Hi everyone,

I want to make you aware of a phishing campaign recently identified by Proofpoint researchers. This scam is designed to trick employees into running malware on their systems by exploiting a sense of urgency and using technical jargon.

The Decoy: The attack starts with an email containing an attachment or a link to a webpage. When the attachment is opened or the link is clicked, a pop-up window or error message appears, mimicking a legitimate software issue.

The Bait: The fake message instructs the user to copy and paste a script into PowerShell or the Windows Run box. This script claims to fix a critical issue, such as installing a new root certificate or resolving a software bug. However, running the script actually downloads and installs malware onto the system.

The Threat: This campaign is particularly concerning because it focuses on compromising web browsers. By installing fake browser updates, attackers gain access to a user’s browsing activity, potentially exposing sensitive information.

Guarding Against the Scheme: The best defense against this type of attack is employee awareness. Here are some key points to remember:

  • Identify Red Flags: Be cautious of emails with unexpected attachments, unsolicited urgency, and grammatical errors.
  • Verify Sources: Only update software through trusted sources and official channels provided by your IT department.
  • Training and Awareness: Regular training and fostering a culture of cybersecurity awareness can significantly reduce the risk of falling victim to such tactics.

Stay vigilant and always be on the lookout for suspicious activities. If you have any questions or need assistance, feel free to reach out to me.

All the best,
Stephen McCormack