Watch Out For A Rogue PowerPoint In Your Email

Wednesday, June 14th, 2017 by Olivia Walsh

In case you are not aware, there are reports of a rogue PowerPoint presentation that is being sent which you might receive via unsolicited email.

Opening the PowerPoint file itself is not dangerous, however the file has a slide with the text ‘Loading…Please wait’ which is secretly hyperlinked. Please do be careful because if you hover over the URL, a malicious code is automatically executed!

To make sure you don’t become the next victim of this attack, we have pulled together some best practice advice for keeping your computer safe…

First of all, make sure Protected View is enabled (it should by default). This allows you to open the file with a significantly reduced chance of infection. To check this is enabled on your computer, go to File, Options, Trust Center then click on the Trust Center Settings button. Once there, you need to select Protected View and ensure all the options are ticked.

It might sound obvious, but only open files from senders that you know or that seem genuine. If you think it is suspicious, do not open it and just delete it to be on the safe side.

And finally, the particular malware in question is being sent by someone with the alias Nasim Khan with the subject line “RE:Purchase orders #69812” or “Fwd:Confirmation“. The name of the file itself is ‘order&prsn.ppsx’, ‘order.ppsx’ or ‘invoice.ppsx’, which basically means the file will open in show mode whereas a normal PowerPoint file will have .ppt or .pptx as the extension.

Hopefully, you won’t need this advice, but if you do think your computer might have been infected or you are worried your security features might not be up to date, simply contact your IT support team in the first instance.

In the meantime, we will keep you updated if there are any developments on this rogue PowerPoint file…

Leave a Reply