With the holidays quickly approaching, many are already starting their Christmas shopping, be it from physical stores, or through the internet. For those shopping online, it can be quite worrying when it comes to knowing how much you have spent so far. This is when email notifications come in handy, but what if you suddenly receive an email about some product being charged to you that you never even bought in the first place?
Microsoft is now warning online shoppers about a new phishing campaign going around which uses a fake credit card message to infect unsuspecting victims with the Cerber ransomware. This new attack plays on victims' sense of urgency, considering that many are spending money shopping online.
The email contains an attachment, which when opened gives the receiver step-by-step instructions on how to enable macros in order to see the "protected document." To make it seem even more real, the prompt contains a Microsoft logo, and is designed to be a support article, which can be seen on the Microsoft Community website.
Should the macro be enabled by clicking "enable content," this will unleash the Cerber ransomware, which will start encrypting the victim's files. The only way to decrypt affected files is to pay 1.3 bitcoins, which is equal to roughly $1000.
Macros on Word and similar files have been a popular attack vector of cybercriminals, by making it seem like the attachment is of utter importance. With this in consideration, "locking up" the message under a macro will make victims urgently open the content. However, it is not known to many that macros have the ability to run scripts and install programs, which apparently is being exploited by ransomware developers.
In its analysis, Microsoft notes that the email is plagued with errors that can be easy (or in some cases, tricky) to spot. For example, the username on the receiver's email address (ex. john_doe) is also used for the subject line, and the opening statement, creating some sort of personalization.
"The email itself is crude and shows almost no attempt to feign legitimacy," the researchers explained. "It contains some typographical errors, such as the missing number between the dollar sign and the comma in our sample. Also, users who are careful enough will likely notice that the sender address does not match the signatory."
To be able to stay safe from ransomware, Microsoft suggests to think before clicking, and to be wary of opening emails coming from unknown senders. They also recommend installing software only from trustworthy sources.
Cerber ransomware is one of the many crypto-malware programs that earn big money from victims. Back in August, it was found that even though only 0.3% of those infected are paying up, the malware author was seen earning almost $1 million from profits.