Cybercriminals like to manipulate people into acting on impulse because anyone can fall for this trick, even government officials. In this week’s scam, a Russian hacking group is targeting members of the Polish government with an enticing phishing email. The email contains a link that claims to provide information about a mysterious person who has been in contact with Polish government authorities.
If you click it, the link redirects you through multiple websites before reaching an archive of .zip files. This archive contains a malicious file that is disguised as a photograph. If you open the file, a distracting image is displayed while the malicious software secretly downloads onto your device. Once installed, the malware can collect your sensitive data and send it back to the hackers.
Follow these tips to avoid falling victim to similar scams:
Avoid clicking on links in emails, especially if the email is not expected.
Phishing emails may contain alarming or sensitive topics to try and trick you into clicking on a link. Always be mindful any time an email is encouraging you to take action.
If an email seems suspicious, always follow your organization’s reporting policy. An email that is reported quickly can help to protect your organization from a larger phishing attack.