work with a computer either at work, home or school. PowerPoint is a wonderful presentation tool but guess what? The hackers have found a weakness in the PowerPoint software and to get at you all you have to do is…nothing!

Russian hackers have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. In other words they are using your mouse to introduce malware into your computer and PowerShell is how they send commands to your computer.

Strangely this is not a new attack. Its has been known since 2017.

Now currently the threat is most prevalent in Europe and targets government and military sectors. But you know that its just a matter of time before they start using it against the unsuspecting consumers like yourself.

When you open the document into presentation mode and hover your mouse over a hyperlink, a malicious PowerShell script is activated to download a JPEG file (“DSC0002.jpeg”) from a Microsoft OneDrive account. Its that easy. Just pass your mouse over the link and BAM! GOTCHA!

One of the tricks they are using to send these PowerPoint presentations as an attachment to unsuspecting victims using content or words that are meant to stoke your interest. Right now they are using the Organization for Economic Co-operation and Development (OECD), an inter-governmental entity working towards stimulating worldwide economic progress and trade to snag government workers. But you know that that subject matter could quickly change up.

Just keep in mind one of the fundamental rules of online survival. Don’t click on or download any attachment unless you are absolutely sure of its origins and why you are receiving it. It takes only a minute to call your friend and ask “…what are you sending me and why?” And keep this in mind, hackers love to spoof their emails to look like its coming from someone you know.

SO DON’T CLICK ON ANYTHING YOU ARE NOT CERTAIN OF!

Fake Zoom Accounts

Just like PowerPoint Zoom is another useful too that allows the user to collaborate with the his co-workers anywhere in the world and at anytime. But of course the hacker are there too!

Even when it is not Cybersecurity Awareness Month you need to think twice before downloading Zoom online. Why? Because multiple fake sites are popping up claiming to offer free Zoom downloads only to trick people into downloading malware instead. Yeah; another GOTCHA!

A report is out from the cybersecurity firm Cyble’s Research and Intelligence Lab (CRIL) that explains how the scheme works and is worth reading.

An watchdog listed the URLs of six different but similar malicious websites, and it’s what first kicked off the CRIL investigation. This might go without saying, but please don’t visit those URLs:

/zoom-download.host

/zoom-download.space

/zoom-download.fun

/zoomus.host

/zoomus.tech

/zoomus.website

You need to pay attention! Victims who stumble on one of these fake websites while trying to download Zoom won’t see anything out of place because they are not looking closely at the URL. But one click later, it’ll be too late. BAM! GOTCHA!

As I said, these fake websites are the work of highly motivated and clever hackers and are designed to replicate the Zoom software’s home page. The duplication is complete with the same designs, colors, and friendly orange “Sign up, it’s free” button to snag a victim And since the official Zoom URL — https://zoom.us — uses a “us” domain rather than the more common “com”, it’s already slightly unusual, meaning that the fake URLs don’t stand out quite as much. BE ALERT!

Now here is where the trick gets really dirty. If you click on the link YOU WILL GET ZOOM! AND THE MALWARE TOO! Told you it was dirty trick!

The victims won’t even realize they’ve been tricked! While they happily using the Zoom app the malware, undetected, is siphoning off personal data.

Staying safe from this scam is not hard; Don’t download Zoom or any so-called free software unless you’re positive it’s from the official website. Or, as CRIL says “identify the legitimacy of the source before downloading any executables.”

Hackers are very smart and they are also very knowledgeable of the how humans think and behave. Trust me they study this stuff. These tricks are surprisingly easy to fall for and they know it, And so should you! Let tell you how smart these hackers are; they know that the people most at risk for getting tricked are the ones who are the most confident that they’re safe. This is the internet, trust no one or any website. Be suspicious of everything until you are certain of your actions.

October is Cybersecurity Awareness Month.

 

 

 

 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.