Bank of Russia: Scammers Use Infected Documents in Business Attacks

Bank of Russia warns of new fraud threat

The Bank of Russia has issued a warning about an emerging threat to businesses involving fraud through infected documents. According to the regulator, hackers are taking advantage of professionals such as secretaries, accountants, and specialists in various reports who search for document templates online.

The criminals behind the scheme create fake websites for state departments and well-known reference systems, uploading documents infected with viruses. Additionally, they utilize the Seo-Poisoning method to ensure these malicious resources appear prominently in search results.

Once a user downloads one of these documents, a remote access program is activated on their computer. This program enables attackers to remotely modify bank details in a company’s contracts, replacing legitimate recipients with their own information. In some instances, scammers may also hijack working computers, demanding a ransom for restoration of access.

The Bank of Russia has provided several simple rules to help prevent such attacks. These include installing and regularly updating antivirus software, disabling automatic installation and launch of programs, verifying the authenticity of website addresses, and checking for a secure connection indicator (a locked icon) in the address bar. It is also advised to only download documents in safe formats such as PDF, DOCX, XLSX, JPG, and PNG.

/Reports, release notes, official announcements.