Are you concerned about your firm's cybersecurity?

Are you worried about your team member's password use?

Are you concerned about your firm's cybersecurity?

Are you aware that password management is a critical aspect of effective cybersecurity, and that failing to implement strong password policies could leave your business vulnerable to cyber attacks?

SSST #33 – Bait Shop: Dirty Window

We’re taking a quick break from our series on security layers to return to the Bait Shop for an alert about a fresh phishing scam making the rounds.

Microsoft recently announced its flagship operating system would soon be”going to eleven”–Windows 11. The new version’s appeal remains to be seen, but the awareness and anticipation surrounding its unveiling have already provided ammo for online scams.

Macheads are rolling their eyes, wondering why anyone would want new Windows 🙄, but tech upgrades are always tempting, and this one has spawned two separate cyber-attacks that have quickly spread across the ‘net.

Threat 1: Early Downloading

Beta testers and Windows Insiders have already tried the new OS, but the public release isn’t available until October (with Windows 10 updates slated for early 2022). So, when an installable version leaked in June, aspiring early adopters flooded pirate sites peddling instant gratification.

Some of those links did offer rough, unsupported builds…but many sketchy connections downloaded pure malware or functioning copies that came loaded with hidden viruses in a classic “baiting” maneuver.

Don’t take the bait –wait!

Heck, every new operating system is buggy on arrival, AND the Windows 11 upgrade will be free, so there’s no good reason to rush the switchover or deal with shady sites. Be patient, let patches fix inevitable zero-day exploits, and then only convert/install from a verified Microsoft link.

Threat 2: “Compatibility” Hoax

Windows 11 buzz has also fueled a phishing campaign that exploits confusion about the update and potential conformity issues.

Hackers are circulating Word documents supposedly generated on “Windows 11 Alpha”, implying compatibility issues with the user’s current system and prompting additional steps to open the file safely. (See below).

Unsurprisingly, following these instructions opens a local backdoor to malicious code embedded in the document that installs malware designed to steal the user’s financial data.

If you receive this file, this warning, or any email offering to walk you through Windows 11 adjustments, ignore it, quarantine it and mark it as spam! Even once Windows 11 is publicly available, any documents created will work fine with Windows 10.

Closing Shop

Windows 11 is genuinely on the way and will hopefully be a great new operating system (early screenshots suggest it’s looking more and more like macOS, so there’s hope 🤞) –but it’s not here yet. Don’tdownload anything early, and don’t worry about incompatible files; wait patiently and confirm that your upgrade originates from Microsoft servers.

To beef up law firm security and ensure your team doesn’t fall prey to these styles of scams, get them some awareness training and have your systems regularly scanned/updated in case anything nasty is downloaded. Better yet, just sign up for BobaGuard’s solution for the whole kit and kaboodle (with a side of kibble). 🐶😉👍

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.


The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers