Cybercriminals continue to find new ways to trick users and steal their credentials. Sometimes, they even recycle decades-old tools that were never intended to be malicious.
For example, in a new scam, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails. The scam works by sending an email with a voicemail file attached. The filename ends in “mth.mp3”, appearing to be a legitimate MP3 file. However, the file is actually a malicious HTML file that has been disguised using right-to-left override (RLO) functionality.
RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, in this scam, cybercriminals use RLO to display “mp3.htm” as “mth.mp3”. If you open the file, you will be taken to a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.
Follow these tips to stay safe from similar scams:
Stop, Look, and Think. Don’t be fooled.
Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...