Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:
Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.
How many red flags did you see? Remember the following tips:
Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.
A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.
Follow these tips to stay safe from similar scams:
A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.
The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.
Here’s how you can stay safe from scams like this:
A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We've permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.
Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.
While this is an advanced attack, you can still stay safe by practicing the tips below:
Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.
Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
While this is an advanced attack, you can still stay safe by practicing the tips below:
Let’s be honest, the age of social distancing can leave us feeling lonely. To make matters worse, bad guys are leveraging our loneliness for their scams. Romance-related scams are growing more popular and more complex.
In the latest romance-related scam, bad guys use a dating app to find their target, build a relationship, and establish trust. Once you trust them, the scammer will share financial tips and invite you to an exclusive investment site—which is actually a scam. Your new “friend” will guide you through opening an account, buying financial products, and building your investments. Then, one day, all communication stops and you’re left wondering where that money has gone.
Don’t fall for it! Remember these tips:
While the world continues to navigate life during a pandemic, countless families and individuals are struggling financially. In a truly malicious response to the situation, scammers are launching phishing attacks that claim to offer financial assistance to those in need.
The phishing email impersonates your local government and it states that you are eligible to receive financial aid. You’re directed to click a link in the email for more information. If you click the link, you are taken to a phony government website. The site asks for personally identifiable information, including your social security number. Once you’ve provided this information, the site claims that you will be contacted regarding your aid. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.
Here’s how you can stay safe from scams like this:
Last week, a rally held in the United States Capitol escalated when protestors stormed the Capitol building. This event was later linked to posts on the social media platform Parler. The controversial events at the Capitol and related use of Parler has led both Apple and Google to remove the app from their respective app stores.
Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing this event and the Parler app in their phishing attacks and social media disinformation campaigns.
Here are some tips to stay safe:
With stay-at-home orders in place across the globe, many people are buying new pets to help them feel more connected. Unfortunately, shoppers who are looking for a furry friend may be in for a big surprise. Cybercriminals are creating phony online pet shops that advertise unbelievable prices on purebred pups.
These malicious pet shop sites include poorly-written testimonials from alleged buyers that often don’t make sense. For example, one testimonial claimed that their “German Shepherd baby had hatched”. If you overlook these phony testimonials and click the “Buy Me!” button under the photo of an adorable puppy, you’ll be taken to a contact page to begin your email conversation with the supposed seller. Via email, the scammers will ask you to pay for your pup using Bitcoin or a service provider, such as Paypal. Of course, any money you send goes straight to the bad guys and you’ll never receive your pup.
Here are some tips to avoid this ruff scam:
It’s no secret that cybercriminals love social media. Bad guys use platforms like Facebook and Instagram to impersonate your real friends and followers. Using this disguise, the scammers try to trick you into sharing sensitive information.
Here’s a common scam that is regaining popularity: You receive a message from a friend or follower asking “Is this a video of you?”. The message includes a screenshot of a blacked-out or blurry video. If you click to watch the video, you will be taken to a social media look-a-like login page that is designed to steal your account credentials. If you enter your credentials here, the information will be sent directly to the bad guys and they’ll be able to use your social media account to scam anyone on your friends list.
Keep you and your friends safe by following these tips:
The holiday season is a time for love, joy, togetherness—and last-minute online orders! We’ve all been there: anxiously awaiting a package and hoping you didn’t forget anyone on your shopping list. The holidays have a way of creeping up on us, so expect scammers to be creeping into your inbox as well.
Fake shipping notifications are especially popular during the holiday season. These can come in the form of an email (Phishing) or a text message (Smishing). Typically, the message will offer an urgent update about your package, such as a shipping delay, and you will be directed to click a link for more information. If you click the included link, you’ll be taken to a malicious website that asks for login credentials or other sensitive information. Any information entered on this page will be a gift from you to the cybercriminals!
Here are some tips to keep you safe from shipping notification scams:
For many months, organizations across the globe have been working remotely due to the coronavirus pandemic. In a new phishing attack, the bad guys target your feelings of stress or excitement about returning to the office.
The phishing email resembles something that your human resources department might send about returning to the office. Attached to the email is an HTML file that includes your name in the file name. If you download and open this attachment, you’ll be taken to a file that is hosted on the file-sharing site, Microsoft SharePoint. According to the document, you must acknowledge the return to office policy by providing your username and password. If you enter your credentials here, the information will be sent directly to the bad guys and they’ll have the same access to your organization as you do.
Don’t fall for this trick! Remember these tips:
With so many organizations still working remotely, bad guys continue to target you by spoofing popular video conferencing software, such as Zoom and Microsoft Teams. Video-conference themed phishing attacks can come in all shapes and sizes. For example, you may receive a phony welcome email that asks you to set up your new account. Or, you could receive an email claiming that you need to reschedule a missed meeting. As a more alarming example, you may receive a fake notice that your account has been suspended and you cannot join a meeting without first clicking the link in the email.
No matter what tactic the bad guys use, stay safe from video-conference themed scams by following these tips:
Phishing emails are often designed to trick you into clicking a malicious link. Most email clients, such as Microsoft Outlook and Gmail, have filters that add warning messages to emails with suspicious-looking links. Unfortunately, the bad guys are always finding new ways to bypass these security filters.
The latest way that scammers sneak past your email security is by taking advantage of the collaboration tools available for the Google Drive platform. The platform allows you to tag any user in a file by using their Gmail address. Once tagged, the user will receive a notification directly from Google. This means that if a bad guy tags you in a Google document, you will receive a legitimate notification from Google that includes a link to the bad guy’s file. If you view the file, you’ll likely find that it directs you to click another link. This second link is actually a malicious attempt to steal your sensitive information.
Don’t fall for this trick! Remember:
For most of us, the holiday season is about friends, family, food—and shopping! Black Friday and Cyber Monday fall just after Thanksgiving in the U.S., but internationally, they are two of the busiest shopping days of the year. Unfortunately, while you’re looking for holiday deals, the bad guys are looking for ways to scam you any way they can.
Follow these tips to stay safe this holiday season:
Last week, pharmaceutical company Pfizer announced that long-term trials of their COVID-19 vaccine have been highly successful. This exciting development is a huge step towards ending the pandemic, but experts say we are still far from a publicly available vaccine.
Unfortunately, good news like this is often used by cybercriminals to catch your attention and manipulate your emotions. Expect to see mentions of a COVID-19 vaccine in phishing attacks and social media disinformation campaigns.
Here are some tips to stay safe:
One of the most common ways that bad guys sneak malware onto your computer is through macro-enabled Excel files. A macro (short for macroinstruction) is a set of commands that automate a process in Excel. When you open an Excel file that includes macros, you’ll see a security banner with the option to activate macros by clicking “Enable Content”. Typically, malicious Excel files are attached to a phishing email. If you choose to open the attachment and enable macros, the file will automatically install the cybercriminal’s malware.
In a recent phishing attack, the macro-enabled Excel attachment is designed to look like a Windows Defender help page. The spoofed help page provides easy-to-follow instructions on how to click the “Enable Content” button. To establish additional credibility, the file includes logos of well-known security vendors like McAfee. If you fall for this trick and enable macros, a dangerous piece of malware is installed onto your computer and cybercriminals will have complete access to your system.
Follow these tips to stay safe:
Over the weekend, news broke that actor Sean Connery, who is known for portraying James Bond and countless other roles, passed away at the age of 90. Bad guys will be sure to exploit this celebrity death in a number of ways, so be extra cautious of any mention of Sean Connery in emails, text messages, and social media posts.
Remember these tips:
Have you ever noticed the blue checkmark on your favorite celebrity’s social media profile? This checkmark shows that the person has provided documentation to verify their identity. Verification helps you know a real account from a fake—but this tool isn’t just for celebrities. Whether you have a personal social media account or manage one for your organization, being verified can be a great benefit.
To become verified, you are required to provide sensitive information which, unfortunately, makes this process the perfect bait for a phishing attack. Cybercriminals spoof popular social media platforms like Twitter, Instagram, and YouTube by sending out fake verification emails. The emails include a link that, when clicked, takes you to a convincing verification form. Here you’ll be asked for things like your username, organization, password, gender, and more. Anything entered on this page is sent directly to the bad guys.
Stay safe from this fake verification scam with these tips:
10/20/20 - Smishing Gains Popularity with Bad Guys
Many services, from grocery pickup to credit score updates, offer notifications via text messages or short message service (SMS). Typically, these notifications are short, vague, and include a link—which makes them great for spoofing! Bad guys use fake notification messages for SMS Phishing, or Smishing attacks.
In a recent smishing attack, the bad guys spoof shipping companies and send multiple fake text message notifications. The text messages state that you have an urgent notification regarding the delivery of a package. Each notification includes a link for more information. Clicking this link takes you to a phony Google login page that is designed to steal any information you enter.
It can be tricky to spot smishing attacks, but like a traditional phishing attack, there are steps you can take to keep your information safe. Follow these tips:
Once a year, Amazon, the world's largest online retailer, hosts a massive sales event called Prime Day. Usually set in July, the highly awaited two-day event was postponed until October 13th and 14th this year. While you get ready to shop Prime Day deals, the bad guys are getting ready to scam you any way they can.
There has been a large spike in phony websites using the Amazon brand. One example uses the URL www.amazoncustomersupport[.]net. The page is an Amazon look-alike that claims to help with refunds and order cancellations. All you have to do is provide your order number and credit card information—or so they say. In reality, anything you enter on this page is delivered directly to the bad guys.
Follow these tips to safely shop the Prime Day event:
Last week, the President of the United States, Donald Trump, announced that he and the first lady tested positive for coronavirus. This announcement and the status of President Trump’s health is currently dominating the media—both in the US and around the world.
Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing President Trump's health in their phishing attacks and in their social media disinformation campaigns.
Here are some tips to stay safe:
This past July, Twitter fell victim to an infamous social engineering attack. The attack gave hackers control of over one hundred high-profile accounts—from politicians to celebrities. The hackers used these accounts to scam Twitter followers out of money. Now, cybercriminals are using this event as bait for a convincing phishing scam.
The phishing email uses text that is very similar to the official statement that Twitter made in response to the July attack. The email claims that due to a security breach, you must confirm your identity by clicking on a link in the email. If you click the link, you are redirected to a site that looks very similar to the real Twitter login page. The site is actually a look-alike designed to steal your login credentials. Any information that you enter on this page is delivered straight to the bad guys.
Don’t be fooled! Follow these tips:
Working with a third-party organization can be a great help, but what happens if that third party falls victim to a cybersecurity attack? Not only could your organization’s shared data be exposed, but you may become the target of a very unique phishing attack.
Once a scammer has access to a third party’s email account, they can use it to send phishing emails from a legitimate and familiar email address. Some cybercriminals take this attack a step further by forwarding or replying to real emails that were already in the third party’s inbox. Posing as the original sender, the bad guy sends a simple message such as “Here’s that document you needed.” and includes their own malicious link or attachment. Typically, the phishing email is completely unrelated to the original email but the attack can still be convincing because it appears to be part of a previous conversation.
Don’t be fooled! Here’s how to stay safe from third-party phishing attacks:
In early September, a phishing attack surfaced that imitates one of our security awareness training email notifications. The phishing email comes from our evil twin (the cybercriminals behind this attack) and claims that your training assignment will expire within 24 hours. You are directed to click a link to complete your training.
The link in the email shows the name of your training platform, but if you hover over this link with your mouse, you'll see that the destination domain is actually “msk.turbolider.ru”. Clicking on this disguised phishing link takes you to a phony Microsoft Outlook login page. If you enter information on this page, it will be sent directly to the bad guys.
How do you tell if an email came from the good twin or the evil twin? Follow these tips:
The COVID19 pandemic has led to many creative phishing attacks such as phony offers for free testing, claims that you have come in contact with an infected person, and even accusations that you have violated health and safety protocols. Scammers have come up with yet another Coronavirus-themed attack. This time, they are taking advantage of the worldwide race to develop a vaccine.
The phishing email uses the subject line “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES”. Within the email, you are directed to download an attachment to view this letter. The attachment itself is named “Download_Covid 19 New approved vaccines.23.07.2020.exe”. If you were to download and open this file, you would find that it is actually a piece of malicious software designed to gather data such as usernames, passwords, and other sensitive information.
Don’t be fooled! Remember these tips:
Voice phishing, or “Vishing”, is a phishing attack conducted by phone. This is a classic tactic that bad guys typically use to collect your credit card or financial data, along with other personal information. Here’s an example: You receive a call from someone claiming to be a customer service representative for a specific retailer. They say your order could not be processed because your credit card was declined. But not to worry! They are happy to help correct the issue. The caller claims that they need your credit card number, expiration date, and code on the back.
While this scheme is simple, it is also surprisingly effective. The bad guys catch victims off-guard with a pressing issue, like a declined payment. The victim is then relieved when the scammers offer an easy and immediate solution. If you don't take the time to stop and think about the situation, you could give away your personal data before you realize what is really happening.
Remember to stop, think, and follow these tips:
Some retailers use online surveys to learn more about their customers. Completed surveys are often rewarded with small consolations, like a coupon. Sounds fun, right? The bad guys sure think so! Scammers are posing as well-known brands and sending emails that advertise extravagant rewards, like a new iPhone, for just a few minutes of your time.
Typically, the survey website displays a message claiming that there are only a small number of rewards remaining—this creates a sense of urgency to complete the survey. Usually, at the end of the survey, you’re told that you have won the prize and all that you have to do is pay for delivery. Of course, you didn’t actually win anything. The fake prize and request for your shipping details are just an excuse to gather your name, address, and payment information. Don’t let the scammers win!
Follow these tips when you are answering retailer surveys:
LogMeIn is a popular remote access tool used by IT professionals to gain entry to their employees’ machines. These tools are especially popular right now with so many people working remotely. Unfortunately, with popularity, comes risk. Cybercriminals are impersonating LogMeIn in a new phishing attack. The phishing email claims that you need to click a link in the email to download an “urgent security update”. If you click this link, it takes you to a phony login page for LogMeIn. If you enter your credentials on this look-alike page, the information will be sent straight to the bad guys. If you fall for this trick, you could give attackers access to countless machines within your organization’s network.
Stay safe by following these tips:
Scammers recently hijacked three YouTube channels and used them to collect nearly $150,000 in cryptocurrency. They used these stolen channels to impersonate the official SpaceX YouTube channel. The hijackers played fake livestream interviews with Elon Musk, founder and CEO of SpaceX, while promoting bogus cryptocurrency giveaways. These giveaways are based on an old-school scamming tactic in which cybercriminals ask for a small payment while promising a large payout for the so-called investment.
This scam was successful for two main reasons: First, using existing YouTube channels gave the cybercriminals a large, trusting audience of subscribers. Second, the scammer’s “investment offer” appeared to be coming from the well-known, tech-savvy billionaire, Elon Musk–rather than from a random stranger–so it seemed to be more legitimate.
Here’s what we can learn from this scam:
As the COVID-19 pandemic rages on, the bad guys find increasingly creative ways to weaken your defenses. The newest phishing trend is an email that appears to be from the CDC (Centers for Disease Control and Prevention). The email has an intense subject line: “NOTICE OF CLOSING YOUR FACILITY AND DISINFECT NG THE AREA – BY NCDC WH 20982 COV-19 Due To Recent Corona Virus COVID-19 Pandemic.”
You’re instructed to download an attachment which is supposedly a letter from the CDC claiming that they will close your facility. If you download the file, you’d find that it is actually a malicious program designed to gain access to your company’s sensitive information. Don’t be tricked!
How to beat the bad guys:
The newest Coronavirus-themed phishing attack may be the most ruthless yet. The cybercriminals are sending emails that appear to be from a hospital and warn that you have been exposed to the virus through contact with a colleague, friend, or family member. Attached to the email is a “pre-filled” form to download and take with you to the hospital. Don’t be fooled. The attachment is actually a sophisticated piece of malware. This threat relies on panic and fear to bypass rational thinking. Don’t give in!
Remember to stay vigilant:
The Coronavirus Disease 2019 (COVID-19) pandemic has caused a massive shift in the number of employees who are working remotely. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams.
One scam involves cybercriminals calling you and posing as support personnel from the companies or services that your organization may be using to allow you to work remotely. Typically, the caller will try to gain your trust by stating your job title, email address, and any other information that they may have found online (or on your LinkedIn profile). Then, the caller claims that they will send you an email that includes a link that you need to click for important information. Don’t fall for this scam!
Remember the following to help protect yourself from these types of scams:
It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.
By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!
This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:
Look out! The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus (COVID-19).
Below are some examples of the types of scams you should be on the lookout for:
Remain cautious! And always remember the following to protect yourself from scams like this:
Not only do internet criminals phish your email inbox, they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.
Recently, smishing scammers have been sending text messages that appear to come from the popular cell phone service provider, Verizon. The text message is designed to look like a security alert. It warns you to click the link and validate your account before your account access is disabled. If you fall for this alert and click on the link, you’re brought to a very convincing fake website that looks identical to Verizon’s login page. You’re instructed to sign in to your account to “validate your account security”, but if you mistakenly enter your credentials here, the attackers will have your login information and be able to take over your account.
Remember the tips below to protect yourself from smishing scams:
Google recently removed several applications (apps) from their Google Play store because they contained a strain of “clicker” malware that can view your sensitive data and even make in-app purchases on your behalf. Even though they have now removed these apps there could still be more they don’t know about.
This is not the first time that applications with “clicker” malware have been removed from official Android and Apple app stores, and it will not be the last. Ensuring the security of mobile applications is an ongoing challenge.
Consider the following before downloading any application:
When in doubt, avoid downloading questionable applications, and look for a safer alternative.
Look out! The bad guys are sending a new, attention-grabbing phishing email and they’re targeting the customers of major credit card companies.
Here’s how it works: The email appears to come from one of two well-known credit card companies, either American Express or Chase. The email includes a list of credit card transactions, and you’re asked to confirm or deny whether the transactions are valid. If you click the “No, I do not recognize the transactions” link, you’re brought to a fake login page that looks very similar to the credit card company’s actual login page. Don’t fall for this trick! If you submit your login details, your information is immediately sent to the scammers and your account and your identity will be at risk.
Remember the following to help protect yourself from these types of scams:
Cyber scammers don’t limit their phishing attacks to your email inbox, they love texting your mobile device too! Their current text, or Short Message Service (SMS), scam uses PayPal as the bait.
The text message claims to be from PayPal, and it states that there has been unusual activity detected on your account. If you click on the link in the text, you’re taken to a phishing site that looks almost identical to PayPal’s login page. You are prompted to enter your email address and then your password. Once you’ve gotten this far, you’re asked to enter your mother’s maiden name, your home address, and your financial details. Do not enter any of your information! If you do, your details are immediately sent to the attackers, and your account and your identity are at risk.
Always remember the following to help protect yourself:
Stop, Look, and Think. Don’t be fooled.