Cybercriminals Are Exploiting the Black Lives Matter Movement
As hundreds of thousands of people across the globe have united in solidarity to support the Black Lives Matter (BLM) movement, cybercriminals are unfortunately taking advantage by utilizing the movement to distribute malware via phishing scams.
The Swiss security company Abuse.Ch reports that these scams begin with a phishing email in which attackers camouflage themselves as government officials to lure victims into clicking a malicious email attachment. The phishing email urges receivers to anonymously vote for the BLM movement while a well-known banking Trojan malware called TrickBot hides in a Word document waiting to be executed.
Named after the classic Trojan horse ploy, Trojan malware is a type of malicious software that is disguised to appear legitimate and aims to steal sensitive information. Banking Trojans such as TrickBot are a form of Trojan malware that disguises itself as something beneficial to users, but once installed seeks to steal money or banking credentials.
In this particular attack, TrickBot is disguised within an email that contains the subject line “Vote Anonymous about Black Lives Matter.” The email asks targeted victims to complete and return a survey from a Word document that is named “e-vote_form_3438.doc”. If the attachment is opened, a button will urge recipients to “Enable Editing.” Within this button is the hidden TrickBot malware that will be downloaded to the victim’s system if clicked upon.
Cybercriminals are notorious for taking advantage of current events to lure in potential victims. COVID-19 has been consistently used as a plot in their attacks since the beginning of 2020 and attackers are now focusing on exploiting the Black Lives Matter movement. Since June 4, there has been an average of 49 new domain registrations containing the words “black lives” and “George Floyd.” These types of domains could convincingly be used for phishing traps targeted towards those who are seeking related information.
If you receive any unsolicited texts, emails, or other forms of information regarding the Black Lives Matter movement, be sure to think twice before clicking on any included links. For updated information, it’s best to go directly to a reliable source, such as blacklivesmatter.com, to avoid receiving any false information.
- Verify Authenticity Before Downloading Anything
Avoid downloading anything from unknown sources and always verify the authenticity of the download.
- Implement Multi-factor Authentication. Multi-factor authentication, where users are sent a verification code via text or email, adds an extra layer of security when logging in and provides alerts when someone is trying to use your credentials.
- Use unique passwords for your online accounts. Ensure that your online accounts are protected by using unique passwords for each of your individual accounts online. This can help protect your personal information by ensuring that if an attacker gains access to login credentials for one of your online accounts, they will not be able to use that information to access your other accounts. Consider using a password manager to keep track of your unique passwords and prevent credential theft.
- Recommended link: https://www.cnet.com/how-to/best-password-manager-for-2020/