Scam emails from ‘Benedict Brown’
What’s the threat?
Scammers are posing as Microsoft security experts in an attempt to infect computers with the dangerous Neutrino malware. They send emails that claim to be from ‘Benedict Brown representing Microsoft Security Office’ (see screenshot), telling the recipient that access to their bank accounts and cards has been blocked because of suspicious activity.
The email urges you to click a link to download a report containing more details, and to read instructions to unblock your account. In order to read the report, which comes as a Word document, you’re asked to enable macros. Doing so allows Neutrino to strike. It can take screenshots of your PC, record what you type, and absorb your computer into a botnet.
Hackers love Neutrino because it requires little knowledge of computer security. Malwarebytes, which discovered the scam, said that criminals with “zero coding experience” can use the malware. It exploits programs that are known to be riddled with security flaws, such as Adobe Flash Player.
What should you do?
Remember the name ‘Benedict Brown’. Nobody of that name works for Microsoft, and even if they did they wouldn’t email you to say that access to your bank account has been blocked. Thankfully, it’s not the most convincing email. There are no Microsoft logos, and it contains the usual English-language abominations, such as ‘Surely, we care of your convenience and productivity’. Read it in full at www.snipca.com/23131.
On a general note, you should consider disabling macros in Microsoft Office tools so hackers can’t use them to spread malware. Microsoft provides instructions for doing this in Office 2010, 2013 and 2016 ( www.snipca. com/23133). For Office 2007 visit www.snipca.com/23132.