Friendly Phishing

Spear phishing is a phishing attack that targets a specific person and is made to look like it comes from a trusted source. Social media has fast become the easiest way for cybercriminals to find a specific target. These attacks on social media often come from fake accounts, but in a recent scam, the hackers used real accounts that had been compromised. After taking over an account, the hacker impersonates the person and targets their friends and followers. 

In this scam specifically, cybercriminals use the hijacked account to make contact in a friendly, personal way. This is done to lower your guard. This allows, since you don't know that the account has been hijacked, you to trust who you think you are talking to and any information you may be receiving from them. The cybercriminals then send you a Microsoft Word document asking for you to review and give them advice. This document, once opened will ask you to enable macros. If you do enable macros, your computer system will then automatically download and install a dangerous piece of malware.

Follow the steps below to stay safe from this scam:
•    Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
•    Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.
•    Remember that cybercriminals can use more than just links within emails to phish for your information. 
Always, think before you click!