Why you risk starting the New Year broke

You risk starting the New Year broke as cybercriminals target payments process of companies as well as divert money meant for suppliers and employees to their personal accounts.

The new cyber-attack is targeted at African organisations, with local cybersecurity firm Serianu warning that local firms stand exposed to hacking.

This could see more firms and individuals lose their money to the criminals.

SEE ALSO :How to get hacked

The attack comes in the form of an email inbox disguised as a ‘pending payments’ request with an excel sheet attachment and when downloaded, opens the doors of an organisation’s systems to cyber criminals.

According to Serianu, the risk is heightened at this particular time of the month, being end month as well as the year when many companies are processing numerous invoices and payments.

The cybersecurity company in an alert to its clients on Saturday warned of a “new phishing attack spread via a malicious payment.xls document targeting organisations in Africa.”

Critical data

It added that all departments that process payments are targets of the malware, which is capable of compromising and stealing critical data from an organisation’s systems.

SEE ALSO :Cyber attacks soar amid rise in internet, mobile cash use

“The Pending payments.xls file is a malicious Microsoft Excel application distributed via emails,” warns the company in a statement, adding that the file requires a person to manually run the same before their systems can be compromised.

The firm said it found that the malware has ‘dropper functionality’ - meaning it can download malicious files from the links it stores in advance into a computer.

Meanwhile, in their step-by-step explanation of how an attack happens, the Serianu alert says the first step is that targets receive an email with an attachment dubbed Payments.xls.

 Then, once a person downloads and runs the file, a malicious code with ‘dropper, adware and backdoor’ capabilities is executed.

To avoid risks of the attack, the firm recommends that a person receiving the suspicious mail or document not to click or download the attachment.

SEE ALSO :Mastercard expands digital identity commitment with Samsung

Register to advertise your products & services on our classifieds website Digger.co.ke and enjoy one month subscription free of charge and 3 free ads on the Standard newspaper.

Cyber securitySerianuCyber AttackOnline PaymentMoney