Phishing scams have been around since the earliest days of email, but the basic tactic is the same: Hackers email you fake links or files that dupe you into coughing up personal info or installing malicious software on your device. These fake links are easy to catch if you employ basic internet safety practices, but the latest phishing scams are more sophisticated about hiding their intentions.
A recently discovered phishing campaign slips a legitimate remote desktop tool called NetSupport Manager onto your device by hiding it in “safe” password-locked files that can pass antivirus scans (via ZDNet). The files are sent in important-looking financial emails flagged as “urgent” to entice users into opening them. Large companies are most at risk, but the campaign also targets individual users to snag their personal information at potentially steal their identities. Once NetSupport Manager is installed, the hackers can remotely access your devices, network, and all of the apps and data stored on them.
It’s a novel strategy, but like all phishing scams, this is an entirely avoidable attack once you know what to look out for. Scrutinise every email you receive from unknown sources, don’t click random links, and don’t download or open attachments you’re not expecting—even if they seem important and appear to be “safe.” If you’ve opened any random emails containing “protected” files, you may want to check that NetSupport manager hasn’t been installed on your PC. If it has, uninstall it immediately.
You should also install an antivirus program for real-time protection and an anti-malware program for regular scans. Even though some fake files can pass through scans unnoticed, most will still be caught, and the antivirus program can help remove malicious files if they manage to make their way onto your system.