As many shoppers are expected to take advantage of the various Black Friday deals available at online retailers this week, Microsoft’s Malware Protection Center is using a new blog post to remind everyone to be careful about increasingly sophisticated ransomware attacks. For those unfamiliar, ransomware is a specific type of malware that stealthily gets installed on your device and then holds your files or operating system functions for ransom. And if you’re not careful enough, you may well become a victim if you fail to recognize fake emails from online retailers.
According to Microsoft, a spam campaign using pretty strong social engineering mechanisms is currently targeting Amazon customers. “The fake emails pretend to be notifications from the online retailer that a purchase has been sent out for delivery. To appear legitimate, the emails may also spoof delivery companies.” You can see an example below:
If you want to learn how to protect yourself against these kind of attacks, Microsoft’s Malware Protection Center shared the following tips:
For end users:
- Use an up-to-date, real-time antimalware product, such as Windows Defender for Windows 10.
- Think before you click. Do not open emails from senders you don’t recognize. Upload any suspicious files here. This campaign spoofs Amazon and the delivery companies Royal Mail, DHL, and FedEx. The attachment is a ZIP file, which may be a common attachment type, but it contains a .JS file. Be mindful of what the attachment is supposed to be (in this case, most likely a document) and the actual file type (a script).
For IT administrators:
- Use Office 365 Advanced Threat Protection. It has a machine learning capability to help your network administrators block dangerous email threats. See the Overview of Advanced Threat Protection in Exchange: new tools to stop unknown attacks, for details.
- Use Windows Defender Advanced Threat Protection to help detect, investigate, and respond to advanced and targeted attacks on your enterprise networks.
- Use the AppLocker group policy to prevent dubious software from running.
As we’re just ahead of the holiday season, we hope these simple tips will help you go on with your online shopping activities in a safe way.