TrickBot the #1 Threat to Business…Just in Time for Tax Season!

It’s called TrickBot for a reason. The financial malware means big trouble for businesses the world over by using deceptive tactics that steal financial data. From individuals to financial institutions, TrickBot is tearing up the Internet with its tricky tactics aimed at getting your personal financial data or that of the place you work. Either way, TrickBot is improving over time, becoming the top threat to business on a global scale.

The latest “improvement” to TrickBot uses spam email appearing to be from Deloitte, a financial services company. Just in time for tax season, these emails are about a tax-incentive, a subject most Americans would be interested to know about. The email has a Microsoft Excel spreadsheet attached that allegedly has more information about the bogus tax incentive. One curious click on the attachment and game over–TrickBot malware takes over from there by infecting the device with malware. Another new TrickBot addition steals e-currency, the alternative to traditional currency, from Bitcoin Wallets.

Since its inception in 2016, TrickBot targets customers of major banking institutions worldwide, as well as past attacks in the U.S. to include Amazon, AMEX, and PayPal. TrickBot uses phishing campaigns designed to trick users into entering their financial data, including passwords, into bogus banking websites designed to look legitimate. It works on popular browsers like Google Chrome, Internet Explorer, Mozilla Firefox, and Microsoft Edge. Hijacking all that data puts victims at risk of fraud and theft of much more than just banking information.

Always be on the lookout for phishing email and don’t take that curious click unless you are 100% certain it’s taking you to a safe website or attachment. Since many spreadsheet attachments that are laced with ransomware use macros, be sure to disable macros by default in all of your programs. If you didn’t create the macro or don’t know who did, don’t enable them for any reason! Remember to look for the telltale signs of phishing such as incorrect use of the language, typos, and generic greetings such as “To users” or greetings that use your entire name or greet you by your email address.

Stealing sensitive data also puts TrickBot in a prime position for ransomware, threatening to lock a device and its data until a ransom is paid. Looking at its past, TrickBot isn’t going anywhere soon. Beware of emails that sound too good to pass up, especially those with attachments. TrickBot is ready to pounce, and hacking history shows we may be dealing with improvements for years to come. According to Trend Micro, “While this new variant is not groundbreaking in terms of what it can do, it proves that the groups or individuals behind TrickBot are not resting on their laurels and continuously improve it, making an already-dangerous malware even more effective.”

Stickley on Security
Published March 8, 2019