Wednesday, January 31, 2018
2017 Phishing Contest: Targeted with an attachment
This is another example of one of the contest entries that I wanted to share for educational purposes. You can learn more about the phishing contest here: http://www.w6fdo.com/2018/01/our-2017-phishing-contest.html
This entry simulated a targeted phishing attack with an attachment. Lonny (or someone pretending to be him =) sent this asking me to check if the passwords in the Excel attachment were strong enough. Seems straight forward, right? :-P
However, when I opened the Excel attachment, it prompted me to run its embedded macros! Of course, we know to never do this unless we are completely sure of the safety of the document.
After discovering that this was an entry in the contest, I opened the macro editor and found the following:
Lonny had created a custom macro and had embedded some fun information into it! Very nice job Lonny!!!
Of course, a real bad guy’s macros could easily compromise our computer or our account. Since macro use in Microsoft Office has returned as an effective mechanism for compromising our computers, attackers are sending out custom Office documents that instruct the user that they must enable Macros in order to display the document’s contents. Don’t fall for it! It’s bogus. Be suspicious, keep macros disabled by default, and never enable macros that come in a document where you don’t expect them.