Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on August 12, 2020 Permalink | Reply
    Tags: , Coca-Cola, Little Caesars, phishing, , , ,   

    Commercial scams to watch out for 

    Commercial scams to watch out for

    Scammers will not hesitate to pose as even the most successful and trusted brands in our country to try to steal something from you. Whether it’s money or information, scammers will promise you the world to get what they want from you. Here are three recent scams that have posed as large commercial entities.

    On social media, a scam has been going around offering free pizza. Scammers are posing as pizza restaurant chain Little Caesars. The phony post is telling users that if you share the post and comment on it, you’ll receive a free pizza at your local Little Caesars. This is being posted by a fake Little Caesars account. The real Little Caesars account will have a verified checkmark next to their name. According to investigators, this scam is designed to get you to put some form of malware on your device.

    If you thought that a company as large as Coca-Cola can’t be used in a scam, think again. An email is currently being circulated congratulating recipients that they’ve won the Coca-Cola sweepstakes. This is a scam that’s as old as the internet itself. The email asks that you give your contact information to the phony Coke company in order to collect your winnings. Security experts say that these emails are an attempt to gather your personal information to use for future phishing attacks that could compromise your device or financial information. Remember, that you can’t win a contest you never entered. If you receive an e-mail like this, your best course of action is to delete it.

    Lastly for today, a number of AT&T mobile customers have said that they’ve been the targets of a scam. They’ve been receiving text messages that say their payments have not gone through. The text message includes a number to call to resolve the issue but the number doesn’t belong to AT&T. While no one has reported falling for the scam, we imagine it’s not unlike the tech support scam where the scammer will ask for money to try to fix the non-existent issue. If you receive a text like this, it’s best to check your account online to make sure there are no payment issues. If you need to call customer service, use the number that is on your provider’s website.

     

  • Geebo 8:00 am on July 8, 2020 Permalink | Reply
    Tags: , phishing,   

    Increase in scams against businesses seen 

    Increase in scams against businesses seen

    We’ve discussed a certain scam that targets businesses only a handful of times in the past. The scam comes in a few different forms but the goal is always the same and that’s to steal money from the company.

    There’s the business email compromise scam where a scammer spoofs their email address to make it look like they’re a high ranking executive at your company. The scammer will contact an employee that has financial responsibilities like payroll or accounts payable through the spoofed email. They’ll then instruct that employee to send money to a new direct deposit bank account or issue payment to a phony vendor who is in league with the scammer.

    One particularly eerie scam was when scammers used deep fake voice technology to impersonate the company’s CEO and ordered a company director to wire $240,000 to a phony vendor.

    Like we said, these stories were edge cases that only happened a handful of times. Also, they happened when most people were still working in offices and not working from home.

    Now, with the current global pandemic, more people than ever are working from home and the scammers know this. Due to the record number of people working at home, the Better Business Bureau says that these business impersonation scams have increased exponentially. Without being able to just walk to your boss’s office it can be difficult to get confirmation from your higher-ups.

    If you get an email from a company executive to wire transfer money, send gift cards, or make a payment right away that’s out of the ordinary, contact that executive by phone to make sure the request is legitimate or not. While some bosses may get gruff over this idea you can always tell them you’re just trying to keep the company secure and save the company money. Also, you may want to address this situation with your bosses if it hasn’t already been addressed and suggest some kind of system to prevent these scams from being successful.

    https://www.youtube.com/watch?v=PszKH3fbWzg
     

  • Geebo 8:00 am on July 2, 2020 Permalink | Reply
    Tags: freedom to breathe card, Global Empowerment Fund, , , phishing, , ,   

    Government impersonation scams 

    Government impersonation scams

    Recently, we’ve heard of three new scams where the scammers are impersonating either the federal or state government. Scammers often imitate various government agencies in order to make their pitch seem more authentic. However, the impersonations are never perfect.

    The Federal Trade Commission is warning citizens about an email phishing scam that is using the agency’s name. The emails claim that you’re eligible to receive funds from the “Global Empowerment Fund” due to the current pandemic. All you need to do to get the money is to provide your bank account information and the money will appear in your account. While the FTC hasn’t said if anyone has fallen for this scam, it’s a safe bet to assume that your bank account will be drained rather than receive extra funds if you were to provide your banking details.

    With the current controversy over whether or not you should wear a mask to stop the spread of coronavirus, scammers are selling cards that claim to make someone exempt from having to wear a mask. The idea is that you present this card to a business that requires the wearing of masks and you’ll be allowed in without a mask. The card claims amnesty under the Americans with Disability Act and has a fake Department of Justice logo. While these cards may appear official they have no legal authority and no business is required to abide by them.

    Lastly, we have a scam on the state government level. In Michigan, residents there are reporting receiving text messages that claim to be from the state. The messages say that they can reunite the recipient with unclaimed property. The messages then provide a link for you to click on. As always, you should never click on links in text messages from someone you don’t know. Now, unclaimed property is something that most states hold on to. However, in most cases, you have to pursue the state to claim any such assets. Usually, you can start the process through a state website. Very rarely will the state contact you and if they do they wouldn’t do it by text message. If you receive a text like this the best thing to do is delete it.

     

  • Geebo 8:00 am on May 5, 2020 Permalink | Reply
    Tags: , , , phishing, , ,   

    Scammers are using stimulus check confusion against you 

    Scammers are using stimulus check confusion against you

    The scammers are still at it during this crisis. Here are a few more scams that are using the coronavirus pandemic to their advantage.

    There is still a lot of consumer confusion around the delivery of the economic impact payments, or as they’re better known stimulus checks. The scammers are taking advantage of this confusion to try to steal your identity. Some reports say that scammers are sending out emails that look like they’ve officially come from your bank. The emails offer to give you the status of your stimulus check but instead, they take you to a link that asks for your personal information. As of right now, the only place where you can find out the status of your stimulus payment is from the IRS’s Get My Payment website. If the IRS needs to contact you, they will send you a letter through the regular mail.

    Another scam we just recently heard of is the deed transferring scam. It seems that scammers are telling people struggling with their mortgage payments to transfer their deed to a third-party. The scammers say that this will allow the homeowner to no longer be responsible for their mortgage payments. This is false. In reality, the new deed holder could potentially evict you from your own home. In turn, this could cost the homeowner untold costs in legal fees for just trying to stay in their own home.

    Lastly for today, there are reports coming out of the state of Washington about a new porch pirate scheme. Investigators there say that a group of porch pirates are dressing up as nurses to try to take your deliveries without being questioned by authorities. We assume that the trick here is that in many states there are still stay at home orders and medical staff are considered essential workers and no one would question a nurse being out during the quarantine. Most delivery services have options where you can be notified when your delivery arrives. If you enact these options you’ll have a better idea when to bring your deliveries inside and foil the porch pirates’ plans.

     

  • Geebo 8:00 am on May 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Scam threatens to infect your family with COVID 

    We’ve posted before about various scams that threaten either the victim or their family with violence. The first one that immediately jumps to mind is the virtual kidnapping scam where someone calls you and tells you a loved one has been kidnapped and demands a ransom. In reality, the supposed kidnap victim is fine. Another scam in a similar vein is the cartel scam where the scammer claims to be part of a criminal cartel that has targeted your family if you don’t pay them. The scammer will then send a violent picture claiming it to be their last victim. However, the scammer is targeting random people hoping that someone will pay to stop their fictitious demands. With this currently being the quarantine era, of course, there is a version of this scam that involves COVID-19.

    In this updated version of the scam, the scammer will send you a phishing email that may contain the actual username and password to one of your online accounts. These can usually be obtained on the dark web or hacker forums after major data breaches occur. The scammer will threaten to expose all your ‘secrets’ if you don’t pay them. They’ll then say if you don’t pay they’ll infect every member of your family with coronavirus but not in such a polite manner.

    “I know every dirty little secret about your life,” the email reads. “To start with, I know all of your passwords. I am aware of your whereabouts, what you eat, with whom you talk, every little thing you do in a day.”

    “You need to pay me $4,000,” it goes on. “If I do not get the payment: I will infect every member of your family with the coronavirus. No matter how smart you are, believe me, if I want to infect, I can. I will also go ahead and reveal your secrets. I will completely ruin your life.”

    These threats are mostly hollow as these scammers are usually overseas and have no way of really knowing your day to day interactions. again, the scammers are hoping for that one person that believes their claims. If you receive one of these emails your best bet is to simply delete the email. Don’t respond to it even to tell off the scammer as they will then know that your email address is a working one. Just to be on the side of caution you may also want to change your password on whatever account they claim to have compromised.

     

  • Geebo 8:01 am on March 16, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     

  • Geebo 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , , , phishing,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    [youtube https://www.youtube.com/watch?v=WPPaybzkHtw%5D

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     

  • Geebo 9:00 am on March 5, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Coronavirus scams are as bad as the disease 

    Coronavirus scams are as bad as the disease

    The coronavirus crisis has not gotten any better over the past few weeks. Tragically, it has claimed more lives and more cases are being reported every day. The crisis has created such a climate of fear that scammers have tried to seize every opportunity to take advantage of that fear. It’s gotten so bad that Amazon has removed one million products that made false coronavirus claims and Facebook has cracked down on misleading ads about coronavirus. This is not something that either of these companies does lightly. Just about every State Attorney General has also warned their constituents to wary of scams related to the outbreak.

    When we first discussed coronavirus scams, we discussed phishing attacks that are used to infect your device with malware. Those phishing attacks have become more sophisticated as many of them are now trying to disguise their emails as coming from places like the World Health Organization or the Centers for Disease Control. A great way to tell that these emails are fake is checking the email address it was sent from. If it’s from the WHO the email address would end in who.int while the CDC’s would end in cdc.gov. You should also always hover your cursor over any links contained in the email to see exactly where the links may take you. The odds are they’ll take you to a site infested with malware or one designed to try to steal your personal information.

    [youtube https://www.youtube.com/watch?v=bcDoiSgrrzI%5D

    We’ve also previously discussed how con artists from all over the world are trying to sell snake oil cures. Again, as of the time of this post, there is no vaccine or cure for the coronavirus. Anyone who is trying to tell you otherwise is either woefully misinformed or trying to sell you something that is at best a placebo and at worst toxic and dangerous.

    Much like when a natural disaster occurs, price gouging is also being committed for legitimate supplies that will be useful if everyday services become disrupted. Bottled water is one of those items as are surgical masks. Speaking of the masks, you shouldn’t be going out to buy a crate of masks unless advised by a medical professional. Surgical masks are designed to keep the wearer from spreading any infection and doesn’t prevent wearers from getting one. Not only that, but there are also counterfeiters who are selling bogus masks that don’t do anything at all. There have also been reports that bogus websites have been popping up claiming to sell masks and other items that aren’t selling anything at all. Instead, they’re just stealing your financial information.

    Even the greedy among us are being scammed by buying into phony investments that promise a return when you supposedly invest in companies that will supposedly cure the virus. On the flip side, the charitable among us are at risk as well as many scammers will be posing as charities that either claim to be researching a cure or helping those affected by the disease. Always carefully research any charity you think is worth donating to.

    For more information please check the Federal Trade Commission’s website about coronavirus scams.

    As always, if you want to keep abreast of the ever-changing situation please go to the websites for the World Health Organization, or the Centers for Disease Control.

     

  • Geebo 9:00 am on February 13, 2020 Permalink | Reply
    Tags: , phishing,   

    Coronavirus scams continue to spread 

    Coronavirus scams continue to spread

    The coronavirus continues to command headlines lately due to the number of deaths that have been reported. The virus is also slowing global trade and industry over fears of causing a global pandemic. People all over the world are constantly searching for information about the virus in order to protect themselves. Unfortunately, a lot of people are getting their information about the virus from questionable sources. We’re not just talking about the usual urban legends and old wives tales that propagate on social media. We’re talking about potentially dangerous products and practices that are being spread online in the name of profit during a time of crisis.

    [youtube https://www.youtube.com/watch?v=_tPqhYG624U%5D

    The Better Business Bureau is warning the public about con artists who are claiming to have vaccines, prevention products like masks, and tips. The efficacy of masks has been called into question and many websites that claim to be selling masks are just traps to try to steal your identity. As of the time of publishing this post, no vaccine has yet to be developed that can prevent the spread of the virus. Anybody touting any kind of cure or prevention online is more than likely a scammer.

    In our previous post about the coronavirus, we discussed how cybercriminals are using the fear of the virus to commit phishing attacks. These phishing attacks appear to be increasing. Some of the emails being sent are coming from domains that look like official channels but aren’t For example, some of the emails being sent are reportedly coming from the domain of CDC-gov.com. This is not an official government domain as most of them end strictly in .gov. The Centers for Disease Control’s actual website is at CDC.gov. Some emails are even posing as the CDC asking for donations in Bitcoin. The federal government and especially the CDC would never reach out to the public by email. Any responses to these phony emails could potentially put your personal and financial information at risk.

    Again, if you need current and up to date information about the coronavirus, you can get it at the websites for the World Health Organization, or the Centers for Disease Control.

     

  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: , , Google Docs, phishing,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    [youtube https://www.youtube.com/watch?v=DybcrJyqvAA%5D

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     

← Older posts

Newer posts →

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel