Phishing is a method used to gain access to or gather personal or financial information from victims that requires an action on their part.
Phishing is the #1 cause of compromise. 30% of phishing emails get opened and 12% of those click on the link or attachment.
Malicious attachments can be in the form of a Word or Excel document, PDF, or even executables (.exe, .jar, etc.) Common sources are Word documents that contain macros. The crooks will try to entice you to run the macro by stating that the document contains “encrypted information for your protection”. If you allow the macro to execute it will download the malware. This can lead to loss of personal information, passwords, botnet activity and ransomware.
Here are some tips to avoid becoming a victim:
- Disable macros in Word and Excel so that a document that is opened won’t automatically launch. This can be handled via Group Policy.
- Enabling 2 factor authentication can help to prevent a stolen password from being used to access other accounts.
- Don’t open attachments from unknown senders