Skip to main content

Recent Scams Article: Advanced Phishing Hidden in Plain Text

Posted on Wednesday, April 14, 2021 in Identity Theft Prevention

Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name. 
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam. 

Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

  • Remember that bad guys can disguise anything, even file types.
  • Never click a link or download an attachment in an email that you were not expecting.
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email

Article Provided by:

KnowBe4 logo

The KnowBe4 Security Team

Back to Top