Case study: How a client succumbed to a crafty computer hacker

You may know the actions to take to avoid being infected by a computer virus, yet these rogue hackers are so canny they will manipulate a situation so that, when your guard is down, they attack.

This is what happened to a TLP Technology client.

Make sure you read this case study so that you don’t fall into the same trap.

The cyber attack

Our client received an email that claimed to be an invoice from a hotel. It looked perfectly legitimate and by coincidence his wife had stayed at the hotel the day before, so he was expecting an invoice.

He didn’t think twice and clicked on the link to open the invoice. His laptop was immediately infected by a computer virus.

This appears to be a targeted attack, rather than someone sending emails to random addresses. Whether the attacker had access to guest records or had hacked the hotel’s network we cannot say.

When the link was clicked, it downloaded a Trojan. It wasn’t immediately obvious that something was wrong, but when Outlook wouldn’t open the alarm bells started to ring.

As soon as our client realised what had happened, he contacted us immediately.

The resolution

First, we ran anti-virus and anti-malware programmes to clean the laptop of the infection.

Unfortunately, one of the effects of the infection was to stop programmes running. This is likely to be an attempt to stop anti-virus software from doing its job.

Whilst we did manage to run anti-virus software, other programs such as Google Chrome and Outlook would not start. To resolve this problem, we used System Restore to restore the laptop to a state before the infection.

After the restore the laptop and all programmes were functioning normally again.

What to look out for in a rogue email

With these kinds of emails there are usually two ways an attacker will try and infect your computer.

The first is using a link to a rogue website or download which would be in the email and the recipient would click on it.

The second is an attachment containing a virus that is loaded when the recipient opens the attachment.

How to avoid a computer virus

To avoid these types of cyber attacks, the advice is to only open attachments from senders you are sure are legitimate or if you are expecting the email. If you think the attachment might be suspect, then do not open it.

The attached file types to look out for are zip files, Word & Excel documents, .pdf or .exe files.

If the email includes a link it may not take you where you think it will. An example would be the following If you click this link (it is safe I promise!) see where it takes you.

If you hover over the link in an email you will see the true destination.

How to safeguard against a cyber attack

The best form of defence is obviously prevention.

We recommend email scanning, if your email host provides this, up-to-date anti-virus and general awareness about links you are clicking or opening in emails.

Unfortunately, these actions do not always prevent problems. If an infection does occur, use anti-virus and anti-malware software to scan for and remove infections.

There’s a high chance that there will also be corruptions to your data, so System Restore will be required to restore your computer to a previous state. Or, in the worst case you may need to wipe and reinstall Windows and other software.

For some of these methods to work, you need to ensure you have a full, working and up-to-date backup and System Restore activated and running.

When your computer has been infected by a virus there will always be some level of disruption. Removing the virus usually needs to be performed immediately. This isn’t a task that can be put off or planned for a ‘quiet time’.

How TLP Technology can help

If you would like us to check the level of anti-virus and back up procedures you currently have, please contact us on 01737 824003 or email us.