Blogs

Beware of new phishing scam: infected emails that masquerade as PowerPoint files

By NJSBA Staff posted 04-16-2021 09:38 AM

  

The New Jersey State Bar Association has learned of reports of a new type of phishing email emerging in New Jersey that uses an infected PowerPoint file. According to cybersecurity authorities, the malicious email launches a small program to record every key the user hits on their keyboard (passwords, logins, information, etc.).

At the moment, this exploit mostly appears in bogus purchase order and quote-related emails, but it is starting to evolve into other formats that look more realistic and credible.

The phishing email is a new variant of the FormBook malware designed to steal personal information via keyloggers and form grabbers.  

The new phishing email appears as a reply to a request for a purchase order that says details are contained in an attached Microsoft PowerPoint PPS file. When the file is opened, it automatically displays in Slide Show view.

Any movements or clicks of the mouse launches the malicious code.

The New Jersey Cybersecurity & Communications Integration Cell saw similar FormBook campaigns that were attempted to be delivered to New Jersey state employees, which purported to contain details about order confirmations, quotes and bank transfers.

As always, if you receive an email or a file that you are not expecting, don’t open it. And if you have any questions, reach out to a member of your IT team. 

 

 

 

Permalink