{"id":1949,"date":"2017-02-12T20:16:31","date_gmt":"2017-02-12T08:16:31","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=1949"},"modified":"2017-02-12T20:16:31","modified_gmt":"2017-02-12T08:16:31","slug":"weeks-social-engineering-hack","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=1949","title":{"rendered":"This week\u2019s social engineering hack"},"content":{"rendered":"

The latest attempt to trick you into opening an infected document.\u00a0 Includes swearing and then a new enticing warning message.<\/p>\n

Today I received this message (I have edited out the swear word.)<\/p>\n

yea , we finally did it.<\/em><\/p>\n

here is the bank confirmation:<\/em><\/p>\n

bofa_card_statement_bill.doc <\/em><\/p>\n

now fXXk off and try not to contact me again or else.<\/em><\/p>\n

On Feb 6, 2017 at 3:25 AM,\u00a0 bill@kinetics.co.nz wrote:<\/em><\/p>\n

did you send the money? i need the proof<\/em><\/p>\n

Others have received a similar message \u201cWho the fXXk are you and why are you on my credit card statement\u201d.<\/p>\n

When you click on the link it downloads or opens a word document.\u00a0 Most systems will block the documents active contents. \u00a0So it displays this rather official looking message encouraging you to unlock the document.<\/p>\n


\n<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Needless to say, if you do there is a nasty macro hidden inside.<\/p>\n

[header2 text=”Good news – if you have your setup correct and in accordance with our best practice, then you are safe!” align=”left” color=”#00cfef” margintop=””]<\/p>\n

When I tested this on our isolated system, I found that the nasty would not run if the user account did not have administrator rights on the PC.\u00a0 When the user had Administrator rights, KARE AV found and disinfected the attempt.<\/p>\n","protected":false},"excerpt":{"rendered":"

The latest attempt to trick you into opening an infected document.\u00a0 Includes swearing and then a new enticing warning message. Today I received this message (I have edited out the swear word.) yea , we finally did it. here is the bank confirmation: bofa_card_statement_bill.doc now fXXk off and try not to contact me again or […]<\/p>\n","protected":false},"author":5,"featured_media":1950,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-1949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/1949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1949"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/1949\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}