Got one of these spear phishing attacks from a business colleague - it was a reply to an email chain, blah blah blah, told me to see the attachment, basically a textbook example of this:
https://blog.barkly.com/ursnif-banking-trojan-spear-phishing-attacks
The attachment was just a page that said it was created on an online version of Office 365 and that I had to enable editing.
Of course I thought it was strange & didn't download it or open it on my laptop, but foolishly previewed it on my phone's file manager to see if it would display differently.
Never opened it in Word, and deleted it from my phone immediately, but it took a full 24 hours for Gmail to flag the attachment as containing a virus and to disable downloads.
I have an Android phone. Scanned my phone 3x over with Kaspersky, Avast, Malwarebytes, didn't find any problems. Changed my email password anyway.
My question is:
- Would simply downloading it onto my phone have been enough to trigger any virus within? Gmail didn't say what kind of virus it was, just that it existed and that subsequent downloads were disabled.
- Would it only have harmed me if I had enabled editing/macros?
- Anything else I'm missing?
Thanks!
Submitted February 28, 2018 at 02:36AM by mehsexual http://ift.tt/2CKMRCp
No comments:
Post a Comment