Evansville Headquarters : (812) 474-6825
Nashville Location : (615) 208-7726
Security Tip of the Week

Security Tip of the Week – Advanced Phishing Hidden in Plain Text

  • Comments: 0
  • Posted by: Michaela Kunkler

Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files.

Keller Schroeder Security Solutions Group Logo

Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.

The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam. 

Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

  • Remember that bad guys can disguise anything, even file types.
  • Never click a link or download an attachment in an email that you were not expecting.
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.