Attackers create fake websites of government agencies and reference legal systems.
The Bank of Russia announced a new threat to business-fraud using infected document templates. According to the regulator, secretaries, accountants, specialists in tax, financial and other reporting often search the Internet for document templates, which is what attackers use.
The essence of the scheme is that hackers create fake websites of government departments and well-known reference and legal systems and place documents containing viruses on them. At the same time, they use the method of SEO-poisoning ("poisoning" of search results), which allows such resources to occupy high positions in search results.
When a user downloads a document, a remote access program is launched on their computer. Attackers can use it to remotely change bank details in a company's contracts — for example, with contractors or suppliers. Instead of the data of the real recipient of funds, they indicate their own. In addition, scammers can block access to work computers and demand a ransom for its restoration.
The Bank of Russia recommends following a few simple rules to prevent such attacks. These include installing and regularly updating antivirus software, prohibiting automatic installation and running of various programs, checking the site address for authenticity and the presence of a blue circle with a check mark. In addition, you need to be careful when working with sites that do not have a secure connection icon (lock) in their address bar, and also upload documents only in secure formats, such as pdf, docx, xlsx, jpg, png.
The Bank of Russia announced a new threat to business-fraud using infected document templates. According to the regulator, secretaries, accountants, specialists in tax, financial and other reporting often search the Internet for document templates, which is what attackers use.
The essence of the scheme is that hackers create fake websites of government departments and well-known reference and legal systems and place documents containing viruses on them. At the same time, they use the method of SEO-poisoning ("poisoning" of search results), which allows such resources to occupy high positions in search results.
When a user downloads a document, a remote access program is launched on their computer. Attackers can use it to remotely change bank details in a company's contracts — for example, with contractors or suppliers. Instead of the data of the real recipient of funds, they indicate their own. In addition, scammers can block access to work computers and demand a ransom for its restoration.
The Bank of Russia recommends following a few simple rules to prevent such attacks. These include installing and regularly updating antivirus software, prohibiting automatic installation and running of various programs, checking the site address for authenticity and the presence of a blue circle with a check mark. In addition, you need to be careful when working with sites that do not have a secure connection icon (lock) in their address bar, and also upload documents only in secure formats, such as pdf, docx, xlsx, jpg, png.
