Home > About > News & Events > Cyber Scam of the Week
Coinbase, a cryptocurrency platform, was the latest victim of a social engineering attack. Social engineering occurs when cybercriminals manipulate you to try to steal your sensitive information.
In this recent attack, a cybercriminal sent smishing (SMS phishing) messages to Coinbase employees. These messages contained a link directing employees to log in to their company accounts. Shortly after one employee clicked this link, Coinbase saw and prevented the cybercriminal from gaining internal access. Later, the cybercriminal called the same employee and claimed to be from Coinbase’s IT department. The employee thought the call was legitimate, and the cybercriminal stole some sensitive information over the phone.
Follow the tips below to stay safe from similar scams:
• Always be cautious of unexpected text messages.
• Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
• Before you share any sensitive information over the phone, verify that the caller is actually who they say they are.
Okta's single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren't the only people who benefit from this service. Cybercriminals are taking advantage of Okta and other SSO services in a recent smishing (SMS phishing) scam.
To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.
Follow the tips below to stay safe from similar scams:
• Always be cautious of unexpected text messages. While this scam targets Okta users, it could be used with any authentication service.
• Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
• Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
Have you ever received text messages about special discounts or promotions for a service you use? Many legitimate organizations send promotional text messages to their customers. Unfortunately, cybercriminals are sending text messages with fake promotions to try to manipulate you.
In a recent smishing (SMS phishing) scam, cybercriminals send you a text message offering a discount that's only available for a limited time. The text message claims that the discount is for a common expense such as gas, an electricity bill, or even a car insurance policy. To claim your discount, the text message states that you need to click a link and enter sensitive information, including your bank account information. If you click the link and enter this information, cybercriminals can use it to access your bank account and steal your money.
Follow the tips below to stay safe from similar smishing scams:
• Think before you interact with a text message. Did you sign up for text messages from the organization? Is the text message similar to other text messages you’ve received from the organization?
• If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.
• Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
Google Translate is a free service that you can use to translate text from one language to another. Since Google Translate is a Google product, many people view it as a sign that a webpage is trustworthy. Now, cybercriminals are spoofing Google Translate pages to make their phishing campaigns seem legitimate.
In a new phishing scam, cybercriminals send an email claiming that important emails are being withheld from your inbox. The email instructs you to click a link to log in and confirm your account. This link will redirect you to a spoofed login page that displays a Google Translate banner. This banner claims that text on this page has been translated into your language and makes the page look legitimate. If you enter your login credentials, cybercriminals will use them to access your account and steal your sensitive information.
Use the tips below to spot Google Translate phishing scams:
• If you receive an email claiming you have an account issue, always log in to the organization’s website directly.
• Before you click a link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.
• Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds a layer of security by requiring that you provide additional verification to log in to your account.
Simple Mail Transfer Protocol (SMTP) is the standard method that mail servers use to send emails. Organizations typically use an SMTP relay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service.
Using this vulnerability, cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let’s say that a legitimate organization owns the domain sign-doc[dot]com and uses Gmail to relay its marketing emails. Cybercriminals could send phishing emails from a malicious domain, such as wishyoudidntclickthis[dot]com, and disguise the emails by spoofing the legitimate domain, sign-doc[dot]com. Since the spoofed domain is being relayed through Gmail, most email clients will consider the malicious email safe and allow it to pass through security filters.
Follow the tips below to stay safe from similar scams:
• This type of attack isn’t limited to Gmail. Other SMTP relay services could have similar vulnerabilities. Even if an email seems to come from a legitimate sender, remain cautious.
• Never click on a link or download an attachment in an email that you were not expecting.
• If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.
Google Docs is one of the world’s most popular document sharing and editing applications. Along with the ability to create and share documents, Google Docs allows users to add comments to these documents. In a new scam, cybercriminals have taken advantage of this feature by inserting phishing links into comments.
In this scam, cybercriminals use a real Google account to create a document in Google Docs and then tag you in a comment. You will then receive a legitimate email from Google, notifying you that you’ve been tagged in a comment. The comment will include an embedded phishing link and may appear to come from someone you trust, such as a co-worker. Unfortunately, if you click the phishing link, malware may be installed on your device.
Don’t fall for this trick! Follow the tips below to stay safe from similar scams:
• Beware of suspicious links. Always hover your cursor over links before you click, and check the commenter’s email address to verify their identity.
• Check the comment for grammatical errors, such as misspelled words or unusual phrases. Grammatical errors may be a sign that the comment is suspicious.
• Don’t open documents or files that you weren’t expecting to receive. If you receive a document that you weren’t expecting, make sure you verify that the sender is legitimate before you open it.
Google Voice is a service that provides virtual phone numbers to make and receive calls and text messages. Each Google Voice number must be linked to a real phone number so that any activity can be traced back to the user. In a new scam, cybercriminals use your name and phone number to create a Google Voice number. Once created, cybercriminals can use the Google Voice number for other phone-based scams. Worse still, they can also use the linked Google Voice number to gain access to your Google account.
Here’s how the scam works: Cybercriminals target anyone that shares their phone number in a public space. For example, let’s say you post an ad for an old couch on a resale website and include your phone number. A cybercriminal could contact you pretending to be interested in the couch. Then, they could send you a Google authentication code and ask you to send them the code to prove that you are a legitimate seller. Unfortunately, the code actually allows them to link their Google Voice number to your real phone number.
Remember the following tips to stay safe from similar scams:
• If someone wants to confirm that you are a real person, suggest a safe option, such as making a phone call or meeting in a busy, public place.
• Resale sites are just one example of where cybercriminals could find your phone number. They could also reference social media posts or even your resume. Always be cautious when you’re contacted by someone you don’t know.
• Never share a confirmation or authentication code with another person. Keep these codes between you and the service that you need the code for, such as logging in to your bank account.
Netflix is both the world’s largest streaming platform and one of the most impersonated brands among cybercriminals. There have been many Netflix-themed scams over the years, but most of these scams target one of two groups: current Netflix subscribers or potential Netflix subscribers.
To target current Netflix subscribers, cybercriminals send phony email notifications claiming there is a problem with your billing information. To target potential Netflix subscribers, cybercriminals send emails that advertise a deal for new accounts. Both phishing emails include links that lead to Netflix look-alike webpages where you’re asked to provide your personal and payment information. Any information you enter on these fake webpages is delivered straight to the cybercriminals.
Remember the tips below to stay safe from streaming scams:
• Never click on a link within an email that you weren’t expecting, even if the email appears to come from a company or service you recognize.
• These types of scams aren’t limited to Netflix. Cybercriminals also spoof other streaming services, such as Disney+ and Spotify. Remember that if a deal seems too good to be true, it probably is.
• If you receive an unexpected notification, open your browser and navigate to the platform’s website. Then, you can log in to your account knowing that you’re on the platform’s real website and not a phony look-alike website.
It’s Thanksgiving week in the United States, which means Black Friday and Cyber Monday are finally here! To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers.
Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you'll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals.
Follow the tips below to avoid these malicious online stores:
• Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as "Squishmellows" or "Squashmallows."
• Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!
• Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer.
No legitimate lender would ask for your online banking information and would never ask you to send part of any loan proceed back to them. You should never give your online banking log-in information to anyone. Doing so gives that person all of your transaction history information, allows them to withdrawal (or deposit to) your funds, and your account could be used for illegal purposes. If in doubt call GenFed for help!
GenFed has become aware of members receiving fraudulent phone calls from individuals claiming to be from the Credit Union Fraud Department. These fraudsters are using spoofing technology to make the phone calls appear to be coming from a legitimate GenFed Financial phone number.
The fraudster may claim that a fraudulent charge has been made on the member’s account and the member is asked to confirm his or her identity. Or the fraudster may make other false claims.
While GenFed Financial actively monitors your accounts for potential fraud, please remember that we will NEVER initiate a call or email asking you to give us your card PIN, Online Banking username and password, or full card number. If you have any doubt about the validity of a phone call you receive from us, please hang up and call your local branch to speak with us immediately.
Please also be aware that you can use our free Card Control service through the cards app to lock your card until you are able to reach us. This will ensure that your card is protected until you are able to contact us.
With a year full of high-profile data breaches, one cybercriminal has created the ultimate database. The cybercriminal claims that the database contains over 3.8 billion records and is attempting to sell the information on the dark web.
Allegedly, the database is made up of scraped phone numbers that were then linked to Facebook profiles, Clubhouse accounts, and other sensitive information. Due to the nature of this data, we expect to see an increase in smishing attacks, hijacked accounts, and other social media scams.
Use the tips below to stay safe from these types of scams:
• Smishing, or text message phishing, is difficult to spot. When you receive a suspicious text message, ask yourself these questions: Were you expecting this message? When did you give the sender your phone number? Did you sign up for text notifications?
• Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.
• For a high level of security, keep your social media accounts private. Only accept friend requests or follow requests from people that you know and trust.
James Bond is one of the longest-running film series in history. Since fans have been waiting since 2015 for another installment, the new film, No Time to Die, is making headlines. Cybercriminals have wasted no time and are using the film’s release as phish bait in a new scam.
The scam starts with an ad or pop-up window that claims you can stream No Time to Die for free. If you click on the ad, you are taken to a malicious website that plays the first few minutes of the film. Then, the stream is interrupted and you are asked to create an account to continue watching. Of course, creating an account includes providing personal information and a payment method. Unfortunately, if you complete this process the cybercriminals can charge your debit or credit card for as much money as they’d like. Plus, you won’t actually get to watch the film.
Here are some tips to avoid scams like this:
• Be suspicious of ads, emails, and social media posts that offer free services for something you would typically have to pay for.
• Only use well-known, trusted websites to stream movies, shows, and music.
• Never trust an online ad. Use a search engine to look up reviews, articles, and the official website for any product or service that catches your eye.
Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.
When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage.
Don’t fall for this trick! Remember the following tips:
• Never click on a link or download an attachment in an email that you were not expecting.
• If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.
• This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!
Spear phishing is a phishing attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media. Spear phishing attacks on social media often come from fake accounts, but in a recent scam, cybercriminals used real, compromised accounts. After hijacking an account, cybercriminals impersonated that person and targeted their friends and followers.
In this scam, cybercriminals use the hijacked account to engage in friendly conversations with you in an attempt to lower your guard. Since you don't know that the account has been hijacked, you are more likely to trust information that they send to you. Once they think they have your trust, the cybercriminals will send you a Microsoft Word document asking for you to review it and give them advice. Once you open the document, the program will ask you to enable macros. If you do enable macros, your system will automatically download and install a dangerous piece of malware.
Follow the steps below to stay safe from this scam:
• Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
• Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.
• Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website.
Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.
Follow the tips below to stay safe from this unique threat:
• Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
• Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information.
• If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.
Microsoft Windows is the most widely used operating system in the world. This October, it is getting an upgrade. Microsoft has announced that starting October 5, compatible systems that run the current version of Windows 10 will be offered a free upgrade to Windows 11.
Cybercriminals are sure to use this announcement in several ways. In the coming weeks, we expect to see update-related phishing emails, fake Windows 11 webpages, and pop-up ads designed to look like a Windows update.
Don't fall for these scams. Follow the tips below to stay safe:
• Always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively.
• Only trust information from the source. If you want to learn more about the Windows 11 update, go directly to Microsoft’s official website or follow their official social media pages.
• If you are prompted to update your work computer, reach out to your administrator or IT department. They can check to make sure the update is legitimate and safe.
Cybercriminals have used COVID-19 as phish bait since the start of the pandemic, and they’re not stopping any time soon. In a recent attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form "could carry significant fines".
If you click the link in the email, you are directed to a realistic but fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a real vaccination form from your local government. The good news is that this form isn't actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.
Remember these tips to avoid similar phishing attacks:
• Watch out for a sense of urgency, especially when there is a threat of a fine or a penalty. These scams rely on impulsive actions, so always think before you click.
• Never click on a link or download an attachment in an email that you were not expecting.
• If you receive an unexpected email from someone within your organization, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.
In a recent phishing scam, scammers told users that they have violated copyright laws and must take immediate action to protect their account. The scammers claim that the content the user posted, such as an Instagram photo or a YouTube video, violates copyright law. Users are told that they must immediately click a link to protect their account from suspension or deactivation. However, in a recent version of this scam, the scammers are trying to get you on the phone with a fake support tech.
The way this scam works is that scammers send a fake Digital Millennium Copyright Act (DCMA) complaint that informs users about a potential copyright violation. The user is told that they can click a link to see the original copyright complaint or they can call a phone number to contact technical support. When the user tries to click the complaint link, they are taken to an error page. This error page is used to pressure the user into calling the free, fraudulent phone number instead. Once the user calls, the fake technical support team uses social engineering tactics to pressure the users into revealing sensitive information.
Don’t fall for this trick! Follow the tips below:
• Beware of urgent messages. Cybercriminals use this sense of urgency to pressure you into acting quickly.
• Never give away sensitive account information. Organization’s IT teams will not ask for sensitive information, such as passwords, over the phone or over email.
• Don’t call without verifying the phone number. Verify the organization’s phone number by checking their official website.
Scammers recently used their own third-party Android applications (apps) to hijack over 10,000 Facebook accounts. If you were to download and open one of these malicious apps, you’d see a familiar feature: the “Continue with Facebook” button. Legitimate apps often integrate with websites like Facebook to make account creation quick and easy. In malicious apps, this type of link often leads to a phony login page designed to steal your login credentials.
This scam is unique because clicking the “Continue with Facebook” button actually opens the official Facebook login page. If you log in to your Facebook account, you’ll give the bad guys far more than your username and password. The malicious apps include an extra bit of code that gathers your account details, location, IP address, and more. Once they hijack your account, the bad guys can use it to generate ad revenue, spread disinformation, or even scam your friends and family.
Follow these tips to stay safe from malicious applications:
• Though this attack targets Android users, the technique could be used on any kind of device, even desktop computers. Always be careful when downloading apps or software, regardless of the device that you are using.
• Before downloading an app, read the reviews and ratings. Look for critical reviews with three stars or less, as these reviews are more likely to be real.
• Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores, including cybercriminals.
In a recent phishing scam, bad guys combined some of their favorite tricks to create an extra special phishing email. This phishing scam uses a number of different tactics to fool you and your email filters.
The phishing email is designed to look like a real Microsoft OneDrive notification, complete with official logos and icons. If you check the sender’s address, you’ll see an email address that closely resembles a real Microsoft domain. The body of the email references your actual Microsoft username and directs you to click on a button to open a shared Microsoft Excel file.
To bypass your email filters, the scammers don't use a direct link to their malicious webpage. Instead, the email includes a link from a trusted website called AppSpot, which is a cloud computing platform from Google. If you click on the “Open” button in the email, the AppSpot website immediately redirects you to a compromised Microsoft SharePoint page. On this page, you will be asked to provide your Microsoft credentials to access the supposedly shared file. Any information typed on this page will be delivered directly to the bad guys.
Remember the following tips to stay safe:
• Never click on a link or download an attachment from an email that you were not expecting.
• If you receive an unexpected email from someone who you think you know—stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.
• This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.
In a recent large-scale cybersecurity attack, scammers sent over 400,000 phony blackmail attempts. These devious emails are written in an oddly casual tone and seem to outline the bad guy’s entire blackmail process. The scammer claims to have purchased your information from a hacker. To make this claim more convincing, the scammer references an actual password of yours that has been exposed in a data breach.
The scammer goes on to say that they have installed a piece of malicious software (malware) onto your device. Supposedly, the malware was used to access your webcam and record you without your knowledge. Despite claiming to have full access to your accounts and device, the scammer intends to blackmail you via email. They'll threaten to release an incriminating video of you if you don’t pay them. Don’t be fooled!
Follow these tips to call the scammer’s bluff:
• Think before you click. If the scammer truly has the access to your accounts and device that they claim to have, why are they emailing you to ask for money?
• Cybercriminals use information from real data breaches to seem legitimate. Stay informed about data breaches by using a trusted credit and identity monitoring service. A number of reputable institutions provide these services for free.
• Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you give to retailers and online services.
Microsoft recently announced legal action against domains that impersonate the brand using homoglyphs. A homoglyph is a letter or character that closely resembles another letter or character. Cybercriminals use homoglyphs to trick you into thinking a domain belongs to a trusted company.
Here’s an example: Scammers could use a zero (0) in place of a capital letter “O” or they could use a lowercase letter “L” in place of a capital letter “i”. Using these examples, the bad guys can impersonate MICROSOFT[dot]COM as MlCR0S0FT[dot]COM. Some cybercriminals take this method one step further by using characters from other languages. For example, the Russian character “?” could be used in place of an English letter “b”.
Don’t fall for this trick! Remember the tips below:
• Be cautious when you receive an email that you were not expecting. This trick can be used to impersonate any company, brand, or even a person’s name.
• Before you click, always hover over a link to preview the destination, even if you think the email is legitimate. Pay close attention to the characters in the URL.
• If you’re asked to log in to an account or an online service, navigate to the official website and log in there. That way, you can ensure you’re logging in to the real website and not a phony look-alike website.
Cybercriminals are always finding new ways to bypass your security filters. In this scam, the bad guys start by sending a Microsoft Word document that has no malicious code or links within it. Once opened in Microsoft Word, the innocent-looking document includes a pop-up that asks you to enable macros. A macro, short for macroinstruction, is a set of commands that can be used to control Microsoft Word, Microsoft Excel, and other programs.
Here’s how the attack works: If you open the attached Microsoft Word document and enable macros, the document automatically downloads and opens an encrypted Microsoft Excel file. The Microsoft Excel file instructs Microsoft Word to write new commands into the same Microsoft Excel file. Once the new commands are added, the Microsoft Excel file automatically downloads and runs a dangerous piece of malware onto your device.
Use the tips below to avoid falling victim to an attack like this one:
• Never click a link or download an attachment from an email that you were not expecting.
• Before enabling macros for a file, contact the sender using an alternative line of communication, such as making a phone call or sending a text message. Verify who created the file, what the file contains, and why enabling macros is necessary.
• This type of attack isn’t exclusive to Microsoft products. The technique could easily be used on a number of other programs. Always think before you click.
Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.
Here are some tips to stay safe:
• Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
• Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
• Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
To help protect you against malicious links, most email clients have filters that flag suspicious-looking emails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in email filters typically do not recognize that this content is malicious.
In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.
Don’t fall for this trick! Remember:
• Never click on a link or download an attachment in an email that you were not expecting.
• If you think the email could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign email using a Google Drive link.
• When an email claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.
Say the new browser extension that you want to download has a lot of positive reviews. These reviews may make the extension seem legitimate, but not necessarily. Cybercriminals often use fake reviews to trick users into downloading malicious browser extensions.
For example, a malicious Microsoft Authenticator extension with fake reviews was recently found in the Google Chrome Store. The extension had five reviews: three one-star reviews and two five-star reviews. The real one-star reviews warned others that the extension was malware, while the fake five-star reviews praised the extension. This is just one example of how bad guys use fake reviews to gain your trust.
So, how do you know if the cool new extension is safe to download? Follow these tips to stay safe:
• Only download extensions from trusted publishers. Cybercriminals can easily publish extensions or apps to app stores, so make sure you know who developed the extension before you download it.
• Be suspicious of extensions that ask you to enter sensitive information. Legitimate extension downloads may request special permissions from you, but they won’t ask you to give up sensitive information.
• Look for negative reviews. Don’t just focus on the positive reviews. Negative or critical reviews are less likely to be fake.
Amazon, the world's largest online retailer, is hosting their huge Prime Day sales event on June 21st and 22nd this year. Subscribers around the world are ready to shop! But while you’re looking for good deals, the bad guys are looking for the opportunity to scam you any way they can. Expect to see all sorts of scams related to Amazon’s Prime day, from fake advertisements to phony shipping notifications.
One Amazon-themed scam uses a phishing email disguised as a security alert. The alert starts with “Hi Dear Customer,” and goes on to say that your account has been “blocked” due to an unauthorized login. The email explains that, “You can't use your account at the movement, Please Verify And Secure your account by following link”. If you were to click the link in the email, you would be sent to a malicious website.
Shop safely by following these tips:
• Look out for spelling and grammatical errors. This specific phishing email was full of errors, such as using the word “movement” instead of “moment”.
• Always go directly to Amazon.com when you want to shop, review your order information, or check on the status of your account.
• Never trust a link in an email that you were not expecting. Cybercriminals have created hundreds of fake domains with the words "Amazon" and "Prime" in order to trick you.
Once again cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.
In this FINRA-themed phishing email, the sender’s email address uses the domain gateway[dash]finra[dot]org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!
Use the tips below to stay safe from similar attacks:
In a new Smishing (SMS Phishing) attack aimed at Android users, cybercriminals send a text message that claims you have a delivery that needs to be paid for. If you tap on the link provided in the text, you are taken to a page that asks you to update your Google Chrome app. If you tap the Install Now button on the page, a download begins and you are redirected to a payment screen. On this screen, you are asked to pay a small fee so that your package can be delivered. If you provide any payment information on this page, it is sent directly to the bad guys.
Unfortunately, this scam gets worse. If you tapped the Install Now button mentioned above, you actually downloaded malware that uses the icon and name of Google Chrome to disguise itself. This “app” then uses your mobile number to send thousands of smishing texts to random, unsuspecting victims.
Don’t become a part of their scam! Follow the tips below to stay safe from attacks like this:
A recent social engineering scam uses real people in a call center to trick you into downloading malware onto your computer. Here’s how the scam works:
You receive an email claiming that your trial subscription to a publishing company will expire soon. The email states that you will be charged if the subscription is not canceled, and it directs you to call a phone number for assistance. If you call this number a representative happily walks you through how to unsubscribe. The representative directs you to a generic-sounding web address, asks you to enter the account number provided in the original email, and tells you to click a button labeled “Unsubscribe”. If you click, an excel file is downloaded onto your computer. The representative tells you to open that file and enable macros so you can read a confirmation number to them. If you enable macros, a malicious file is installed that allows cybercriminals backdoor access to your system. The bad guys can use this access to install more dangerous malware, such as ransomware.
Follow these tips to stay safe from this social engineering attack:
Most email clients have security filters that scan your incoming emails for keywords. When certain keywords accompany other suspicious elements, the email will be filtered into your Spam or Trash folder. But cybercriminals can bypass your email filter using one simple tool: synonyms. Bad guys are replacing commonly-filtered words with synonyms (words or phrases that mean the same thing). This simple swap gets their phishing email past your email filters and into your inbox.
In a recent phishing attack, the cybercriminals replaced the term “invoice” with the synonym “Remittance Advice”. Since the term “Remittance Advice” is not a common keyword, the phishing email passes your security filter and is delivered to your inbox. The email includes an image that looks like an attachment. If you click to download the attachment, you’ll actually be clicking on an image that links you to a dangerous phishing site.
Here’s how you can stay safe from scams like this:
An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, you get a dangerous cybersecurity threat.
The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one-thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches.
Here’s how you can stay safe from scams like this:
If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.
You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.
Don’t be fooled! Remember these tips:
In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.
This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:
Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.
Don’t fall for these tricks! Remember the following tips:
Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.
Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:
While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:
The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.
How many red flags did you see? Remember the following tips:
As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.
Instagram influencers often host special giveaways to raise brand awareness. Typically followers are asked to comment on the post for their chance to win. Unfortunately, bad guys then use these comments to target their victims. You may receive a message from someone spoofing the influencer’s account or claiming that they work with the giveaway host. Then, you are told that you won the giveaway, but that you need to pay a shipping fee or provide some personal information. Any information provided goes straight to the cybercriminals. Don’t fall for it!
Here are some tips to stay safe from influencer scams:
Google recently removed a number of dangerous mobile applications (apps) from the Google Play store. These were disguised as generic VPN and audio control apps that appeared to be safe, but once installed, they tricked victims into allowing downloads from untrusted sources.
If you download a disguised app and fall victim to this scam, a dangerous piece of malicious software (malware) is installed on your device. The malware adds malicious code into your financial apps, giving the bad guys access to your banking and credit card accounts. Over time, cybercriminals use this malware to gain complete control over your device and use it however they please.
This is not the first time that malicious apps were found on Google Play or on the Apple app store—and it won’t be the last. When you download applications, remember these tips:
Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!
The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you've got more questions regarding this letter don't hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.
Here’s how you can stay safe from similar attacks:
LinkedIn is a networking site used to connect with colleagues, employers, and other business contacts. Even though LinkedIn is designed for professionals, it is just as vulnerable as any other social media platform.
In a recent scam, cybercriminals use stolen LinkedIn accounts to message the contacts of those accounts. The message includes a link to a “LinkedInSecureMessage”—which is not a service that LinkedIn provides. The link takes you to an official-looking page that includes the LinkedIn logo and a “View Document” button. If you click the button, a phony LinkedIn login page opens. Information entered on this screen will be sent straight to the cybercriminals who will likely sell your account for use in similar social networking scams.
Don’t fall for it! Remember these tips:
Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:
Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.
How many red flags did you see? Remember the following tips:
Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.
A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.
Follow these tips to stay safe from similar scams:
A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.
The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.
Here’s how you can stay safe from scams like this:
A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We've permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.
Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.
While this is an advanced attack, you can still stay safe by practicing the tips below:
Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.
Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
While this is an advanced attack, you can still stay safe by practicing the tips below:
Let’s be honest, the age of social distancing can leave us feeling lonely. To make matters worse, bad guys are leveraging our loneliness for their scams. Romance-related scams are growing more popular and more complex.
In the latest romance-related scam, bad guys use a dating app to find their target, build a relationship, and establish trust. Once you trust them, the scammer will share financial tips and invite you to an exclusive investment site—which is actually a scam. Your new “friend” will guide you through opening an account, buying financial products, and building your investments. Then, one day, all communication stops and you’re left wondering where that money has gone.
Don’t fall for it! Remember these tips:
While the world continues to navigate life during a pandemic, countless families and individuals are struggling financially. In a truly malicious response to the situation, scammers are launching phishing attacks that claim to offer financial assistance to those in need.
The phishing email impersonates your local government and it states that you are eligible to receive financial aid. You’re directed to click a link in the email for more information. If you click the link, you are taken to a phony government website. The site asks for personally identifiable information, including your social security number. Once you’ve provided this information, the site claims that you will be contacted regarding your aid. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.
Here’s how you can stay safe from scams like this:
Last week, a rally held in the United States Capitol escalated when protestors stormed the Capitol building. This event was later linked to posts on the social media platform Parler. The controversial events at the Capitol and related use of Parler has led both Apple and Google to remove the app from their respective app stores.
Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing this event and the Parler app in their phishing attacks and social media disinformation campaigns.
Here are some tips to stay safe:
With stay-at-home orders in place across the globe, many people are buying new pets to help them feel more connected. Unfortunately, shoppers who are looking for a furry friend may be in for a big surprise. Cybercriminals are creating phony online pet shops that advertise unbelievable prices on purebred pups.
These malicious pet shop sites include poorly-written testimonials from alleged buyers that often don’t make sense. For example, one testimonial claimed that their “German Shepherd baby had hatched”. If you overlook these phony testimonials and click the “Buy Me!” button under the photo of an adorable puppy, you’ll be taken to a contact page to begin your email conversation with the supposed seller. Via email, the scammers will ask you to pay for your pup using Bitcoin or a service provider, such as Paypal. Of course, any money you send goes straight to the bad guys and you’ll never receive your pup.
Here are some tips to avoid this ruff scam:
MasterCard Login