Stay cyber secure: Watch out for new Qakbot email scam
At a glance (2 minute read)
- Cybercriminals are using malware, called Qabkot, to steal log in credentials and hijack email addresses.
- Stay alert - don't download unexpected attachments or images, and don't click suspicious links, even if they're coming from a trusted source.
Cybercriminals are perpetrating a new scam that members should be aware of. Using the latest version of a malicious software called Qakbot, these criminals are stealing identities and accessing personal information.
This scam uses an infected email address to send legitimate-looking emails to anyone that email address has interacted with.
This makes these phishing emails much harder to spot.
How it works
Cyber criminals will try to install Qakbot on your computer by sending you an email with a link, attachment, or image. These “phishing” emails will typically look like they come from reliable sources, like online stores, social media sites, or delivery companies.
If you click the link, download the attachment, or load the image in the email, it’ll install Qakbot on your device. Once installed, this malware gives hackers a variety of paths to steal your credentials, usually by recording your keystrokes which gives them your email log-in credentials .
From there, they’ll use your email to send malicious emails to your contacts. Sometimes, they send additional Qakbot links to gather more personal information. Other times they use your email to send ransomware, which is software that hijacks the data on a device so the attacker can demand payment to restore access.
Tips to stay safe
Vigilance is the first line of defense against an attack.
- Think before you click. Phishing relies on you making an impulsive decision. Be suspicious of emails demanding immediate action, and always go directly to a website to perform an action like tracking a package or making a payment – never use the link provided in an email.
- Don’t download images or attachments on unexpected emails. While attached documents and files from unexpected emails are an obvious threat, images embedded in an email can also be a vector for malware. Most email programs have ways to stop malicious photos – make sure you’re using these features. Outlook, for example, will prevent external images form displaying by default.
- Verify suspicious emails from contacts. Trust your gut, if you get an email that seems off, even if its from a trusted contact, don’t click any links or attachments. Always verify suspicious requests with the sender using another means of communication, like a phone call.