GMAIL users are being warned of a dangerous email doing the rounds that could strip you of your savings.
Cyber security experts say that the message contains a dodgy attachment that, if opened, puts your bank account at risk.
1
The attack was detailed in a blog post last week by Trustwave senior security researcher Diana Lopera.
Apparently, the message takes a number of different forms and is flooding the inboxes of users of Gmail, Outlook and other providers.
“The messages in this campaign have two things in common,” Diana wrote on March 24.
“First, the email body has similar text, which as usual, directs the recipient’s attention to the attachment.
“Second, the email contains only one attachment named ‘request.doc.'”
She added: “Once the attacker tricks the recipient into extracting the contents of ‘request.doc’… the system can be compromised.”
According to the researchers, attackers are using file formats that would not normally raise suspicions.
One popular choice is an ISO file, a package of data most frequently found on a disk such as a CD or DVD.
The text within the email directs the recipient to the attachment, which is dressed up to look like a simple text file.
However, once opened, the attachment infects your phone or PC with the data-hoovering Vidar malware.
Most read in News Tech
As Diana explains, Vidar can steal information and data from a wide range of browsers and applications.
It’s not clear precisely what the attackers are looking for, but similar malware is frequently used to snatch people’s online bank logins.
Usernames and passwords to social media platforms such as Facebook are also common fodder for data-hungry cybercrooks.
Once Vidar has stolen its data, it’s able to delete the files that it created on your system – vanishing without a trace, Diana said.
Thankfully, it’s relatively easy to avoid this Gmail hack campaign.
Cyber experts have for years urged people not to open email attachments from sources they don’t recognise.
Even if you do recognise the sender, it’s worth double-checking the message and attachment first.
A number of scams involve using similar addresses to known persons or companies in order to fool victims into clicking an attachment or link.
If you’re worried that you might have fallen for a financial scam, the first thing you should do is contact your bank.
You should then report it to ActionFraud. Their website is actionfraud.police.uk, and their phone number is 0300 123 2040.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
