Scam emails are nothing new, but the methods within them are constantly evolving in order to trick even the most savvy computer users into clicking a tempting, harmless-looking link. A recent scam made off with over half a million iCloud images by asking for users’ iCloud logins under a false, yet convincing email address. Cyber scams and phishing attempts are on the rise, showing no signs of slowing down. Unfortunately for consumers, a lot of security measures are responsive rather than proactive, so it pays to constantly be on the lookout for suspicious emails or links. If this doesn’t make sense to you, the best analogy is basically like a letter versus a parcel. If you were to receive a large mysterious parcel, you might think twice about what’s inside, which could make you a bit apprehensive about opening it. However, if you received a mysterious letter, even if the envelope was suspicious, you’d probably open it, because how dangerous can it be? This is basically the logic behind this phishing campaign. Excel spreadsheets are pretty low down on the list of potentially dangerous documents, so it’s easy for a computer’s security systems to pass it over entirely. These links are often sent to finance businesses, as they have a lot of sensitive client data that can be harvested by these macros. This is not the first time that macros have been used in attacks like this, as Microsoft has previously made efforts to patch this loophole. However, groups have consistently worked their way around these fixes. Due to this increased potential for cyber crime, hackers and phishers have exploded onto the scene, trying all sorts of various scams in order to trick people out of their money and data. While they’ve always been a constant, and will be for as long as we have computers, there has been a massive spike in things like password theft. As for the specific motive of this Excel scam, there is a clear financial motivation. While the perpetrators of the scheme aren’t officially known, the practice is very similar to that of a financially motivated Russian group that has been designated as TA505. – Morphisec researcher Arnold Osipov However, cyber lines of defense are always being updated and improved. There are thousands of ways that people can try to worm their way into your wallet or data, and these can be stopped by using the right software. Anti-virus software is crucial for any business, as they’re often the target for more high profile hacker groups. And that’s just one of many tips that could stop your business from taking a substantial hit.