Scams are everywhere, and cyber criminals are smart. They look for ways to exploit trust and goodwill in the rest of society, and then they attack. When it comes to personal information, always remember it’s yours to know and yours to protect. The same is true for your technology – whether at home, school, or work (those are all the same place for many of us these days!), exercise caution and think before you act.
Here are a few current scams to keep in mind. Thanks to our friends at KnowBe4 for sharing!
Exploiting the Coronavirus: “New Approved Vaccines” Infect Your System with Malware
The COVID19 pandemic has led to many creative phishing attacks such as phony offers for free testing, claims that you have come in contact with an infected person, and even accusations that you have violated health and safety protocols. Scammers have come up with yet another Coronavirus-themed attack. This time, they are taking advantage of the worldwide race to develop a vaccine.
The phishing email uses the subject line “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES.” Within the email, you are directed to download an attachment to view this letter. The attachment itself is named “Download_Covid 19 New approved vaccines.23.07.2020.exe.” If you were to download and open this file, you would find that it is actually a piece of malicious software designed to gather data such as usernames, passwords, and other sensitive information.
Don’t be fooled! Remember these tips:
- Watch for sensational words like “URGENT”. Remember, the bad guys want you to panic and click without thinking.
- Never download an attachment from an email you weren’t expecting.
- Don’t trust an email. Instead, visit an official government website or a trusted news source for information on vaccine developments.
“Are you human?” New Attack Uses a CAPTCHA as Camouflage
Have you ever found yourself staring at a wobbly letter trying to decide if it is an X or a Y, just to prove to a website that you’re not a robot? This funny little test is called a CAPTCHA and it is used to help prevent automated malicious software, known as “bots”, from accessing sensitive information. Unfortunately, cybercriminals are now using CAPTCHAs as a way to make their phishing scams seem more legitimate.
In a recent Netflix-themed attack, scammers are sending a phishing email that claims “your payment did not go through and your account will be suspended in the next 24 hours.” To resolve the issue, you’re instructed to click on a link in the email to update your information. If you click the link, you’re taken to a CAPTCHA page. Once you pass the CAPTCHA, you’re redirected to an unrelated webpage that looks like a Netflix login page. Here you’re asked to enter your username and password, your billing address, and your credit card information. Don’t be fooled! Anything entered here is sent directly to the cybercriminals.
Remember to stop, think, and follow these tips:
- Phishing emails are often designed to create a sense of urgency. In this case, “your account will be suspended in the next 24 hours”! Think before you click, the bad guys rely on impulsive clicks.
- When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
- Remember, anyone can create a CAPTCHA webpage, so don’t fall for this false sense of security.
Simple, yet Effective Vishing Scams
Voice phishing, or “Vishing”, is a phishing attack conducted by phone. This is a classic tactic that bad guys typically use to collect your credit card or financial data, along with other personal information. Here’s an example: You receive a call from someone claiming to be a customer service representative for a specific retailer. They say your order could not be processed because your credit card was declined. But not to worry! They are happy to help correct the issue. The caller claims that they need your credit card number, expiration date, and code on the back.
While this scheme is simple, it is also surprisingly effective. The bad guys catch victims off-guard with a pressing issue, like a declined payment. The victim is then relieved when the scammers offer an easy and immediate solution. If you don’t take the time to stop and think about the situation, you could give away your personal data before you realize what is really happening.
Remember these tips:
- Don’t trust caller ID. Phone numbers can be spoofed to look like a familiar or safe caller.
- Never provide personal information over the phone, unless you are the one who initiated the call.
- If you receive a suspicious phone call, hang up, and use the company’s official phone number to call them directly.
If your organization could benefit from customized security training, we can help!