Strange IndiaStrange India


You know you shouldn’t open unsolicited file attachments. The rule holds true whether you get them in an email, as a link on a public social media message, or randomly sent your way in a chat app: Don’t open a file you weren’t expecting to receive, ever. And even if you were expecting it, you should also be cautious when opening files from someone you’ve never previously talked to.

(Of course, even when a familiar contact sends you a file that could be legitimate, but raises the hair on your neck ever-so-slightly due to its timing, the file name, the file size, or other general weirdness, you should maintain your skepticism and run a virus scan just in case.)

As far as computer security goes, this is one of the first and easiest rules to remember. However, I can see how the process might easily break down when you receive a file on LinkedIn. After all, it’s LinkedIn, right? The “professional” social network! And that recruiter hitting you up about that amazing (contract) job opportunity wouldn’t be scamming you. They want to employ you! Now, just click on this handy attachment to view the job description, and…

No. Do not do that. You should still be wary if you’re getting a .DOCX or a .PDF of a posting that could have otherwise been sent as a hyperlink to a website or simply copied and pasted into the message or a subsequent email. And, as eSentire notes, definitely do not open the attachment if it’s, say, a .ZIP file that you’re being sent out of the blue. A recent malware campaign is using that exact method to cause problems:

“eSentire’s research team, the Threat Response Unit (TRU), discovered that hackers are spearphishing victims with a malicious zip file using the job position listed on the target’s LinkedIn profile. For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer. The threat group behind more_eggs, Golden Chickens, sell the backdoor under a malware- as- a- service(MaaS) arrangement to other cybercriminals. Once more_eggs is on the victim’s computer system, the Golden Eggs seedy customers can go in and infect the system with any type of malware: ransomware, credential stealers, banking malware, or simply use the backdoor as a foothold into the victim’s network so as to exfiltrate data.”

If you truly must open a file attachment you’ve received from someone you don’t know, or one you weren’t expecting, download it and give it a thorough virus scan and malware scan before opening it. There are ample free tools you can use to accomplish either. I’d even argue it’s worth being extra-paranoid and opening said file in a sandbox—a temporary virtual environment whose contents can’t cause calamity on your actual system. Typically when you close said sandbox, anything that happened within it disappears; start up another sandbox, and your virtual environment is fresh and new again.

If you’ve already opened a now-suspicious seeming attachment from LinkedIn—or anywhere—make sure that your antivirus and antimalware apps are as up-to-date as possible, run full scans of your system, and send the file you downloaded to a service like VirusTotal for a little extra help confirming whether you were hit. Be prepared to scrub and reinstall your PC if you discover you have indeed been infected

In these situations, using your common sense is your best bet. If someone refuses to simply copy and paste the contents of a document when asked, especially if they’re soliciting you out of the blue, ask yourself what reasons they have for being so reluctant. If you confront them about the necessity of a .ZIP file and they waffle, that’s a sign something is strange about the alleged “offer” they’re presenting.





Source link

By AUTHOR

Leave a Reply

Your email address will not be published. Required fields are marked *