Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on May 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Scam threatens to infect your family with COVID 

    We’ve posted before about various scams that threaten either the victim or their family with violence. The first one that immediately jumps to mind is the virtual kidnapping scam where someone calls you and tells you a loved one has been kidnapped and demands a ransom. In reality, the supposed kidnap victim is fine. Another scam in a similar vein is the cartel scam where the scammer claims to be part of a criminal cartel that has targeted your family if you don’t pay them. The scammer will then send a violent picture claiming it to be their last victim. However, the scammer is targeting random people hoping that someone will pay to stop their fictitious demands. With this currently being the quarantine era, of course, there is a version of this scam that involves COVID-19.

    In this updated version of the scam, the scammer will send you a phishing email that may contain the actual username and password to one of your online accounts. These can usually be obtained on the dark web or hacker forums after major data breaches occur. The scammer will threaten to expose all your ‘secrets’ if you don’t pay them. They’ll then say if you don’t pay they’ll infect every member of your family with coronavirus but not in such a polite manner.

    “I know every dirty little secret about your life,” the email reads. “To start with, I know all of your passwords. I am aware of your whereabouts, what you eat, with whom you talk, every little thing you do in a day.”

    “You need to pay me $4,000,” it goes on. “If I do not get the payment: I will infect every member of your family with the coronavirus. No matter how smart you are, believe me, if I want to infect, I can. I will also go ahead and reveal your secrets. I will completely ruin your life.”

    These threats are mostly hollow as these scammers are usually overseas and have no way of really knowing your day to day interactions. again, the scammers are hoping for that one person that believes their claims. If you receive one of these emails your best bet is to simply delete the email. Don’t respond to it even to tell off the scammer as they will then know that your email address is a working one. Just to be on the side of caution you may also want to change your password on whatever account they claim to have compromised.

     
  • Geebo 8:01 am on March 16, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Are new remote workers a security threat? 

    Are new remote workers a security threat?

    With the new coronavirus recommendations designed to try to prevent the virus from spreading any further, many companies are requiring their employees to work at home. For many, this will be the first time that they will be working remotely. All these new remote workers could also mean new security risks that their employers may not be prepared for.

    One of these threats is phishing attacks. We’ve discussed phishing attacks many times before and they’re nothing new for most companies. In short, hackers or scammers will send fake emails trying to get the recipient to click on a link or download an attachment. Usually, these links or attachments contain malware that can infect a corporation’s entire system. In the corporate world, these emails often look like legitimate emails from your employer. If you receive an email like this, hover your cursor over the link to make sure it goes someplace safe. If it has an attachment, verify the sender exists within your company and then verify with them that the attachment is legitimate.

    For example in the UK, an email was sent to all the employees of several healthcare organizations asking employees to click on a link so they could register for a coronavirus safety seminar. The link went to a website that appeared to be an Outlook Web App and when the user would enter their contact information that information would then be stolen.

    Another corporate phishing attack that has been on the rise is the impersonation scam. This when an employee receives an email from a company executive’s email address but wasn’t sent from the executive. Often this scam targets payroll or other financial employees. These emails will often ask for large sums of money to be wired or to change the bank account from where the money is normally held. If you receive one of these emails it never hurts to contact the executive directly by phone to verify the transaction being requested.

    While working at home can be distracting to some, take a moment to verify questionable emails. A few minutes out of your schedule is better than bring an entire company to a halt.

     
  • Geebo 8:00 am on March 13, 2020 Permalink | Reply
    Tags: , , , , phishing,   

    Phony coronavirus websites are on the rise 

    Phony coronavirus websites are on the rise

    Previously when we discussed coronavirus related phishing attacks, we mentioned that emails sent by scammers will try to disguise themselves as being from organizations like the CDC or WHO by using similar email addresses to the actual ones. For example, if the CDC were to send an email the address would be from cdc.gov. Scammers may try to use an address like CDC-gov.com. Not being satisfied with just posing as life-saving aid organizations, scammers are now registering coronavirus related domains in droves. These are the addresses that use to go to a website such as geebo.com.

    According to cybersecurity experts, scammers are registering domains such as coronavirusstatus[.]space, coronavirus[.]zone and survivecoronavirus[.]org just to name a few. A more comprehensive list can be found at this link. Scammers are registering these domain names either to use in phishing emails or to inject malware on your device. For the foreseeable future, if you get an email with a domain name that contains the word ‘coronavirus’ or other related terms, consider it to be harmful. Any links or attachments that these emails contain should not be clicked on as they could lead to malware which could potentially steal your personal or financial information. You could then unwittingly infect all devices connected to your network.

    [youtube https://www.youtube.com/watch?v=WPPaybzkHtw%5D

    And again, you should be on the lookout for other coronavirus scams as well. Like we’ve mentioned before, as of the time of this posting, there is no cure or vaccine for the coronavirus. Anyone promising you otherwise is trying to rip you off. Testing is limited in the US right now, anyone who is not a government agency or medical professional cannot test you for coronavirus and is either pushing snake oil or trying to steal your financial information.

    While the coronavirus, or covid-19 if you prefer, is a real danger and something we should be concerned about, don’t allow fear to get the better of you. In a crisis like this, panic helps no one. Look to your local media and state government about how the virus is affecting your area and heed those warnings. If we all work together, we can get through this.

     
  • Geebo 9:00 am on March 5, 2020 Permalink | Reply
    Tags: , , phishing, ,   

    Coronavirus scams are as bad as the disease 

    Coronavirus scams are as bad as the disease

    The coronavirus crisis has not gotten any better over the past few weeks. Tragically, it has claimed more lives and more cases are being reported every day. The crisis has created such a climate of fear that scammers have tried to seize every opportunity to take advantage of that fear. It’s gotten so bad that Amazon has removed one million products that made false coronavirus claims and Facebook has cracked down on misleading ads about coronavirus. This is not something that either of these companies does lightly. Just about every State Attorney General has also warned their constituents to wary of scams related to the outbreak.

    When we first discussed coronavirus scams, we discussed phishing attacks that are used to infect your device with malware. Those phishing attacks have become more sophisticated as many of them are now trying to disguise their emails as coming from places like the World Health Organization or the Centers for Disease Control. A great way to tell that these emails are fake is checking the email address it was sent from. If it’s from the WHO the email address would end in who.int while the CDC’s would end in cdc.gov. You should also always hover your cursor over any links contained in the email to see exactly where the links may take you. The odds are they’ll take you to a site infested with malware or one designed to try to steal your personal information.

    [youtube https://www.youtube.com/watch?v=bcDoiSgrrzI%5D

    We’ve also previously discussed how con artists from all over the world are trying to sell snake oil cures. Again, as of the time of this post, there is no vaccine or cure for the coronavirus. Anyone who is trying to tell you otherwise is either woefully misinformed or trying to sell you something that is at best a placebo and at worst toxic and dangerous.

    Much like when a natural disaster occurs, price gouging is also being committed for legitimate supplies that will be useful if everyday services become disrupted. Bottled water is one of those items as are surgical masks. Speaking of the masks, you shouldn’t be going out to buy a crate of masks unless advised by a medical professional. Surgical masks are designed to keep the wearer from spreading any infection and doesn’t prevent wearers from getting one. Not only that, but there are also counterfeiters who are selling bogus masks that don’t do anything at all. There have also been reports that bogus websites have been popping up claiming to sell masks and other items that aren’t selling anything at all. Instead, they’re just stealing your financial information.

    Even the greedy among us are being scammed by buying into phony investments that promise a return when you supposedly invest in companies that will supposedly cure the virus. On the flip side, the charitable among us are at risk as well as many scammers will be posing as charities that either claim to be researching a cure or helping those affected by the disease. Always carefully research any charity you think is worth donating to.

    For more information please check the Federal Trade Commission’s website about coronavirus scams.

    As always, if you want to keep abreast of the ever-changing situation please go to the websites for the World Health Organization, or the Centers for Disease Control.

     
  • Geebo 9:00 am on February 13, 2020 Permalink | Reply
    Tags: , phishing,   

    Coronavirus scams continue to spread 

    Coronavirus scams continue to spread

    The coronavirus continues to command headlines lately due to the number of deaths that have been reported. The virus is also slowing global trade and industry over fears of causing a global pandemic. People all over the world are constantly searching for information about the virus in order to protect themselves. Unfortunately, a lot of people are getting their information about the virus from questionable sources. We’re not just talking about the usual urban legends and old wives tales that propagate on social media. We’re talking about potentially dangerous products and practices that are being spread online in the name of profit during a time of crisis.

    [youtube https://www.youtube.com/watch?v=_tPqhYG624U%5D

    The Better Business Bureau is warning the public about con artists who are claiming to have vaccines, prevention products like masks, and tips. The efficacy of masks has been called into question and many websites that claim to be selling masks are just traps to try to steal your identity. As of the time of publishing this post, no vaccine has yet to be developed that can prevent the spread of the virus. Anybody touting any kind of cure or prevention online is more than likely a scammer.

    In our previous post about the coronavirus, we discussed how cybercriminals are using the fear of the virus to commit phishing attacks. These phishing attacks appear to be increasing. Some of the emails being sent are coming from domains that look like official channels but aren’t For example, some of the emails being sent are reportedly coming from the domain of CDC-gov.com. This is not an official government domain as most of them end strictly in .gov. The Centers for Disease Control’s actual website is at CDC.gov. Some emails are even posing as the CDC asking for donations in Bitcoin. The federal government and especially the CDC would never reach out to the public by email. Any responses to these phony emails could potentially put your personal and financial information at risk.

    Again, if you need current and up to date information about the coronavirus, you can get it at the websites for the World Health Organization, or the Centers for Disease Control.

     
  • Geebo 9:00 am on February 7, 2020 Permalink | Reply
    Tags: , , Google Docs, phishing,   

    Google Docs used in phishing attack 

    Google Docs used in phishing attack

    It’s difficult to accomplish anything online without using one of Google’s many products. Whether your work uses Gmail as its email service or just conducting a simple web search, the majority of us will use a Google product on a daily basis. With most web users using Google’s Chrome browser, many users are entrenched into the Google ecosystem by default. Because of Google’s reach across the internet, it should come as no surprise that opportunistic cybercriminals will use Google’s familiarity to try to compromise your device and information. Once such instance of these tactics has been recently reported.

    Scammers are sending out emails that appear to be from someone on your contacts list who is sharing a document with you from Google Docs. The email will have logos attached from Google and Norton Security. The email will also say that the email has been scanned for viruses. Then there will be a link leading you to the supposed document. If you click on the link, malware could be installed on your device that not only could steal your information but it could also send out similar phishing emails to everyone on your contact list further spreading this latest attack. This is similar to an attack that happened back in 2017.

    [youtube https://www.youtube.com/watch?v=DybcrJyqvAA%5D

    The best way to protect yourself from this attack is to verify with the sender to make sure if this is a legitimate email or not. Enabling two-factor authentication on your email service will also go a long way in preventing your email from being hijacked. If the scammers can’t access your email remotely then they won’t be able to gain control of your outgoing emails. Most email providers offer two-factor authentication protection. While 2FA is not a 100% guarantee of protection, it does prevent a great number of attacks.

     
  • Geebo 9:00 am on February 4, 2020 Permalink | Reply
    Tags: , , phishing,   

    Coronavirus fears have led to cyber attacks 

    Coronavirus fears have led to cyber attacks

    The coronavirus has taken up much of the headlines lately and with good reason. Recent reports have come out claiming that it could become a global pandemic although the potential fatality rate remains in doubt. Add to that the amount of rumors and misinformation that is being spread about the disease isn’t helping allay public fears. So as is can be expected, cybercriminals have taken it upon themselves to take advantage of that fear for their own crooked purposes. As we always say, scammers and con artists never fail to take advantage of a disaster or crisis to try and put one over on their victims at great personal cost.

    Security experts at Kaspersky Labs have discovered several phishing emails being spread about the coronavirus. The emails, a sample of which can be seen here, pretend to be from a medical professional who is a coronavirus expert. The emails then request that you click on a link so you can get more information about protecting yourself from the coronavirus. The links are disguised as being any number of video or document files such as pdfs and mp4s. However, these attachments are filled with malware that can do any number of malicious things to your device including destroying your files or holding your device for ransom, among others.

    [youtube https://www.youtube.com/watch?v=tEFFZ7uZoFM%5D

    As always, you should never click on any links or attachments in emails from someone you don’t know personally. If you are concerned about the coronavirus you can get the most factual information from either the World Health Organization, the Centers for Disease Control, or both. Education about the disease is one of the best tools we have as a society in defeating it.

     
  • Geebo 9:00 am on January 24, 2020 Permalink | Reply
    Tags: , FedEx, phishing, , ,   

    FedEx text scam is more dangerous than you think! 

    FedEx scam is more dangerous than you think!

    A number of reports went out nationwide yesterday about a scam that’s appearing in the text messages of many Americans. As you can see by the graphic above, the text claims to be from FedEx telling you that you have an incoming package that requires you to submit your delivery preferences. The text then provides you a link to click on. While this appears to be just a ‘normal. phishing scam on the surface, this particualr scam goes much deeper than that and can end up costing you a lot of money.

    If you were to click on the link in the phony text you would be taken to a site that looks like Amazon but isn’t. The fake Amazon site then asks you to fill out a customer service survey in order to claim a prize. However, to collect the prize you need to cover the cost of shipping and for that, you need to provide your financial information. Yet, it doesn’t stop there. On top of everything else, by providing your payment information you’re also signing up for a subscription service that will charge you close to $100 a month for products related to the ‘prize’ you chose. We’ve previously discussed subscription scams here.

    [youtube https://www.youtube.com/watch?v=Ez1ZmkI4EfA%5D

    If you receive this text, delete it immediately. It goes without saying that you shouldn’t click the link nor should you respond to it. While FedEx does offer a service to text message you about the arrival of your packages you have to sign up for that service. FedEx will never send unsolicited text messages. If you are expecting a package to be delivered from FedEx or any other courier and you are concerned about the delivery, always use the courier’s website or official app to see if there have been any actual problems with delivery.

     
  • Geebo 9:04 am on January 15, 2020 Permalink | Reply
    Tags: 401k, , phishing, retirement fund,   

    Are thieves targeting your 401k? 

    Are thieves targeting your 401k?

    We’ve discussed several different forms of bank fraud before. Whether it’s text message scams or phishing attacks to gain your account information, we’ve talked about the myriad of ways that scammers try to empty your bank account. Now, because of all the news that has gotten out about these scams thieves and cyber-crooks have started targeting a new source of income, retirement funds and 401ks. Is your retirement nest egg vulnerable to being cleaned out? Let’s take a look at how the thieves are targeting 401ks and what can be done about them.

    According to USA Today, since so many consumers and banks have become wary of the typical scams that are used to attack bank accounts the thieves have turned to attack 401ks. The reasoning behind this is because a lot of people don’t pay close attention to their 401k. In too many cases, consumers will either ignore or discard the statements they receive from their retirement fund broker. Then when they need to check their 401k balance they discover that their fund has been slowly drained. Unlike banks, retirement funds aren’t always willing to help you get your money back.

    While the target may be new, the attacks are roughly the same. The thieves use old standards like phishing attacks and weak passwords to gain access to your 401k. In order to prevent these attacks from happening it’s recommended that you review the mailed statements you receive from your fund manager for any suspicious behavior. It’s also recommended that you use a strong password to secure your account with a password that’s not used on any of your other online accounts. Lastly, never click on any links in emails that you receive purporting to be from your 401k manager as they can be used to steal your login information. Instead, always go directly to the 401k website and log in from there to check your account.

     
  • Geebo 9:00 am on January 13, 2020 Permalink | Reply
    Tags: , , , , phishing, ,   

    Scams that use the Amazon name 

    Scams that use the Amazon name

    Over the weekend, a number of reports came out independent from each other that detailed separate scams that are using Amazon’s name and logo to fool victims into handing over personal or financial information.

    In the first scam, scammers are sending out emails with the official Amazon logo attached to them. The email thanks you for purchasing an Amazon e-gift card. The email then says that if you didn’t purchase the e-gift card to click a link to cancel the purchase or receive a refund. This is a phishing attack that will lead you to a website that is not Amazon where the scammers will try to get you to input personal or financial information in order to get your ‘refund’. In one instance, a victim was asked to buy Amazon gift cards from a local retailer to fix the problem. If you ever receive an email like this you should never click on any links. Instead, go straight to the retailer’s website to check your account.

    [youtube https://www.youtube.com/watch?v=5Rg9tCBj0CU%5D

    The second scam was reported as happening in the Pacific Northwest. In it, the scammers are sending consumers letters stating that their Amazon purchase didn’t go through. What’s troubling about this scam is that the scammers have gained access to information that allows them to know what you purchased from Amazon and how much you paid for it. The letter instructs you to go to a website in order to but again, asks you to input personal and financial information. It’s unknown how scammers have gotten the purchase information so if you receive one of these letters, it’s recommended that you change the password to your Amazon account.

    In the last scam, if you’re thinking about signing up for Amazon Prime or you have a technical issue with Prime, be careful of what links you click on after a web search. In some cases, if you do a web search for ‘Amazon Prime’ or ‘Amazon Prime customer support’ you may be presented with ads that take you to third-party sites that are definitely nor Amazon. In other cases, these ads will list a phony customer service number for Amazon Prime. Security researchers have stated that these ads will take you to sites that will try to get you to pay for services that would be free if performed by amazon. This is also known as the tech support scam. Again, if you have customer service needs that Amazon needs to address, go to Amazon.com in order to find the correct information.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel