How to Stop Microsoft Office Hackers from Stealing your Bank Credentials

Microsoft Office is certainly well known for making our work easy with products like Word, Excel, PowerPoint, Access, Outlook and more.

Sadly, it has been used by hackers to rob our credentials and make our lives a living hell as well. Hackers are extensively employing macros in Word and Excel files to inject malware and ransomware.

To avoid this, Microsoft has changed the default settings of Office. In the recent versions, macros are disabled and a warning is prompted when you try to enable it.

Having said that, according to the recent discovery by FireEye and McAfee –  there is a major security loophole which they called Critical Zero-Day Vulnerability, that empowers hackers to release malware without macros.

Hackers and Cybercriminals are always waiting for such kind of opportunity to take benefit out of it. Their targets are usually high profile but this doesn’t mean that they would leave the common man. According to speculations, these Cyber spies delivers Dridex, a malware which steals bank credentials, to exploit the susceptibility of millions of users.

The question is how does the Dridex work and how is it transferred to our computer?

See Also: 5 Quick Steps to Run a Security Check Up on Google Account

Dridex can be sent to your system through a Word Document via e-mail. When the Word Document attached to an e-mail is opened on your system, it connects your system to the hacker’s server and they can take control of your system to send the malicious content.

It is said, even Microsoft Windows 10 is vulnerable to this attack, which is claimed to be the most secure OS.

However, Microsoft developed a bug to overcome this vulnerability, which was released on 11th April 2017. It is recommended to install the update. As said, once bitten, twice shy. We need to get ourselves prepared for alleged future hacks and loopholes.

Steps to protect the computer from Microsoft Office Hackers:

Before protecting our valuable information from Microsoft Office Hackers, you need to maintain the habit of not opening any word or any document received through the e-mail from an unknown source. You need to keep the updated version of Antivirus and secure our important credentials properly. So, here are the steps that will help you to protect against Microsoft Office hackers.

  1. Microsoft Word, by default opens a file in Protected Mode when downloaded from an untrusted or unknown source. In case, you don’t have it enabled. Please follow the steps to enable it:

micrsoft-word-hacker

  • Click on Options.
  • A Pop-up Windows will appear, please select trust center.

trust-center-in-micrsoft-office

You May Also Like: Microsoft Word Macro Malware attacks MacOS

  • Click on Protected View to enable all the options under protected view.

protected-view-in-ms-office

  1. For further protection, you can also Install Microsoft Enhanced Mitigation Experience Toolkit, “A utility that helps prevent vulnerabilities in software from being successfully exploited.” as claimed by Microsoft. Although, there is no proof to assure whether it can prevent this attack but it surely is an add-on security against the loopholes.
  2. Unless, you don’t want to make any big changes to your system, use a Guest account or an account which has limited rights. The advantage of using a limited user account is if you are attacked, the hacker will not be able to intrude properly and therefore damage done would be at a minimum rate.

As it is said, your safety is in your hands, to protect yourselves from these cybercriminals, you must maintain the basic cyber hygiene.

Srishti Sisodia

Srishti Sisodia

Srishti Sisodia is a technical content journalist at Systweak Software. Apart from being a capable engineer, her affinity for inscription draws her towards writing interesting content about contemporary technologies and progressions. She is an avid reader and a fare connoisseur. She relishes different cuisines and when it comes to baking, she takes the cake!

Leave a Reply

Your email address will not be published. Required fields are marked *