Threat Alert: CHARITABLE SUPPORT Lures Lead to Malware Installation

• A series of phishing attacks is using charitable support-themed lures.
• These lures, which purport to come from organizations like Greenpeace and the MacArthur Foundation, come from   organizationally unassociated Gmail accounts.
• The lures encourage recipients to follow a link to sign a petition; the links lead to a fake CAPTCHA page.
• The pages contain instructions for copying, pasting, and running a command in the Windows Run box.
• Running the command leads to the   installation of malicious software (malware).

Key Action: Report Suspicious Emails 

• Remember cybercriminals take advantage of   strong emotions. Emails imitating trusted charities asking for simple support, like signing a petition, can be tempting. Charity organizations’ use of emotional tactics can also make it hard to differentiate from cybercriminals doing the same.
• Remember that cybercriminals commonly leverage current events in phishing attacks. Annual events like end-of-year charity pushes give cybercriminals time to prepare, as well as allowing them to take advantage of the potential urgency this   time of year can bring.
• Report ANY suspicious emails using the Phish Alarm button.