Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on July 2, 2020 Permalink | Reply
    Tags: freedom to breathe card, Global Empowerment Fund, government scams, , phishing, , ,   

    Government impersonation scams 

    Government impersonation scams

    Recently, we’ve heard of three new scams where the scammers are impersonating either the federal or state government. Scammers often imitate various government agencies in order to make their pitch seem more authentic. However, the impersonations are never perfect.

    The Federal Trade Commission is warning citizens about an email phishing scam that is using the agency’s name. The emails claim that you’re eligible to receive funds from the “Global Empowerment Fund” due to the current pandemic. All you need to do to get the money is to provide your bank account information and the money will appear in your account. While the FTC hasn’t said if anyone has fallen for this scam, it’s a safe bet to assume that your bank account will be drained rather than receive extra funds if you were to provide your banking details.

    With the current controversy over whether or not you should wear a mask to stop the spread of coronavirus, scammers are selling cards that claim to make someone exempt from having to wear a mask. The idea is that you present this card to a business that requires the wearing of masks and you’ll be allowed in without a mask. The card claims amnesty under the Americans with Disability Act and has a fake Department of Justice logo. While these cards may appear official they have no legal authority and no business is required to abide by them.

    Lastly, we have a scam on the state government level. In Michigan, residents there are reporting receiving text messages that claim to be from the state. The messages say that they can reunite the recipient with unclaimed property. The messages then provide a link for you to click on. As always, you should never click on links in text messages from someone you don’t know. Now, unclaimed property is something that most states hold on to. However, in most cases, you have to pursue the state to claim any such assets. Usually, you can start the process through a state website. Very rarely will the state contact you and if they do they wouldn’t do it by text message. If you receive a text like this the best thing to do is delete it.

     
  • Geebo 8:00 am on May 5, 2020 Permalink | Reply
    Tags: deed transfer, , , phishing, , ,   

    Scammers are using stimulus check confusion against you 

    Scammers are using stimulus check confusion against you

    The scammers are still at it during this crisis. Here are a few more scams that are using the coronavirus pandemic to their advantage.

    There is still a lot of consumer confusion around the delivery of the economic impact payments, or as they’re better known stimulus checks. The scammers are taking advantage of this confusion to try to steal your identity. Some reports say that scammers are sending out emails that look like they’ve officially come from your bank. The emails offer to give you the status of your stimulus check but instead, they take you to a link that asks for your personal information. As of right now, the only place where you can find out the status of your stimulus payment is from the IRS’s Get My Payment website. If the IRS needs to contact you, they will send you a letter through the regular mail.

    Another scam we just recently heard of is the deed transferring scam. It seems that scammers are telling people struggling with their mortgage payments to transfer their deed to a third-party. The scammers say that this will allow the homeowner to no longer be responsible for their mortgage payments. This is false. In reality, the new deed holder could potentially evict you from your own home. In turn, this could cost the homeowner untold costs in legal fees for just trying to stay in their own home.

    Lastly for today, there are reports coming out of the state of Washington about a new porch pirate scheme. Investigators there say that a group of porch pirates are dressing up as nurses to try to take your deliveries without being questioned by authorities. We assume that the trick here is that in many states there are still stay at home orders and medical staff are considered essential workers and no one would question a nurse being out during the quarantine. Most delivery services have options where you can be notified when your delivery arrives. If you enact these options you’ll have a better idea when to bring your deliveries inside and foil the porch pirates’ plans.

     
  • Geebo 8:00 am on May 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Scam threatens to infect your family with COVID 

    We’ve posted before about various scams that threaten either the victim or their family with violence. The first one that immediately jumps to mind is the virtual kidnapping scam where someone calls you and tells you a loved one has been kidnapped and demands a ransom. In reality, the supposed kidnap victim is fine. Another scam in a similar vein is the cartel scam where the scammer claims to be part of a criminal cartel that has targeted your family if you don’t pay them. The scammer will then send a violent picture claiming it to be their last victim. However, the scammer is targeting random people hoping that someone will pay to stop their fictitious demands. With this currently being the quarantine era, of course, there is a version of this scam that involves COVID-19.

    In this updated version of the scam, the scammer will send you a phishing email that may contain the actual username and password to one of your online accounts. These can usually be obtained on the dark web or hacker forums after major data breaches occur. The scammer will threaten to expose all your ‘secrets’ if you don’t pay them. They’ll then say if you don’t pay they’ll infect every member of your family with coronavirus but not in such a polite manner.

    “I know every dirty little secret about your life,” the email reads. “To start with, I know all of your passwords. I am aware of your whereabouts, what you eat, with whom you talk, every little thing you do in a day.”

    “You need to pay me $4,000,” it goes on. “If I do not get the payment: I will infect every member of your family with the coronavirus. No matter how smart you are, believe me, if I want to infect, I can. I will also go ahead and reveal your secrets. I will completely ruin your life.”

    These threats are mostly hollow as these scammers are usually overseas and have no way of really knowing your day to day interactions. again, the scammers are hoping for that one person that believes their claims. If you receive one of these emails your best bet is to simply delete the email. Don’t respond to it even to tell off the scammer as they will then know that your email address is a working one. Just to be on the side of caution you may also want to change your password on whatever account they claim to have compromised.

     
  • Geebo 8:01 am on March 16, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     
  • Geebo 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , , , phishing,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     
  • Geebo 9:00 am on March 5, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Coronavirus scams are as bad as the disease 

    Coronavirus scams are as bad as the disease

    The coronavirus crisis has not gotten any better over the past few weeks. Tragically, it has claimed more lives and more cases are being reported every day. The crisis has created such a climate of fear that scammers have tried to seize every opportunity to take advantage of that fear. It’s gotten so bad that Amazon has removed one million products that made false coronavirus claims and Facebook has cracked down on misleading ads about coronavirus. This is not something that either of these companies does lightly. Just about every State Attorney General has also warned their constituents to wary of scams related to the outbreak.

    When we first discussed coronavirus scams, we discussed phishing attacks that are used to infect your device with malware. Those phishing attacks have become more sophisticated as many of them are now trying to disguise their emails as coming from places like the World Health Organization or the Centers for Disease Control. A great way to tell that these emails are fake is checking the email address it was sent from. If it’s from the WHO the email address would end in who.int while the CDC’s would end in cdc.gov. You should also always hover your cursor over any links contained in the email to see exactly where the links may take you. The odds are they’ll take you to a site infested with malware or one designed to try to steal your personal information.

    We’ve also previously discussed how con artists from all over the world are trying to sell snake oil cures. Again, as of the time of this post, there is no vaccine or cure for the coronavirus. Anyone who is trying to tell you otherwise is either woefully misinformed or trying to sell you something that is at best a placebo and at worst toxic and dangerous.

    Much like when a natural disaster occurs, price gouging is also being committed for legitimate supplies that will be useful if everyday services become disrupted. Bottled water is one of those items as are surgical masks. Speaking of the masks, you shouldn’t be going out to buy a crate of masks unless advised by a medical professional. Surgical masks are designed to keep the wearer from spreading any infection and doesn’t prevent wearers from getting one. Not only that, but there are also counterfeiters who are selling bogus masks that don’t do anything at all. There have also been reports that bogus websites have been popping up claiming to sell masks and other items that aren’t selling anything at all. Instead, they’re just stealing your financial information.

    Even the greedy among us are being scammed by buying into phony investments that promise a return when you supposedly invest in companies that will supposedly cure the virus. On the flip side, the charitable among us are at risk as well as many scammers will be posing as charities that either claim to be researching a cure or helping those affected by the disease. Always carefully research any charity you think is worth donating to.

    For more information please check the Federal Trade Commission’s website about coronavirus scams.

    As always, if you want to keep abreast of the ever-changing situation please go to the websites for the World Health Organization, or the Centers for Disease Control.

     
  • Geebo 9:00 am on February 13, 2020 Permalink | Reply
    Tags: , phishing,   

    Coronavirus scams continue to spread 

    Coronavirus scams continue to spread

    The coronavirus continues to command headlines lately due to the number of deaths that have been reported. The virus is also slowing global trade and industry over fears of causing a global pandemic. People all over the world are constantly searching for information about the virus in order to protect themselves. Unfortunately, a lot of people are getting their information about the virus from questionable sources. We’re not just talking about the usual urban legends and old wives tales that propagate on social media. We’re talking about potentially dangerous products and practices that are being spread online in the name of profit during a time of crisis.

    The Better Business Bureau is warning the public about con artists who are claiming to have vaccines, prevention products like masks, and tips. The efficacy of masks has been called into question and many websites that claim to be selling masks are just traps to try to steal your identity. As of the time of publishing this post, no vaccine has yet to be developed that can prevent the spread of the virus. Anybody touting any kind of cure or prevention online is more than likely a scammer.

    In our previous post about the coronavirus, we discussed how cybercriminals are using the fear of the virus to commit phishing attacks. These phishing attacks appear to be increasing. Some of the emails being sent are coming from domains that look like official channels but aren’t For example, some of the emails being sent are reportedly coming from the domain of CDC-gov.com. This is not an official government domain as most of them end strictly in .gov. The Centers for Disease Control’s actual website is at CDC.gov. Some emails are even posing as the CDC asking for donations in Bitcoin. The federal government and especially the CDC would never reach out to the public by email. Any responses to these phony emails could potentially put your personal and financial information at risk.

    Again, if you need current and up to date information about the coronavirus, you can get it at the websites for the World Health Organization, or the Centers for Disease Control.

     
  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: , , Google Docs, phishing,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     
  • Geebo 9:00 am on February 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Coronavirus fears have led to cyber attacks 

    Coronavirus fears have led to cyber attacks

    The coronavirus has taken up much of the headlines lately and with good reason. Recent reports have come out claiming that it could become a global pandemic although the potential fatality rate remains in doubt. Add to that the amount of rumors and misinformation that is being spread about the disease isn’t helping allay public fears. So as is can be expected, cybercriminals have taken it upon themselves to take advantage of that fear for their own crooked purposes. As we always say, scammers and con artists never fail to take advantage of a disaster or crisis to try and put one over on their victims at great personal cost.

    Security experts at Kaspersky Labs have discovered several phishing emails being spread about the coronavirus. The emails, a sample of which can be seen here, pretend to be from a medical professional who is a coronavirus expert. The emails then request that you click on a link so you can get more information about protecting yourself from the coronavirus. The links are disguised as being any number of video or document files such as pdfs and mp4s. However, these attachments are filled with malware that can do any number of malicious things to your device including destroying your files or holding your device for ransom, among others.

    As always, you should never click on any links or attachments in emails from someone you don’t know personally. If you are concerned about the coronavirus you can get the most factual information from either the World Health Organization, the Centers for Disease Control, or both. Education about the disease is one of the best tools we have as a society in defeating it.

     
  • Geebo 9:00 am on January 24, 2020 Permalink | Reply
    Tags: , FedEx, phishing, , ,   

    FedEx text scam is more dangerous than you think! 

    FedEx scam is more dangerous than you think!

    A number of reports went out nationwide yesterday about a scam that’s appearing in the text messages of many Americans. As you can see by the graphic above, the text claims to be from FedEx telling you that you have an incoming package that requires you to submit your delivery preferences. The text then provides you a link to click on. While this appears to be just a ‘normal. phishing scam on the surface, this particualr scam goes much deeper than that and can end up costing you a lot of money.

    If you were to click on the link in the phony text you would be taken to a site that looks like Amazon but isn’t. The fake Amazon site then asks you to fill out a customer service survey in order to claim a prize. However, to collect the prize you need to cover the cost of shipping and for that, you need to provide your financial information. Yet, it doesn’t stop there. On top of everything else, by providing your payment information you’re also signing up for a subscription service that will charge you close to $100 a month for products related to the ‘prize’ you chose. We’ve previously discussed subscription scams here.

    If you receive this text, delete it immediately. It goes without saying that you shouldn’t click the link nor should you respond to it. While FedEx does offer a service to text message you about the arrival of your packages you have to sign up for that service. FedEx will never send unsolicited text messages. If you are expecting a package to be delivered from FedEx or any other courier and you are concerned about the delivery, always use the courier’s website or official app to see if there have been any actual problems with delivery.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel