The baiting assault is a more sophisticated variation of the common email phishing attack, in which millions of recipients get emails with links to what they believe to be free software—often one of Microsoft’s suite of programs—when in reality they are downloading malware.
Even if delivering an engraved USB stick to random individuals in bogus Office Professional Plus packaging could be more expensive than email phishing, recipients are more likely to fall for the trick and believe they were given the $439 item by accident.
Of course, the storage device does not have Microsoft Office, according to Sky News. When victims insert the disc into their computers, a warning appears notifying them that a virus has been installed on their system and that the only way to get rid of it is to contact the toll-free number provided.
The fraud now enters the more familiar ground, according to Martin Pitman, a cybersecurity consultant at Atheniem. The caller on the other end of the call informs the victim that they must install a program in order to get rid of the virus after placing the call. This kind of remote access tool (RAT) gives the fraudster total command over the machine.
Here, the hackers “fixed” the issue before handing the victim over to the Office 365 subscription team to assist with the completion of the activity, according to Pitman.
To read our blog on “Microsoft is offering a ‘digital twin’ of the office for sale,” click here.
