Skip to main content

Scam of the Week - Advanced Phishing Hidden in Plain Text

Posted on Wednesday, April 14, 2021 in Privacy & Security

Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name. 
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam. 

Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

  • Remember that bad guys can disguise anything, even file types.
  • Never click a link or download an attachment in an email that you were not expecting.
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team

Back to Top