Mail and VK WorkSpace have found that approximately 30% of malicious files in email newsletters are disguised as financial documents. Most often, attackers use topics that look familiar to businesses: SWIFT payment confirmations, invoices, commercial offers, and requests.
According to analysts, fraudsters send such emails from compromised business accounts of foreign organizations. This increases trust in the message: the email looks not like random spam, but like work correspondence from a real company.
Attachments usually contain RAR archives with vbs files disguised as Excel spreadsheets. If a user opens such a file, a malicious script can be downloaded to the device. It can give attackers remote access to the computer and create a risk of data leakage or further infection of the corporate network.
Experts note that fraudsters are changing tactics due to increasing user caution. Simple phishing emails are increasingly raising suspicions, so attackers are looking for more unconventional attack formats and disguising malicious files as documents that employees are accustomed to opening in work correspondence.
