Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on February 13, 2020 Permalink | Reply
    Tags: , phishing,   

    Coronavirus scams continue to spread 

    Coronavirus scams continue to spread

    The coronavirus continues to command headlines lately due to the number of deaths that have been reported. The virus is also slowing global trade and industry over fears of causing a global pandemic. People all over the world are constantly searching for information about the virus in order to protect themselves. Unfortunately, a lot of people are getting their information about the virus from questionable sources. We’re not just talking about the usual urban legends and old wives tales that propagate on social media. We’re talking about potentially dangerous products and practices that are being spread online in the name of profit during a time of crisis.

    The Better Business Bureau is warning the public about con artists who are claiming to have vaccines, prevention products like masks, and tips. The efficacy of masks has been called into question and many websites that claim to be selling masks are just traps to try to steal your identity. As of the time of publishing this post, no vaccine has yet to be developed that can prevent the spread of the virus. Anybody touting any kind of cure or prevention online is more than likely a scammer.

    In our previous post about the coronavirus, we discussed how cybercriminals are using the fear of the virus to commit phishing attacks. These phishing attacks appear to be increasing. Some of the emails being sent are coming from domains that look like official channels but aren’t For example, some of the emails being sent are reportedly coming from the domain of CDC-gov.com. This is not an official government domain as most of them end strictly in .gov. The Centers for Disease Control’s actual website is at CDC.gov. Some emails are even posing as the CDC asking for donations in Bitcoin. The federal government and especially the CDC would never reach out to the public by email. Any responses to these phony emails could potentially put your personal and financial information at risk.

    Again, if you need current and up to date information about the coronavirus, you can get it at the websites for the World Health Organization, or the Centers for Disease Control.

     
  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: , , Google Docs, phishing,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     
  • Geebo 9:00 am on February 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Coronavirus fears have led to cyber attacks 

    Coronavirus fears have led to cyber attacks

    The coronavirus has taken up much of the headlines lately and with good reason. Recent reports have come out claiming that it could become a global pandemic although the potential fatality rate remains in doubt. Add to that the amount of rumors and misinformation that is being spread about the disease isn’t helping allay public fears. So as is can be expected, cybercriminals have taken it upon themselves to take advantage of that fear for their own crooked purposes. As we always say, scammers and con artists never fail to take advantage of a disaster or crisis to try and put one over on their victims at great personal cost.

    Security experts at Kaspersky Labs have discovered several phishing emails being spread about the coronavirus. The emails, a sample of which can be seen here, pretend to be from a medical professional who is a coronavirus expert. The emails then request that you click on a link so you can get more information about protecting yourself from the coronavirus. The links are disguised as being any number of video or document files such as pdfs and mp4s. However, these attachments are filled with malware that can do any number of malicious things to your device including destroying your files or holding your device for ransom, among others.

    As always, you should never click on any links or attachments in emails from someone you don’t know personally. If you are concerned about the coronavirus you can get the most factual information from either the World Health Organization, the Centers for Disease Control, or both. Education about the disease is one of the best tools we have as a society in defeating it.

     
  • Geebo 9:00 am on January 24, 2020 Permalink | Reply
    Tags: , FedEx, phishing, , ,   

    FedEx text scam is more dangerous than you think! 

    FedEx scam is more dangerous than you think!

    A number of reports went out nationwide yesterday about a scam that’s appearing in the text messages of many Americans. As you can see by the graphic above, the text claims to be from FedEx telling you that you have an incoming package that requires you to submit your delivery preferences. The text then provides you a link to click on. While this appears to be just a ‘normal. phishing scam on the surface, this particualr scam goes much deeper than that and can end up costing you a lot of money.

    If you were to click on the link in the phony text you would be taken to a site that looks like Amazon but isn’t. The fake Amazon site then asks you to fill out a customer service survey in order to claim a prize. However, to collect the prize you need to cover the cost of shipping and for that, you need to provide your financial information. Yet, it doesn’t stop there. On top of everything else, by providing your payment information you’re also signing up for a subscription service that will charge you close to $100 a month for products related to the ‘prize’ you chose. We’ve previously discussed subscription scams here.

    If you receive this text, delete it immediately. It goes without saying that you shouldn’t click the link nor should you respond to it. While FedEx does offer a service to text message you about the arrival of your packages you have to sign up for that service. FedEx will never send unsolicited text messages. If you are expecting a package to be delivered from FedEx or any other courier and you are concerned about the delivery, always use the courier’s website or official app to see if there have been any actual problems with delivery.

     
  • Geebo 9:04 am on January 15, 2020 Permalink | Reply
    Tags: 401k, , phishing, retirement fund,   

    Are thieves targeting your 401k? 

    Are thieves targeting your 401k?

    We’ve discussed several different forms of bank fraud before. Whether it’s text message scams or phishing attacks to gain your account information, we’ve talked about the myriad of ways that scammers try to empty your bank account. Now, because of all the news that has gotten out about these scams thieves and cyber-crooks have started targeting a new source of income, retirement funds and 401ks. Is your retirement nest egg vulnerable to being cleaned out? Let’s take a look at how the thieves are targeting 401ks and what can be done about them.

    According to USA Today, since so many consumers and banks have become wary of the typical scams that are used to attack bank accounts the thieves have turned to attack 401ks. The reasoning behind this is because a lot of people don’t pay close attention to their 401k. In too many cases, consumers will either ignore or discard the statements they receive from their retirement fund broker. Then when they need to check their 401k balance they discover that their fund has been slowly drained. Unlike banks, retirement funds aren’t always willing to help you get your money back.

    While the target may be new, the attacks are roughly the same. The thieves use old standards like phishing attacks and weak passwords to gain access to your 401k. In order to prevent these attacks from happening it’s recommended that you review the mailed statements you receive from your fund manager for any suspicious behavior. It’s also recommended that you use a strong password to secure your account with a password that’s not used on any of your other online accounts. Lastly, never click on any links in emails that you receive purporting to be from your 401k manager as they can be used to steal your login information. Instead, always go directly to the 401k website and log in from there to check your account.

     
  • Geebo 9:00 am on January 13, 2020 Permalink | Reply
    Tags: , , , , phishing, ,   

    Scams that use the Amazon name 

    Scams that use the Amazon name

    Over the weekend, a number of reports came out independent from each other that detailed separate scams that are using Amazon’s name and logo to fool victims into handing over personal or financial information.

    In the first scam, scammers are sending out emails with the official Amazon logo attached to them. The email thanks you for purchasing an Amazon e-gift card. The email then says that if you didn’t purchase the e-gift card to click a link to cancel the purchase or receive a refund. This is a phishing attack that will lead you to a website that is not Amazon where the scammers will try to get you to input personal or financial information in order to get your ‘refund’. In one instance, a victim was asked to buy Amazon gift cards from a local retailer to fix the problem. If you ever receive an email like this you should never click on any links. Instead, go straight to the retailer’s website to check your account.

    The second scam was reported as happening in the Pacific Northwest. In it, the scammers are sending consumers letters stating that their Amazon purchase didn’t go through. What’s troubling about this scam is that the scammers have gained access to information that allows them to know what you purchased from Amazon and how much you paid for it. The letter instructs you to go to a website in order to but again, asks you to input personal and financial information. It’s unknown how scammers have gotten the purchase information so if you receive one of these letters, it’s recommended that you change the password to your Amazon account.

    In the last scam, if you’re thinking about signing up for Amazon Prime or you have a technical issue with Prime, be careful of what links you click on after a web search. In some cases, if you do a web search for ‘Amazon Prime’ or ‘Amazon Prime customer support’ you may be presented with ads that take you to third-party sites that are definitely nor Amazon. In other cases, these ads will list a phony customer service number for Amazon Prime. Security researchers have stated that these ads will take you to sites that will try to get you to pay for services that would be free if performed by amazon. This is also known as the tech support scam. Again, if you have customer service needs that Amazon needs to address, go to Amazon.com in order to find the correct information.

     
  • Geebo 8:00 am on October 2, 2019 Permalink | Reply
    Tags: , , phishing,   

    Malware attack targets veterans 

    Malware attack targets veterans

    Most online scams and attacks tend to target vulnerable groups of people such as the elderly, low-income families, and those in desperate need of a home. This new attack is no different, however, it’s targeting a group of people who have not only served their country but often find themselves needing resources more so than many other members of society. We’re of course talking about military veterans. Some of them are dealing with enough problems without having to deal with scammers and other bad actors but unfortunately, there are always people looking to take advantage of a bad situation.

    A number of internet security firms have reported that there is a malware attack floating around that targets veterans who are looking for employment. The veterans are lured to a site that resembles one run by the US Chamber of Commerce that is supposed to help veterans find work. Instead, this phony website infects the user’s computer with malware that is designed to steal personal that’s kept on the device. While it has not been determined what specific information is being stolen one can imagine the myriad of scams that information could be used for especially when it concerns someone who may be receiving government benefits or assistance. Sadly, this isn’t the only scam that targets veterans.

    Another scam that veterans should be on the lookout for is the benefit buyout scam as shown in the video above. There are also scams promising refinancing on VA loans with bogus promises of low rates along with phishing attacks from phony emails that appear to be from the VA. That’s in addition to employment scams that are identical to the ones civilians fall prey to but in this case, they are specifically targeted at vets. If an offer sounds too good to be true it is recommended that you check with your local VA office for additional information.

     
  • Geebo 8:00 am on September 19, 2019 Permalink | Reply
    Tags: phishing, , venmo   

    Payment app scam plagues the country 

    Payment app scam plagues the country

    If you’re unfamiliar with Venmo, it is a mobile payment app that allows users to send payments to each other without needing to have cash on hand. The most common example of Venmo’s purpose is splitting a restaurant bill or bar tab between friends. With Venmo you can just electronically send the amount you owe to whoever is covering the actual cost of the bill at hand. Venmo has become increasingly popular among younger consumers as we inch closer to a cashless system of commerce. However, whenever a new tech tool becomes convenient and popular, someone will look to take advantage of it especially if it involves money.

    Police departments across the country are warning consumers about a phishing scam that targets Venmo users. The scam doesn’t originate from the app itself but rather from a text message. The text states that your Venmo account is about to be charged for something that you obviously didn’t purchase. However, the text provides a link to click on in that will supposedly deny the charges. The link takes you to a phony website that looks like the Venmo site. You’re then instructed to enter your user information along with the financial information that’s tied your Venmo account. The scammers then use this information to drain your account.

    As with any online banking or payment service, you should be wary of any text message or email that says there is a problem with one of your account. While there are actual text messages and emails that these services will send, too often they can be spoofed to try and steal your information or money. Whenever you receive one of these messages you should only log in to your account through the official app or website and not click on any links that may have been provided to you. It may not be as convenient but will protect you and your finances in the long run.

     
  • Geebo 8:00 am on July 10, 2019 Permalink | Reply
    Tags: , defense contractor, google voice, phishing,   

    These tech scams are frightening! 

    These tech scams are frightening!

    This week’s set of scams are incredibly troubling. Technology has advanced to a point where scams have become harder to spot. Not to mention that some of the tactics used by these scammers are like something out of a movie.

    The first scam is kind of confusing and seems a little convoluted for something that doesn’t bring that much to the scammers. If you’re not familiar with Google Voice, it’s a service that provides you with a free supplementary phone number. Scammers are using Google Voice to hijack phone numbers from personal numbers that have been shared online. For example, if you’ve posted your phone number in a classified ad the scammers will attempt to hijack that number. The scammers won’t be able to take any money from you but could potentially use your number for criminal activity. If your number has been hijacked in one of these scams this article has instructions on how to get your number back. Unfortunately, the steps won’t be that easy.

    The next scam, while rare, is very disconcerting. Security firm Symantec has said that they have found a handful of scams where the scammers have used deep fake audio of business executives in order to trick employees into transferring money to the scammers. Deep fakes are AI generated video or audio that can be hard to tell from the real thing. We’ve previously discussed the potential harm that deep fakes could cause here. The process to generate these deep fakes can cost thousands of dollars ut could end up costing businesses untold losses in the future.

    Our last scam for today is the most alarming. According to news site Quartz, a US military defense contractor was taken for $3 million in top-secret equipment by international con artists. All the scammers had to do was use an email address that looks similar to official military domains. This is basically the same phishing scam that’s used to try to steal your banking information except a company with a high government security clearance fell for it to the tune of $3 million. Thankfully, the scammers were apprehended after federal investigators tracked them down through the mailing address they used that they claimed was a military installation. Disturbingly, neither the Quartz article nor the legal documents Quartz obtained state whether or not the sensitive equipment was ever recovered.

     
  • Geebo 8:02 am on May 22, 2019 Permalink | Reply
    Tags: , phishing,   

    Has your Airbnb account been hacked? 

    Has you Airbnb account been hacked?

    A new scam has been targeting users of the online rental service Airbnb. Some users of the platform have reported having their accounts hijacked and then had phony reservations made in their name. Their money is then taken from their bank or PayPal account before the non-refundable reservation is canceled. The scammers will then change your phone number and login credentials on your Airbnb accounts so you can’t contact Airbnb to get a refund.

    Airbnb says that these have been isolated incidents and are working with affected users. However, many users have complained that once their accounts are hacked it’s been difficult to get in touch with Airbnb’s customer service. Users are also expressing concerns that Airbnb is not informing their users about the recent hacks.

    Reports state that the accounts are being hijacked through phishing attacks. That means the scammers are sending out emails that look like they’re from Airbnb and are trying to get consumers to give up their log in information. To better protect yourself, never click on links from suspicious emails. These emails may come from such email addresses as “airbnb-bookings.com” or “Airbnb1.com.” Official emails from Airbnb will only be addressed from Airbnb.com.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel