A Mac-based business wrote:
We potentially have a virus issue. We all received an email from a colleague stating that he was sharing a document via OneDrive. Some employees clicked on the link, but could not open the attachment. So they sent a group email asking if anyone else got this email from the colleague.
I texted the sender asking if his email was legit…and he said “Don’t open that!” Apparently his boss got hacked last week and her email sent out those messages. He clicked on it. Now his email is sending out those same emails.
I’m not sure what to do here—can you assist? Is there a scan that they/we can run? Is it something you can help with remotely?
We don’t yet know that there’s any cause for concern. To start with, have any of you gotten any indication that your own accounts are spamming other people with this bogus message?
Additionally, I have somewhat less concern for anyone who tried to open it on a Mac or via Outlook on the web. How many of you use the Outlook app on Windows?
I don’t tend to act as an alarmist in these situations, not because there isn’t a concern, but because any cause for concern gets triggered by initially opening the attachment. If you don’t see misbehavior, sussing the possible attack or effects can’t be comprehensive. It could be something that hits your computer, or your email, or ransomware that locks your files, and you don’t know ’til you know.
So with all that said:
- Any of y’all please be encouraged to change your email and computer passwords. Also, if you haven’t enabled two-factor authentication in your email accounts (or any other online service), run-don’t-walk to do that.
- Please ask the team if anyone has noticed their computer misbehaving, especially the browsers. If Safari, Firefox, or Chrome (or Brave or Vivaldi or Opera or…probably not Lynx…) misbehave in any suspicious way, let’s check it out. Most likely symptoms would be pestilent pop-ups, bogus search engines (i.e. does that really look like the real google.com?), persistently changed homepages, or unwanted buttons or extensions.
- We can do audits of each of your computers, or you can run manual scans in Windows (see below) or Malwarebytes for Mac: https://www.malwarebytes.com/mac/.
- You could each check with your correspondents to see if anyone got similar spam from you.
Please holler as soon as you run into any of that!