Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on April 15, 2020 Permalink | Reply
    Tags: cybersecurity, , virtual classrooms, virtual meetings, Zoom   

    Half a million Zoom accounts for sale 

    Half a million Zoom accounts for sale

    With so many of us now working from home, a great many of us have had to attend virtual meetings. The most popular app to accomplish these meetings has been Zoom. While Zoom has been a blessing to help keep many businesses running, it has not been without its problems. A slew of internet pranksters have been able to gain access to live Zoom meetings. While some of the pranks have been harmless, others have seen explicit or violent imagery shared. There have even been instances of hate speech being spouted during some of these meetings. Considering that Zoom has also been used for virtual classrooms, the potential for abuse becomes even more disturbing.

    To compound problems for Zoom, over 500,000 Zoom account credentials are being put up for sale on the dark web and in hacker forums. Hackers won’t be using them for just internet pranks as the credentials contain user email addresses and passwords. If the passwords are one a user has for multiple other accounts then that user can have their accounts on multiple platforms hacked. This could not only lead to the user’s identity being stolen but could also lead to financial losses if the user’s security isn’t stable enough.

    Thankfully, Zoom already has security measures in place that users can enable to better secure their meetings and information. A list of those features can be found here but the main ones you should enable for every meeting are the ‘waiting room’ feature and the ‘lockdown’ feature. The former will allow you to screen participants in the meeting before you allow them to enter the meeting while the latter will allow you to eject unwelcome visitors. However, the best way to keep unwanted guests out of your meetings or classrooms is to not share the meeting information publicly.

     
  • Geebo 8:00 am on March 20, 2020 Permalink | Reply
    Tags: , cybersecurity, , e-skimming, ,   

    FBI warning about shopping scam 

    FBI warning about shopping scam

    With many of us staying home these days while practicing social distancing, a lot of us will be ordering items online so we can avoid the crowds at stores. As can be expected, scammers are trying to take advantage of this situation too. The most concerning part is that this particular scam can affect legitimate retail sites and gives no indication that your information is at risk. This is why the FBI is warning consumers to keep an eye on their billing statements to make sure there are no unwarranted charges on your statements.

    According to the FBI, in an attack known as e-skimming, cybercriminals are injecting code into the websites of retailers. This code then allows the scammers to copy the information on your credit or debit card. With the way e-skimming works, neither the retailer not the customer will know that they’ve been scammed until it’s too late. The scammers will then sell the card information online to the highest bidder. Unfortunately, there is no way to detect if the retail site you’re using has been infected by the e-skimming code.

    While these types of attacks are usually caught by retailers within a few days there are steps you can take to protect your information. One of the ways is only using a credit card online as credit cards have better fraud protection than most debit cards. Your bank may also be able to provide you with temporary one-time card numbers that you can use once and won’t work when copied. If your bank does not provide this service there are legitimate online platforms that can provide this service.

    While the odds of e-skimming happening to you are small, they’re not zero. It’s better to have the protection and not need it than needing it and not having it.

     
  • Geebo 8:01 am on March 16, 2020 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     
  • Geebo 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , cybersecurity, , ,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     
  • Geebo 8:00 am on March 12, 2020 Permalink | Reply
    Tags: , cybersecurity, Idaho, ,   

    Scary scammer targets 10-year-old on TikTok 

    Scary scammer targets 10-year-old on TikTok

    Children love social media. If they’re not messaging their friends they’re either interacting with celebrities and personalities or even creating their own content. One of the most popular social media apps among children is TikTok. It allows its users to create short videos or they can follow and watch the videos of other creators. As with most social media, users can interact with each other through comments and messages. If these interactions are not monitored it could lead to inappropriate contact and other potentially dangerous situations.

    A 10-year-old girl from Idaho was on TikTok and was recently contacted by a stranger through the app. The person who contacted her said they were looking for a ‘sugar baby’ that they could spoil with gifts and money. While this sounds like the actions of an online predator’s attempt to groom a child, this interaction took a different turn. The person who approached the girl said that in order to ‘spoil’ the girl they would need her parents’ ATM and bank card information. Thankfully, the girl was smart enough to tell her parents about the messages who in turn called local police. However, the alleged scammer could be from anywhere and no apprehension has been made and the suspect may never be caught.

    While most children love apps like TokTok that doesn’t mean they should be on them unattended. Most platforms including TikTok set the minimum age of users to 13 in their terms of service. Even if children meet the minimum age requirement that still shouldn’t mean they can be left on any social platform without having some form of monitoring. A good rule in helping keep children safe online is to instill a no devices after bedtime rule. If your children are using iPhones or iPads, iOS has parental controls that you can learn to use here. If your children are on Android phones and tablets parental control instructions can be found here. You can also find tips and tricks to keep your children safe online at the US Attorney’s Office website and NetSmartz.org.

     
  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: cybersecurity, , Google Docs, ,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     
  • Geebo 9:00 am on February 4, 2020 Permalink | Reply
    Tags: , cybersecurity, ,   

    Coronavirus fears have led to cyber attacks 

    Coronavirus fears have led to cyber attacks

    The coronavirus has taken up much of the headlines lately and with good reason. Recent reports have come out claiming that it could become a global pandemic although the potential fatality rate remains in doubt. Add to that the amount of rumors and misinformation that is being spread about the disease isn’t helping allay public fears. So as is can be expected, cybercriminals have taken it upon themselves to take advantage of that fear for their own crooked purposes. As we always say, scammers and con artists never fail to take advantage of a disaster or crisis to try and put one over on their victims at great personal cost.

    Security experts at Kaspersky Labs have discovered several phishing emails being spread about the coronavirus. The emails, a sample of which can be seen here, pretend to be from a medical professional who is a coronavirus expert. The emails then request that you click on a link so you can get more information about protecting yourself from the coronavirus. The links are disguised as being any number of video or document files such as pdfs and mp4s. However, these attachments are filled with malware that can do any number of malicious things to your device including destroying your files or holding your device for ransom, among others.

    As always, you should never click on any links or attachments in emails from someone you don’t know personally. If you are concerned about the coronavirus you can get the most factual information from either the World Health Organization, the Centers for Disease Control, or both. Education about the disease is one of the best tools we have as a society in defeating it.

     
  • Geebo 9:00 am on January 29, 2020 Permalink | Reply
    Tags: cybersecurity, , LabCorp, , , Wawa   

    Recent data breaches can affect your money, health, and privacy! 

    Recent data breaches can affect your money, health, and privacy!

    If you’ve ever been to the East Coast especially the Pennsylvania and South Jersey areas you may be familiar with the convenience store chain Wawa. They recently had a data breach that could have exposed up to 30 million payment cards of its customers. Reportedly, hackers had installed malware into the payment processors at multiple stores at both the register area and their gas pumps. Some of the payment card information has even ended up on the web for sale to malicious actors. If you used a debit or credit card at a Wawa store in the past couple of months you’ll want to keep an eye on your account for unauthorized purchases.

    LabCorp is one of the nation’s largest medical testing companies. They recently had a flaw in their website that allowed 10,000 patient records to be exposed. This information included dates of birth, Social Security numbers, and lab results among other medical data. This is the second breach for LabCorp in the past year as their payment system was exposed back in June which resulted in the compromise of close to 8 million payment records. This latest breach could result in heavy fines for LabCorp under the Health Insurance Portability and Accountability Act (HIPAA). LabCorp has said that they will be notifying patients who had their data exposed.

    Lastly, it seems we can’t talk about data breaches without talking about Ring. While Ring’s most recent incident may not be a data breach per se, it does show how your information can be put at risk. The internet privacy advocates at the Electronic Frontier Foundation (EFF) claim they have discovered that the Android version of the Ring camera app sends user information to several third-parties. One of those third-parties is said to be Facebook and it doesn’t matter if you have a Facebook account or not. Some of the information sent to these third-parties include users’ full names, email addresses, and app settings including the number of locations they have Ring devices installed in.

     
  • Geebo 9:00 am on January 28, 2020 Permalink | Reply
    Tags: , cybersecurity, Kobe Bryant, , spear phishing   

    Scammers are preying on the loss of Kobe Bryant 

    Scammers are preying on the loss of Kobe Bryant

    No matter what your opinion of Kobe Bryant may be, it’s a tragedy that he and his 13-year-old daughter Gianna along with seven other people lost their lives in a helicopter crash over the weekend. Leave it to the scammers of the internet to waste no time in trying to take advantage of this horrible accident. It seems like it took the scammers no time at all to put their schemes into action after the news broke of Kobe’s untimely passing. In less than a day, con artists had taken to the internet to try to prey on Kobe’s fans in their time of mourning.

    The Better Busines Bureau, as always, is already on top of these scams. They are warning that the scams are coming in two different forms of attack. The first is what’s known as a spear-phishing attack. Emails are being sent out en masse claiming to be from a reputable news outlet. The email will claim to have some kind of exclusive news that’s not being reported anywhere else. The email will contain either a link or an attachment that the scammers will hope you’ll click on. This could lead to any kind of malware being installed on your device.

    In a similar vein, the second form of attack is clickbait. These are the headlines you may see that claim to have news that ‘you won’t believe’. Or they may claim that they have ‘exclusive footage’ that no one else has. These websites also contain malware that could be used to steal personal information from your device.

    In any case, you should never click on links or attachments in emails from people you don’t know personally. Also, the articles that go along with shocking headlines usually aren’t shocking at all and could contain code that could possibly hijack your device. Always think twice before clicking on any potentially risky link.

     
    • Suberinacooperjohnson 4:43 am on January 30, 2020 Permalink

      The FBI should take these people check.

    • Suberinacooperjohnson 4:45 am on January 30, 2020 Permalink

      Continue praying for the entire kobe bryant family especially his wife , vanassa& daughters. As well as his mother/father & sisters.entire Lakers family, friends & fans.

  • Geebo 9:00 am on January 24, 2020 Permalink | Reply
    Tags: cybersecurity, FedEx, , , ,   

    FedEx text scam is more dangerous than you think! 

    FedEx scam is more dangerous than you think!

    A number of reports went out nationwide yesterday about a scam that’s appearing in the text messages of many Americans. As you can see by the graphic above, the text claims to be from FedEx telling you that you have an incoming package that requires you to submit your delivery preferences. The text then provides you a link to click on. While this appears to be just a ‘normal. phishing scam on the surface, this particualr scam goes much deeper than that and can end up costing you a lot of money.

    If you were to click on the link in the phony text you would be taken to a site that looks like Amazon but isn’t. The fake Amazon site then asks you to fill out a customer service survey in order to claim a prize. However, to collect the prize you need to cover the cost of shipping and for that, you need to provide your financial information. Yet, it doesn’t stop there. On top of everything else, by providing your payment information you’re also signing up for a subscription service that will charge you close to $100 a month for products related to the ‘prize’ you chose. We’ve previously discussed subscription scams here.

    If you receive this text, delete it immediately. It goes without saying that you shouldn’t click the link nor should you respond to it. While FedEx does offer a service to text message you about the arrival of your packages you have to sign up for that service. FedEx will never send unsolicited text messages. If you are expecting a package to be delivered from FedEx or any other courier and you are concerned about the delivery, always use the courier’s website or official app to see if there have been any actual problems with delivery.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel