If you receive a call or text from someone claiming to be from GenFed requesting personal information, do not respond or provide information.  GenFed will never call or text members to ask for personal information.  Always call your local branch to verify.  More Info.

Close mobile menu
Online Banking Login
mastercard logo MasterCard Login
Apply for a Loan
Open an Account
Locations
Interior Hero Desktop Test
Interior Hero Mobile Test

Cyber Scam of the Week

Home > About > News & Events > Cyber Scam of the Week

caption curve

Should I Provide Personal Information?  ALWAYS use Caution!!

NEVER enter personal details including account numbers, PINs or Social Security Numbers into a web page link that has been sent to you via email or text. GenFed Financial will never request personal information from members via email or text. If you have entered account information from a link in an email or text claiming to be from GenFed Financial, call your local branch.  

If you receive a call from someone claiming to be from GenFed, (GenFed and GenFed's number may even show on your caller ID!) and you are asked for personal information, hang up and call your local branch using a phone number you know or look up.  Occasionally, GenFed may call you to ask for information to verify your identity or a transaction.  Always use caution when providing personal details to anyone that calls you.

6/13/24 - Be on Patrol for these Fake Calls

In this week’s scam, cybercriminals are impersonating U.S. Customs and Border Protection (CBP) agents. The scammers call you and claim that CBP has intercepted drugs or money shipments that are addressed to you. They insist that you must confirm personal details to help them resolve the case. If you refuse to cooperate, the scammers threaten to send police to arrest you. 

To seem more credible, the scammers may provide actual CBP employee names and numbers that they find online, as well as fake case and badge numbers. In some cases, there is a recorded message that says to press a number to speak to a "CBP officer" about an intercepted shipment. The real CBP stresses that these calls are complete scams and that the agency never requests money or personal information like Social Security numbers over the phone. 
 
Follow these tips to avoid falling victim to a Border Patrol phone scam:
•    The CBP will not call you to request money or financial information. If you receive a call asking you to share personal information, it’s best to hang up and contact the government agency directly at a verified number.
•    This particular phone scam impersonates the CBP, but remember that scammers could call you and impersonate any government entity.
•    Scammers rely on scaring you into making an impulsive decision. If you receive an unexpected phone call urging you to take action, be extra cautious. It could be a scam.
 

6/5/24 - Malware Office Suite

“You get what you pay for,” and this week’s scam is no exception. Cybercriminals are distributing a “free” pirated version of Microsoft Office across torrenting websites. The catch is that it’s actually malware. If you download and install it, the malware can begin harvesting your personal data.

If you download the malicious Microsoft Office file, the installation process appears to be legitimate. The installer looks professional and even allows you to select the version of Microsoft Office you would like to install. However, if you run the file, malware will install on your computer. The malware is designed to avoid detection from most antivirus systems. Even if your antivirus software scans and removes it, this particular malware can re-install itself afterward. This “free” version of Microsoft may actually cost you something after all - your personal data!
 
Follow these tips to avoid falling victim to a malware scam:
•    Never download software from unofficial sources. A pirated version of the software isn’t an official release, and it may contain malware. 
•    If something is too good to be true, it probably is. Microsoft Office is a software that you would normally pay for, and a free version isn’t likely to be legitimate.
•    Be sure to follow your organization’s instructions regarding antivirus software and data backups. Having updated software and data backups can help to protect your machine from a malware infection.
 

5/29/24 - These Banking Emails are Counterfeit

In this week’s scam, cybercriminals are sending out phishing emails that claim to be from many different banking organizations. By impersonating different banks, the cybercriminals hope to trick even more people into clicking on malicious links. The emails all have different images and text, depending on which bank the cybercriminals are impersonating. However, all the emails claim that you need to take urgent action and download an attachment.

No matter which email you receive, there will be a link to an attachment. If you click the link, the attachment will download and display a clickable image of a PDF logo. If you click the image, malware will begin installing on your device. This malware can then gather personal data and financial information and even steal email addresses from your email inbox. The malware can then send similar phishing emails to all of your email contacts! 
 
Follow these tips to avoid falling victim to a malware scam:
•    Scammers rely on creating a sense of urgency to trick you into clicking on links. If you receive an unexpected email, always stop and think before you click.  
•    In this situation, the email claims to be from your bank. Instead of clicking on a link in the email, you should contact your bank directly to verify if action is needed.
•    Be sure to follow your organization’s instructions regarding security updates and antivirus software. By keeping your software up to date, you can help protect your device from a malware infection.
 

 

5/22/24 - Don't be Fooled by Spear Phishing

In this week’s scam, cybercriminals are trying to scam you by sending you text messages from an unknown number claiming to be from your boss. The texts contain a lot of detailed information about your workplace, making them seem legitimate. They seem legitimate because the scammers research your organization and manager before texting you. They use the information they find in their research to try and trick you into believing that you are actually speaking with your manager. This scam is a type of personalized phishing attack known as spear phishing.

The scammers send casual messages about your organization to put you at ease before moving to what they really want—money. They tell you that they have a business expense that they urgently need to pay for. Then, they ask you to send them money using a cryptocurrency such as Bitcoin. If you send it to them, the money will go directly to the cybercriminals. You may then need to speak to your real manager to explain what happened!
 
Follow these tips to avoid falling victim to a spear phishing scam:
•    Be skeptical if you receive a message from an unknown number, especially if you are being asked to act urgently.  
•    Any unexpected financial request should be treated very cautiously. It is highly unlikely that your actual manager would ask for you to send them money using cryptocurrency.
•    If you receive an unusual message, follow your organization’s reporting policy. Others in your organization may be receiving similar messages. By reporting the message quickly, you can help prevent other attacks from being successful.
 

5/15/24 - Government Phishing

Cybercriminals like to manipulate people into acting on impulse because anyone can fall for this trick, even government officials. In this week’s scam, a Russian hacking group is targeting members of the Polish government with an enticing phishing email. The email contains a link that claims to provide information about a mysterious person who has been in contact with Polish government authorities.

If you click it, the link redirects you through multiple websites before reaching an archive of .zip files. This archive contains a malicious file that is disguised as a photograph. If you open the file, a distracting image is displayed while the malicious software secretly downloads onto your device. Once installed, the malware can collect your sensitive data and send it back to the hackers.
 
Follow these tips to avoid falling victim to similar scams:
•    Avoid clicking on links in emails, especially if the email is not expected. 
•    Phishing emails may contain alarming or sensitive topics to try and trick you into clicking on a link. Always be mindful any time an email is encouraging you to take action.
•    If an email seems suspicious, always follow your organization’s reporting policy. An email that is reported quickly can help to protect your organization from a larger phishing attack.
 

5/8/24 - Mystery Box Mayhem

If something seems too good to be true, it usually is, and this recent phishing scam is no exception. This week, cybercriminals are sending an email that appears to come from the online retailer Shein. The sender’s email address isn’t from a Shein domain, and the email does not contain any official logos or branding. However, the email claims that you have won a Shein Mystery Box and encourages you to click a link to claim your prize.

If you click the link, you’ll be taken to a website with a URL different from the official Shein website. You’ll be instructed to enter your personal information there so that you can receive the mystery box. Of course, this is a fake website that is controlled by cybercriminals. If you enter your information here, they will be able to steal it immediately.
 
Follow these tips to avoid falling victim to a phishing scam:
•    Check other sources to verify the legitimacy of an email. In this case, the email claims that Shein is giving away a mystery box. If this were a real giveaway, Shein’s official web page would contain more information. 
•    Hover your mouse over the link in the email. This action will allow you to see the webpage URL where the link will direct you. In this case, the website URL is not connected to Shein.
•    Pay close attention to the sender and body of the email. This phishing email sender doesn’t appear to be related to Shein. The body of the email doesn’t contain logos or branding, meaning that it is unlikely to be an official email.
 

 

5/1/24 - Fake Login Fiasco

Scammers frequently try to trick you into clicking on malicious links in emails by making them appear legitimate. In a recent scam, they are trying to trick you with an email that appears to be related to your Microsoft account security. The email says that there has been some unusual activity on your account and that many of your account’s features have been locked. There is a link in the email, along with instructions to click it so that you can review all activity on your account.

If you click the link, you’ll be taken to what appears to be a Microsoft login page. However, the login page is actually fake, and you won’t be taken to your Microsoft account if you enter your login information here. Instead, entering your user credentials on this page will allow cybercriminals to steal them. Once they have your username and password, they can use them to access your account and steal your personal information.
 
Follow these tips to avoid falling victim to a phishing scam:
•    Scammers will often try to scare you into acting impulsively. Always stop and think before clicking, especially if an email is instructing you to act quickly.
•    Pay attention to the details of the email. Phishing emails will often contain spelling and grammatical errors, or the wording of the email may seem unusual.
•    Navigate to the official website in your browser whenever possible. Clicking a link in an email may direct you to a fake or malicious website.
 

4/24/24 - Cheaters Never Win

Cybercriminals often find creative ways to spread malware, and this recent scam is no exception. They are posting malicious links in the comment sections of video gaming websites and forums. If you click on one of the links, it will download a .zip file for a program called Cheat Lab. The software is enticing to gamers since it claims to help them cheat at their favorite games. The software doesn’t actually help players cheat, but it does help cybercriminals gain access to your personal data.

At first glance, Cheat Lab appears to be a legitimate program and even has an activation code. If you install it, there is a message with an offer to receive a free version of the software if you send it to your friends. However, the program is actually malware. Once you have installed it, cybercriminals will gain access to your sensitive information. Even worse, if you follow the instructions in the message and send it to all your friends, cybercriminals might also gain access to your friends’ data! 
 
Follow these tips to avoid falling victim to a malware scam:
•    Be skeptical of offers and deals. If you find a link for a free product that seems too good to be true, it probably is.
•    When downloading software, be mindful of the source. Legitimate companies do not distribute their software by posting links in comments. You should only download software from a trusted company or source. 
•    This scam targets gamers, but similar tactics could be used against anyone. Always stop and think before clicking on a link.
 

4/17/24 - Toolway Turmoil

Scams that occur over text messaging are called smishing scams. This week, cybercriminals are using smishing to target motorists. They send a fake text message claiming that you have a toll due for driving on the Pennsylvania Turnpike. The toll is not for a large amount, but the message says that if it isn’t paid immediately, you will be charged additional late payment fees. 

There is a link in the text message, and you are instructed to tap the link in order to settle your balance. However, the text message is actually from cybercriminals, and if you tap the link, it could take you to a fake payment website. Cybercriminals use fake websites to steal your login credentials, take your money, and install malware on your phone. Always stop and think before you click! 
 
Follow these tips to avoid falling victim to a smishing scam:
•    Be cautious when making a payment after receiving a text message. You should always visit the official website of the organization to make a payment instead of clicking the link in the message.
•    Always stop and question if a message is expected prior to taking action. If you have not recently driven on the tollway,  receiving a message regarding paying a toll would be very suspicious. 
•    This smishing scam targets drivers on the Pennsylvania Turnpike. But this sort of scam could target tollways in any location.
 

4/10/24 - Unsecured Security App

In this week’s scam, cybercriminals are spreading malware by using a fake security app. They send you a text message that says a large financial transaction has just occurred using your bank account. It instructs you to call a phone number if you have not authorized the transaction. Of course, the transaction never occurred, and the cybercriminals are trying to scare you into acting impulsively.

If you dial the number, you’ll be connected to a cybercriminal who will instruct you to download a security app. The app is disguised as an official McAfee Security product and is designed to take control of your device. If you install it, cybercriminals will use it to steal your data, and they will have complete control of your phone. Once they have control of your phone, they can install other malware and access your personal information.
 
Follow these tips to avoid falling victim to a fake app scam:
•    Only download apps from an official source, such as the Google Play Store or the Apple Store. Apps available on official platforms are tested for security and are far less likely to be malicious.
•    If you receive an unexpected text message regarding a large transaction, contact your bank directly using the information provided on their official website. Do not communicate using the information provided in the text message. 
•    Always stop and think before taking action. Scammers use scare tactics to create a sense of urgency to get you to act without thinking.
 

4/3/24 - Suspicious Smishes

Cybercriminals often use text messages to try and trick you into clicking on malicious links, a method known as “Smishing.” In a recent scam, they send a fake text message that says a package is unable to be delivered to you. The text contains a link, but it may not be clickable. There is a security feature on many smartphones that automatically disables links in unexpected messages. So, the cybercriminals will instruct you on how to bypass the feature. The message says to copy and paste the link into your browser to open it. There is a sense of urgency to the message. It says that you must use the link to confirm your delivery information in 12 hours in order to receive your package.

If you follow the instructions and open the link, you will be taken to a web page that appears to belong to the package carrier. You will be asked to enter your personal or financial information on the website. However, the website is fake, so entering your personal details will allow cybercriminals to steal this information. 
 
Follow these tips to avoid falling victim to a smishing scam:
•    In this case, the instructions ask you to paste the link into your browser in order to open it. Be aware of unusual instructions in a text message. The message also instructs you to take action quickly. Cybercriminals frequently use this technique to try and trick you into acting impulsively.
•    It is suspicious to receive a text message for a package delivery if you are not expecting a package. Always ask yourself if the message is expected. 
•    Do not tap on links in an unexpected message. It’s always safer to navigate to the official website in your web browser. 
 

3/27/24 - Fake Financial File Phishing

In a recent phishing email scam, cybercriminals use vague financial terms that attempt to make you curious enough to click the attachment in the email. The subject of the email is “Remittance Summary,” and the malicious attachment is named “Payment Advice.” The body of the email only says, “Find attached payment advice for remittance.. Kindly revert.” The sender of the email appears to be legitimate, but it is actually sent from a fake sender address. If you download the PDF file, the malware will begin installing on your computer.

The attached malware is designed to gather sensitive information from your device. It can find personal data stored in your web browser, such as login credentials. It can also install a keylogger, which is a type of malware that records every key pressed on your keyboard. Whenever you enter your username and password, the keylogger can record exactly what you’ve typed and send it directly to the cybercriminals.  
 
Follow these tips to avoid falling victim to a financial phishing scam:
•    Be skeptical. If an email looks suspicious or contains unusual grammatical errors, immediately report it to your organization.
•    Check the email address carefully. Cybercriminals will often use email addresses that appear very similar to legitimate senders.
•    Never download unexpected attachments. If you’re not expecting an attachment or the email is from someone that you don’t know, don’t open it.
 

3/20/24 - Leave a Message After the Phish

It’s no secret that cybercriminals are using AI technology to craft phishing emails, but did you know AI can also help them with voice phishing (vishing)? It’s surprisingly easy to teach AI software to sound like a specific person. All they need to recreate your voice is a short audio clip, like one from a recorded phone call or a video posted to social media. Once the cybercriminals have your voice, they can easily target friends, family members, and coworkers with AI-powered vishing.

Cybercriminals often use this tactic to impersonate managers and executives of an organization. In this scam, you receive an unexpected call from upper management asking you to help with an urgent project. The voice will direct you to wire money to a vendor in order to meet a looming deadline. Of course, if you follow their directions, you’ll actually be wiring money to the cybercriminals instead. 
 
Follow these tips to stay safe from AI-powered vishing attacks:
•    When you receive an unexpected message, contact the person using a reliable source. You can use a phone number you have on file, an official email address, or a messaging system like Teams or Slack.
•    If you’re speaking to the caller directly, ask questions that would be difficult for an imposter to answer correctly.
•    Even if the request is urgent, stop and think before you take action. Ask yourself questions like: Is this something in my job description? Or is there a procedure this person should follow?

3/13/24 - Invitation to a Malware Party

Cybercriminals recently targeted European diplomats by impersonating representatives for the ambassador of India. They each received a fake invitation to an exclusive wine-tasting party. But, the invitation was actually a trick to install malware onto their devices. This type of scam could be used to target anyone, so let’s take a closer look at how it worked.

The scam starts with a simple phishing email that includes an attached PDF file. The PDF file is a convincing invitation to a party, complete with official-looking letterhead and contact information. The invitation asks you to complete a questionnaire in order to reserve your spot. If you click the questionnaire link, you are redirected to a website that automatically downloads malware onto your device. Once installed, the malware hides on your device and sends data back to the cybercriminals. 
 
Follow the tips below to stay safe from similar scams:
•    Be cautious of unexpected and exciting opportunities. Remember, if something seems too good to be true, it probably is!
•    When you receive an email or invitation, stop and look for red flags. Consider the timing of the invitation and look for any spelling or grammatical errors.
•    Never click a link or download an attachment in an email that you weren’t expecting. 
 

3/6/24 - Tax Attacks

Millions of people around the world are paying their taxes this time of year, and cybercriminals are hoping to get paid, too. In this week’s scam, they’re taking advantage of tax season by trying to trick you into opening an email and downloading a malicious PDF attachment. The email they send looks like a government form and includes a link to download the PDF attachment. The scammers even include helpful instructions for pasting the web page URL into your browser in case the link isn’t working.

Clicking the link will redirect you to a fake webpage and initiate a file download. Malware is installed on your computer once the file downloads. Remember, cybercriminals don’t only want your money—they also want your data! And they can use this malware to steal your user credentials and other personal data. 
  
Follow these tips to avoid falling victim to a tax scam:
•    The latest software versions for devices often contain security updates. Make sure that your devices are running the latest software updates recommended by your IT team.
•    Follow your organization’s instructions for reporting any suspicious emails that you receive. Quickly reporting suspicious emails can help keep your organization safe!
•    Be skeptical of unsolicited emails from the government or other financial entities. Always double-check with the organization that sent the form if you have doubts about its authenticity.
 

2/28/24 - Phony Utility Ads

Search engines, like Google, are so popular that many people use the search feature instead of typing a URL. For instance, people may quickly search for their electricity provider's name to find the online payment portal. And for this week's scam, that's exactly what cybercriminals want you to do. This scam tries to trick you into clicking on a fake ad instead of the billing portal that you’re trying to find. The scammers purchase a variety of fake utility payment advertisements, and you see those ads during your searches. They know that they can trick you more easily if you contact them instead of them reaching out to you.

If you click on one of these ads, you will be prompted to dial a phone number. Dialing the number puts you directly in contact with a scammer. They may try to scare you by saying your bill must be paid immediately. Or they may tempt you with an offer to help you save money—but only if you act now. Neither the advertisement nor the person you are talking to is legitimate. Paying them won’t help with your utility bills, but the scammer might use you to help pay their own bills!
  
Follow these tips to avoid falling victim to a utility bill scam:
•    Remember, anyone can purchase an advertisement. Be cautious when clicking on ads, even if they seem relevant to you.
•    Scammers often ask you to make payments using unusual methods, such as gift cards or money transfers. If something seems strange about a financial transaction, stop immediately!
•    If an offer seems too good to be true, it probably is. Always stop and think before taking action.
 

2/21/24 - Remote Desktop Robbery

In this recent scam, cybercriminals are trying to trick you into downloading software that they can use to access your computer. They start by sending you a fake email that appears to come from your bank. The email says that there is an issue with your account and that their team needs to investigate. Of course, there isn’t actually an issue, but the scammer offers to help you fix it.

Scammers often use fake emails to trick you into downloading malicious files. But in this scam, they have you download legitimate remote desktop software that is normally used by IT professionals to assist you. In this case, even though the software you downloaded is legitimate, the person who is asking you to install it is a scammer. If you allow them to access your desktop, they have full control of your computer. Then they can request passwords or other login information from you to gain access to your financial accounts and data.
  
Follow these tips to avoid falling victim to a remote desktop scam:
•    Be suspicious of any unexpected emails claiming that there is an issue with your account. If you have reason to believe the request is genuine, contact your bank using a verified number or email address.
•    Never give control of your computer to someone who contacts you, even if they claim to be from your bank or tech support.
•    Never share passwords or login information with anyone. This data is personal, and your bank will never ask you for it.
 

2/14/24 - Deepfake Deception

AI scams are becoming more frequent, and they’re also becoming more sophisticated. In a recent scam, cybercriminals demonstrated just how convincing AI fraud can be by faking an entire video call. In fact, the scammers were able to steal over 200 million Hong Kong dollars by emailing an employee and pretending to be their organization’s Chief Financial Officer (CFO).

The fake CFO asked the employee to make a secret financial transaction. He initially dismissed the email as a phishing attempt. But later, he was lured into attending what he believed was a video meeting with the organization’s CFO and other employees. The meeting attendees looked and sounded exactly like coworkers that the employee recognized, but they were all deepfakes. The scammers used AI technology to create believable video and audio of the CFO. After the meeting, the employee was convinced that the financial request was genuine and he sent the payment as requested. 

As AI scams continue to become more realistic, it’s more important than ever to learn how to spot them! Follow these tips to avoid falling victim to an AI scam:
•    Always be wary of requests that are being sent in an unusual way. Receiving a secret financial transfer request, even from a CFO, isn’t likely genuine!
•    Trust your instincts. 
•    Cybercriminals typically try to get you to act impulsively. Always stop and think before taking action.
 

2/7/24 - Microsoft Teams Chat Attach

As people become more aware of phishing emails, cybercriminals are forced to turn to alternative platforms to trick their victims. For example, many organizations use Microsoft Teams as a messaging and communication platform. But did you know that it can also be used for phishing attacks?

Microsoft Teams allows users who are not part of your organization to message you. Cybercriminals recently exploited this feature to send phishing messages to Microsoft Teams users. The message includes a malicious file disguised as a PDF attachment. The scammers make the file look like a PDF file to trick you into thinking that you are downloading a normal attachment, but it’s really an installer file in disguise. The file actually contains malware that is installed once the file is downloaded.
  
As cybercriminals continue to find new attack methods, it’s more important than ever to remain alert! Follow these tips to avoid falling victim to a Microsoft Teams phishing attack:
•    Be suspicious of unexpected messages, even if they appear to come from a trusted source, such as Microsoft Teams. When in doubt, always attempt to verify the authenticity of the person who sent you the message!
•    File names aren’t always what they seem. Always be sure that an attachment is legitimate before you click on it!
•    Remember, this type of phishing attack isn’t exclusive to Microsoft Teams. Scammers could use this type of attack on any messaging platform.
 

1/31/24 - I Can't Believe my Credentials are Gone

This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.

Scammers use compromised Facebook accounts to post these “I can’t believe he is gone” phishing links. The posts appear to come from your friends and family, which makes this phishing attack very convincing. If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family. 

Follow these tips to avoid falling victim to a Facebook phishing attack:
•    When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
•    A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
•    Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.
 

1/24/24 - This Fake App Takes the Cake

This recent scam is impressively complex. The cybercriminals start by impersonating law enforcement officers. They contact you, claiming that your bank account may have been involved in financial fraud. You’re then asked to download a mobile app to help them investigate further. If you download the app, the cybercriminal walks you through the steps to set this scam in motion. 

First, you are given a case number. When you search for that number in the app, you’ll find legal-looking documents with your name on them. These documents make the scam feel more legitimate. Once your guard is down, the app asks you to select your bank from a list and then enter your account number and other personal information.

The most clever part of this scam is what the app does in the background. When you first install the app, it blocks all incoming calls and text messages. That way, you won’t be alerted if your bank attempts to contact you about unusual behavior on your account. If all goes as planned, the cybercriminals will steal your money and sensitive information before you know what happened. 

No matter how advanced the app is, you can stay safe from scams like this by following the tips below.
•    Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites—including cybercriminals.
•    Be cautious of scare tactics that play with your emotions. Cyberattacks are designed to catch you off guard and trigger you to reveal sensitive information.
•    If you’re contacted by someone claiming to be in a position of authority, like law enforcement, ask them to confirm their identity. Real officials will understand your concerns and can provide information that doesn’t require you to download an app.
 

1/17/24 - These Crypto Ads are a Real Drain

Have you seen online ads stating you can make tons of money with cryptocurrency? Be careful –many of these ads are scams. Social engineers want to make you think you can get rich quickly. But they are trying to trick you into providing personal information.

Recently, cybercriminals have exploited advertisements on X, better known as Twitter. They use the ads to promote websites that lead to crypto scams. If you click on the ad, you will arrive on a page that asks you to set up an account on a fake site. To exchange cryptocurrencies like Bitcoin, you need a crypto wallet. So, you will be asked to connect this fake account to a crypto wallet. Since you are on a malicious phishing page, it drains the cryptocurrency from your connected wallet. Then, it will send your cryptocurrency to the cybercriminal’s account.

Follow these tips to avoid falling victim to one of these scams:
•    Think before you click. If an ad makes huge promises or pressures you to act fast, don’t trust it. 
•    Set up an ad blocker on your internet browser. The blocker stops many ads from showing up, so you won't see or click on harmful ones.
•    Stick to sites you trust. Stay away from ads on websites or social media that you're not familiar with.
 

1/10/24 - Ransoming Businesses Is a Successful Business

On Christmas Eve, cybercriminals targeted three hospitals in Germany using Lockbit 3.0 ransomware. Ransomware is a type of malicious software that infects computers and networks. It holds data and other sensitive information “hostage” in exchange for payment. If you refuse to meet their payment demands, the cybercriminals could destroy the files. Or they could make them available to the public, resulting in data theft and leaks of sensitive information.

Ransomware as a Service (RaaS), such as Lockbit 3.0, has become a successful business model for cybercriminals. It is often marketed to scammers who are looking to use ransomware to target specific organizations. Far from being an amateur operation, RaaS groups operate like legitimate businesses. They have professional websites, customer service teams, and even supporting documentation. All are designed with one purpose – to help scammers steal data!

Follow these tips to avoid falling victim to a ransomware attack:
•    Always be mindful of a sense of urgency in emails. Never click on links or attachments without first verifying their legitimacy.
•    Trust your instincts! If something seems suspicious, always verify before clicking.
•    Ransomware can strike at any time.  As a user, it’s important to remain alert and cautious.
 

1/3/24 - This Fake PDF File is a Real Threat

Even as the holiday season comes to an end, cybercriminals continue to target holiday travelers in a recent scam. This scam starts with a simple phishing email and an attachment that appears to be a hotel invoice. Unfortunately, the attachment isn’t an actual PDF file. It’s a complex attack designed to steal your sensitive information. 

If you happen to download and open the attachment, an error message appears. The message claims that you need an update in order to view the PDF file. But the file isn’t actually a PDF document, and the error isn’t actually for an update. In reality, the file is a form of malware, and if you agree to the update, you’ll launch that malware. Once launched, it quickly scans your device, collects your sensitive information, and sends it to the cybercriminals. This malware helps the scammers start off the new year with their ideal gift—your personal data!

Follow these tips to stay safe from similar scams:
•    Cybercriminals are counting on you to click without thinking. Never open attachments received from an unexpected email.
•    If you booked a hotel for the holidays and received an email about it, check for details that confirm the email’s legitimacy, such as the reservation number, check-in time, and room details.
•    Remember that this type of attack isn’t exclusive to travel invoices. Cybercriminals could use this fake PDF file technique in a number of scenarios.
 

12/27/23 - Easy Income is an Easy Scam

Countless people around the world are experiencing economic strain. It’s no surprise that cybercriminals are ready to take advantage of this situation. In fact, they’re using a unique social engineering tactic to gain your trust and steal your money. 

In a recent scam, cybercriminals claim you can earn cash by simply liking YouTube videos. To convince you that the job is legitimate, they send you a few dollars after your first day of “work.” Later, you’ll be offered an opportunity to join an exclusive list of VIPs who make even more money. Of course, you’ll have to invest to become a VIP. How much? Up to $1,000. Once paid, you can expect the cybercriminals to take the money and run.

Follow these tips to stay safe from similar scams:
•    Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic offers to lure you into their scams.
•    This attack exploits the excitement and hope of earning easy money. Don’t let cybercriminals play with your emotions.
•    Legitimate businesses will never ask you to pay money to get a job. Anyone who asks you to do so is trying to scam you.
 

12/21/23 - An Early Tax Reminder from the IRS

The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams. 

Tax scams aren’t specific to the US. Around the world, cybercriminals are readying their phishing emails and text messages (smishing). Handling your taxes is often a difficult task. So, bad actors use this sensitive topic to catch your attention or manipulate your emotions. 

Follow the tips below to stay safe during tax season:
•    Know what to expect from your local revenue agency. For example, in the US, the IRS typically contacts taxpayers by mail, not email or text. 
•    Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
•    Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed. 
 

12/13/23 - Disney+ Phishing Deal

Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. These emails are often fake notifications that encourage you to make a call to correct an error. A recent scam impersonating the popular streaming service Disney+ is a great example of this tactic.

In this scam, cybercriminals send an email that appears to be an invoice from Disney+. The email states that you will be charged for a new subscription and directs you to call the number provided if this was an unauthorized purchase. To make the email more alarming, the amount of money shown is three times the advertised price of a monthly subscription. If you call the number in the email, a cybercriminal posing as customer services will answer. They will ask you for sensitive information, like your payment method, and may even try to gain remote access to your device.

Follow these tips to stay safe from callback phishing scams:
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to act impulsively.
•    Consider the email’s context, timing, grammar, and other details. For example, does the invoice reference your real credit or debit card?
•    Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.
 

12/6/23 - Smishing is All the Rage

According to a recent report from security vendor Zimperium, you are six to ten times more likely to be tricked by SMS phishing (smishing) than traditional email phishing. Cybercriminals love these odds, so smishing has become extremely popular. It’s important to understand the significance of these attacks and how to stay safe. 

This surge in smishing attacks also comes with new threats. For example, did you know that you could get malware on your mobile device? In fact, Zimperium reported a 51 percent increase in mobile malware samples in 2022. The report also states that 80 percent of malicious websites function on mobile browsers. This means that cybercriminals are specifically designing their attacks for use on mobile devices.

Follow the tips below to stay safe from smishing attacks:
•    Think before you tap. Cyberattacks are designed to catch you off guard and trigger you to open links impulsively. 
•    Consider the origin of the text message. Did you sign up for SMS alerts? Is the message similar to other text messages you’ve received from this organization?
•    Never log in to an account from a link in a text message. Instead, navigate to the organization’s official website to log in.
 

11/29/23 - Post Shopping Scams

Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.

Two common post-shopping scams are fake shipping delays and unexpected purchase confirmations. Typically, these scams include a sense of urgency designed to catch you off guard in the hopes that you will click impulsively. You may be directed to click a link for tracking information or download a receipt for an expensive order that you did not place. These emails can be alarming, but if you take your time, they are easy to catch.

Use the tips below to spot post-shopping scams:
•    If you are expecting a package and receive a related email, look for details such as the order number, purchase date, and payment method.
•    If you receive a notice from a retailer, don’t click any links in the email. Instead, use your browser to navigate directly to the retailer’s official website and look up your order there. 
•    Remember to stop and look for red flags. For example, see if the email was sent outside of business hours or lists prices in a currency that you don’t typically use.
 

11/22/23 - A New Spin on Callback Phishing

Earlier this month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic. 

In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization. 

Stay safe from similar scams by following the tips below:
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
•    Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?
•    Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.

 

11/17/23 - Unbottling the Soda Phish

A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a  seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.

In this phishing attempt, these cybercriminals spoof the email address to appear as if it's from PepsiCo. They even use an actual PepsiCo employee's name in some cases. The email uses common business terms to be more convincing. It also has a sense of urgency, threatening a consequence if you don't quickly respond. This urgency and the recognition of the PepsiCo brand increase the likelihood that you’ll take the bait. 

Follow the tips below to stay safe from similar scams:
•    Even if the sender appears legitimate, verify the email address and contact the organization through a different method, such as an official organization phone number. 
•    Beware of urgent requests. Take a moment to review and think critically, especially if the email includes a response deadline.
•    Avoid opening attachments or clicking links from unsolicited emails. 
 

11/8/23 - Amazon's Not-So-Real Alerts

Have you noticed any suspicious PDF attachments in your Microsoft Outlook recently? There has been a surge in phishing emails with PDF attachments sent to Outlook users over the last several months. Many of these emails are Amazon-themed phishing scams that are focused on targeting Outlook users in North America, Southern Europe, and Asia.

In this scam, cybercriminals are posing as Amazon support and sending notifications claiming that your Amazon account is on hold due to billing errors. The email urges you to resolve this issue by clicking a link to update your billing information. The cybercriminals cleverly hide their malicious intent behind URL shorteners and other tricks, making these unsafe links hard to spot. If you click one of these links, you’ll be sent to a fake website designed to steal your login credentials or credit card information. The PDF files attached to these phishing emails also contain malware, which can cause security risks if you download them to your device. 

Follow the tips below to stay safe from similar scams:
•    Always be suspicious of unexpected emails, particularly if they ask for personal or financial information.
•    If you receive an email claiming that you need to verify information on your account, navigate directly to the official website instead of clicking on a link. 
•    This attack isn't exclusive to Outlook users. Anyone who uses email can be exploited, so be careful with the emails you receive.
 

11/1/23 - Job Offer or Digital Danger?

Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail. 

In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description. If you click on the link, you’ll be sent to an unsafe website that will lead you to malware-infected Google Drive files. If you download these files, the cybercriminals can gain access to your internet browser's cookies and session data. This information helps them steal your login credentials and other sensitive information.

Follow the tips below to stay safe from similar scams:
•    Be suspicious of unexpected LinkedIn messages, especially those with job offers from unfamiliar sources.
•    Confirm that the person you’re speaking to is actually who they say they are. Look up the organization on official websites to verify job offers. 
•    Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic job offers to lure you into fake websites to access your sensitive information.
 

10/25/23 - Summit Sabotage

Earlier this year, an established cybercriminal group targeted the Women Political Leaders (WPL) Summit held in Belgium. Summits and conferences provide a unique opportunity for cybercriminals to target people of power or those who are experts in their field. Whether you’re a speaker or an attendee, this attack is a great learning opportunity.

In this scam, the cybercriminals created a malicious website that looked like the official WPL Summit website. Then, they invited attendees of the WPL Summit to download photographs from the event. If downloaded, you would receive a ZIP file that contained legitimate photographs. Unfortunately, the file also contained a downloader for a popular piece of backdoor malware. Once installed, the cybercriminal group could monitor your device and steal sensitive information.

Follow the tips below to stay safe from scams like this:
•    Stop and think before downloading anything from the internet. This type of cyberattack relies on impulsive downloads. 
•    Always hover your mouse over a link to make sure that it leads to a legitimate and relevant website. Cybercriminals can easily make a website look official with logos and copied designs.
•    Keep your devices up to date. Software updates often include security patches to protect you against known vulnerabilities.
 

10/18/23 - Scams Related to the Israel-Hamas War

The recent Israel-Hamas war has made headlines worldwide. As usual, cybercriminals have been quick to take advantage of the dreadful news. Cybercriminals often use high-profile news events for disinformation campaigns, which include false information designed to intentionally mislead you. 

Stay alert in the coming weeks, as cybercriminals are already referencing the war in social media disinformation campaigns. Last week, videos were posted on X, formally known as Twitter, that claimed to be footage of the Israel-Hamas war. These videos were actually from video games and fireworks celebrations, but they still went viral.  Cybercriminals can use disinformation like this to try to catch your attention and manipulate your emotions. Disinformation can be used as a phishing tactic to try to get you to click on suspicious links or open malicious attachments.   

Follow the tips below to stay safe from these types of scams:
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. 
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
•    Stay informed by following trusted news sources. If you see a sensational headline, research the news story to verify that it’s legitimate. 
 

 

10/12/23 - New Message from Cybercriminals

Researchers at Guardio Labs have discovered a new cyberattack. This attack targets business accounts on the popular social media network, Facebook. A group of cybercriminals are using Facebook Messenger to try and steal sensitive information. 

In this scam, cybercriminals use the Messenger app to ask you about your business. In this message, they include an attachment. If you download or select the attachment, it will install malware onto your device. Once installed, cybercriminals can spy on you, watch your keystrokes, and steal your sensitive information.   

Follow the tips below to stay safe from similar scams:
•    Never download an attachment in a message that you weren’t expecting. 
•    Be cautious when opening messages from unknown users. It could be a cybercriminal in disguise. 
•    Remember that this type of attack isn’t exclusive to business accounts. Cybercriminals could use this technique to try to phish anyone.
 

10/4/23 - This LastPass Scam is So Last Year

Last year, the popular password manager LastPass was the victim of a data breach. Because of this, cybercriminals have access to the names, email addresses, and phone numbers of LastPass’s customers. Since the breach, cybercriminals have been using LastPass’s data breach in various cyberattacks. 

Recently, cybercriminals launched a phishing attack targeting LastPass users. In this scam, cybercriminals send you a spoofed LastPass email with a link asking you to verify your information. If you click the link, you’ll be taken to a spoofed LastPass login page. If you enter your login information, cybercriminals will have access to your sensitive information.  

Follow the tips below to stay safe from similar scams:
•    Never click a link in an email that you weren’t expecting. 
•    Be cautious when entering login information on a website accessed through an email. To stay safe, navigate directly to the organization's official website.
•    Stay educated and watch the news for data breaches. If a service you use is breached, be extra cautious of any emails you get from that organization.
 

9/27/23 - Smishy Package Failed to Deliver

Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy. 

In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information. 

Follow the tips below to stay safe from similar scams:
•    Never tap a link in a text message that you weren’t expecting. 
•    Be cautious when entering payment information on a website accessed via text message. To stay safe, navigate directly to the organization's official website.
•    Remember that this type of attack isn’t exclusive to postal services. Cybercriminals could use this technique to impersonate any business in any country. 

9/21/23 - Bet on Cybercriminals

MGM Resorts International is an American hospitality and entertainment organization. This past week, MGM made headlines with the news of a cyberattack costing over 52 million dollars in lost revenue. Nearly all of MGM’s hotels, casinos, and ATMs went offline. This massive attack started with a simple social engineering scam. 

Using information found on a LinkedIn post, a cybercriminal impersonated an MGM employee and called their IT department. They asked to have their password reset, and the IT department reset the employee’s password. This gave the cybercriminal access to the employee’s account and eventually led to the cybercriminal taking over MGM’s entire system. This is a great example of why it’s important to learn how to protect yourself and others from similar attacks. 

Follow the tips below to stay safe from similar scams:
•    Be careful with the information you share about yourself online. Cybercriminals can use this information to target you in phishing attacks. 
•    Confirm that the person you’re speaking to is actually who they say they are. Try reaching out to them using another form of contact or by meeting with them face-to-face.
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you.
 

9/13/23 - Watch Out for .us Domains

The Interisle Consulting Group has published a report that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” in “knowbe4[.]com”. 

Although .us is the country code for the United States, cybercriminals have been using this domain to attack organizations worldwide such as Apple, Great Britain’s Royal Mail, and the Denmark Tax Authority. Cybercriminals may use these domains to trick you into thinking you're visiting an official US website instead of a malicious one. Clicking a malicious .us link from cybercriminals could lead to malware or trick you into revealing sensitive information.

Follow the tips below to spot similar scams:
•    Never click a link in an email that you weren't expecting.
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

9/6/23 - Scan Here to Get Phished

A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.

In a recent scam, cybercriminals sent phishing emails disguised as multi-factor authentication (MFA) messages. The email instructs you to scan the QR code to enable MFA on your device. If you scan the QR code, you’ll be taken to a spoofed login page. If you enter your login credentials, cybercriminals could gain access to more of your sensitive information. 

Follow the tips below to stay safe from similar scams:
•    Think before you scan a QR code. Cyberattacks are designed to catch you off guard and trigger you to scan impulsively. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
•    Be cautious before entering any login information on a website from a QR code. Instead, navigate directly to the official website.

8/30/23 - Duolingo Data Leak

Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.

In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak. For example, cybercriminals may send you a spoofed Duolingo email claiming that you need to change your password or email address. Cybercriminals could also use your leaked name or email address to send more sophisticated phishing attacks. These attacks could be completely unrelated to Duolingo.

Follow the tips below to stay safe from similar scams:
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    Remember that this type of attack isn’t exclusive to Duolingo. Cybercriminals could use this technique to impersonate any app.
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

8/23/23 - Phishy Search Results

Cybercriminals are at it again with search engine optimization (SEO) attacks. Legitimate organizations use SEO to help their websites and documents appear more often in search engine results. Unfortunately, cybercriminals are using a combination of SEO and malicious PDF files to try to steal your sensitive information. 

In these attacks, cybercriminals use SEO to manipulate the top search results to show malicious PDF files. These files look like regular search results and will open in your browser when clicked. They are often designed to look like real websites and contain dangerous links. If you click one of these links, it could take you to a malicious website or download malware onto your device. 

Follow the tips below to stay safe from similar scams:
•    SEO attacks rely on impulsive clicks, so you can’t always trust the first search result. Read the titles and descriptions of the results to find what you’re looking for. 
•    Before clicking a search result, hover your mouse over it to check the URL. If the URL ends in “.pdf,” the search result leads to a PDF file, not a website.
•    Be cautious before clicking any links in a PDF file. They could lead to malicious websites. 

6/28/23 - Call 800-Cybercriminal

Recently, cybercriminals have taken advantage of Soda PDF, a PDF viewing service. Using Soda PDF, cybercriminals are sending malicious PDF files to try to trick you into sharing your phone number and payment information. Because Soda PDF is a legitimate service, this scam can be hard to recognize. So, it's important to learn how to protect yourself and others.

In this scam, cybercriminals use Soda PDF to send you an email with a PDF file. The file will contain a phone number and prompt you to call if you have any questions. If you call this number, a cybercriminal will ask for your payment information. Then, the cybercriminal can use information that you shared to steal your money and call you in additional scams.

Follow the tips below to spot similar scams:
•    Never click a link or download an attachment in an email that you aren’t expecting. 
•    Think before calling unknown phone numbers. Verify that a phone number is legitimate by navigating to the organization’s official website. 
•    Remember that this type of attack isn’t exclusive to Soda PDF. Cybercriminals could use this technique to exploit any file-sharing service.
 

6/20/23 - Text messages & spoofed websites used to lure members into scam

Fraudulent text messages — appearing to come from the credit union — containing links to spoofed websites are being sent to members. The spoofed websites are made to look like the credit unions’ legitimate websites and members are enticed to click on the link and share confidential information such as username, passwords, as well as 2-factor authentication passcodes. These fraud attempts have resulted in losses from account takeovers.  GenFed will not text you asking for personal information.

5/31/23 - Permission to Hack

Recently, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps. 

In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to steal your information. If you download this app, you’ll be prompted to accept permissions that align with what the app claims to do. However, if you accept these permissions, you’ll grant cybercriminals access to your personal information, such as your location, text messages, and more. 

Follow the tips below to stay safe from similar scams:
•    Only download apps from trusted publishers. Anyone can publish an app on official app stores—including cybercriminals. 
•    Enable security settings on your device, such as Google Play Protect which scans for malicious apps.
•    Remember that this type of attack isn’t exclusive to the Google Play Store. Cybercriminals could use this technique to put malicious apps on any platform. 
 

5/24/23 - PayPal Payment Ploy

Recently, cybercriminals have taken advantage of PayPal, the popular international online payment platform. Cybercriminals are spoofing PayPal in order to try and steal your personal or financial information.

In this scam, cybercriminals send you a phishing email saying that one of your PayPal payments didn’t process and that you need to act fast. The email contains a phone number allegedly from PayPal, prompting you to call. This phone call appears legitimate, but it’s actually from cybercriminals spoofing PayPal. If you call this number, cybercriminals can trick you into giving away your personal or financial information. 

Follow the tips below to stay safe from similar scams:
•    Be cautious when giving your financial information to someone over the phone. Instead, avoid using phone numbers provided in emails and navigate to the organization’s official website. 
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
•    Remember that this type of attack isn’t exclusive to PayPal. Cybercriminals could use this technique to impersonate any organization in any country. 
 

5/3/23 - Watch out for Coronation-Related Scams

This upcoming week, King Charles III will be coronated as the new king of the United Kingdom. When a major historical event is about to take place, people often look to social media and online news sources for information about the event. 

Cybercriminals take advantage of high-profile news stories to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing the king’s coronation in phishing attacks and social media disinformation campaigns.

Follow the tips below to stay safe from similar scams:
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you.
•    If you receive a suspicious email, follow your organization’s procedure to report the email.

4/12/23 - Interview with a Cybercriminal

Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.

This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they'll be able to access your account for their own malicious goals. 

Follow the tips below to stay safe from similar scams:
•    Remember that spear phishing attacks can impersonate anyone, such as a media outlet or a close friend. Think before you click, and never click a link in an email that you aren’t expecting. 
•    Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, reach out to them in person or by phone to verify. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

3/1/23 - IT or Cybercriminal?

Coinbase, a cryptocurrency platform, was the latest victim of a social engineering attack. Social engineering occurs when cybercriminals manipulate you to try to steal your sensitive information. 

In this recent attack, a cybercriminal sent smishing (SMS phishing) messages to Coinbase employees. These messages contained a link directing employees to log in to their company accounts. Shortly after one employee clicked this link, Coinbase saw and prevented the cybercriminal from gaining internal access. Later, the cybercriminal called the same employee and claimed to be from Coinbase’s IT department. The employee thought the call was legitimate, and the cybercriminal stole some sensitive information over the phone. 

Follow the tips below to stay safe from similar scams:
•    Always be cautious of unexpected text messages.
•    Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
•    Before you share any sensitive information over the phone, verify that the caller is actually who they say they are. 
 

1/18/23 - Single Sign-On Smishing

Okta's single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren't the only people who benefit from this service. Cybercriminals are taking advantage of Okta and other SSO services in a recent smishing (SMS phishing) scam.

To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.

Follow the tips below to stay safe from similar scams:
•    Always be cautious of unexpected text messages. While this scam targets Okta users, it could be used with any authentication service.
•    Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
•    Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
 

12/28/22 - Smishing is 50% off!

Have you ever received text messages about special discounts or promotions for a service you use? Many legitimate organizations send promotional text messages to their customers. Unfortunately, cybercriminals are sending text messages with fake promotions to try to manipulate you.

In a recent smishing (SMS phishing) scam, cybercriminals send you a text message offering a discount that's only available for a limited time. The text message claims that the discount is for a common expense such as gas, an electricity bill, or even a car insurance policy. To claim your discount, the text message states that you need to click a link and enter sensitive information, including your bank account information. If you click the link and enter this information, cybercriminals can use it to access your bank account and steal your money.

Follow the tips below to stay safe from similar smishing scams:
•    Think before you interact with a text message. Did you sign up for text messages from the organization? Is the text message similar to other text messages you’ve received from the organization?
•    If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.
•    Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
 

10/26/22 - Google Translate phishing Scams

Google Translate is a free service that you can use to translate text from one language to another. Since Google Translate is a Google product, many people view it as a sign that a webpage is trustworthy. Now, cybercriminals are spoofing Google Translate pages to make their phishing campaigns seem legitimate.

In a new phishing scam, cybercriminals send an email claiming that important emails are being withheld from your inbox. The email instructs you to click a link to log in and confirm your account. This link will redirect you to a spoofed login page that displays a Google Translate banner. This banner claims that text on this page has been translated into your language and makes the page look legitimate. If you enter your login credentials, cybercriminals will use them to access your account and steal your sensitive information.

Use the tips below to spot Google Translate phishing scams:
•    If you receive an email claiming you have an account issue, always log in to the organization’s website directly.
•    Before you click a link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.
•    Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds a layer of security by requiring that you provide additional verification to log in to your account.
 

5/11/22 - Spoofed SMTP Relay Services

Simple Mail Transfer Protocol (SMTP) is the standard method that mail servers use to send emails. Organizations typically use an SMTP relay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service. 

Using this vulnerability, cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let’s say that a legitimate organization owns the domain sign-doc[dot]com and uses Gmail to relay its marketing emails. Cybercriminals could send phishing emails from a malicious domain, such as wishyoudidntclickthis[dot]com, and disguise the emails by spoofing the legitimate domain, sign-doc[dot]com. Since the spoofed domain is being relayed through Gmail, most email clients will consider the malicious email safe and allow it to pass through security filters.

Follow the tips below to stay safe from similar scams:
•    This type of attack isn’t limited to Gmail. Other SMTP relay services could have similar vulnerabilities. Even if an email seems to come from a legitimate sender, remain cautious. 
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.
 

1/26/22 - Google Docs Comment Con

Google Docs is one of the world’s most popular document sharing and editing applications. Along with the ability to create and share documents, Google Docs allows users to add comments to these documents. In a new scam, cybercriminals have taken advantage of this feature by inserting phishing links into comments.

In this scam, cybercriminals use a real Google account to create a document in Google Docs and then tag you in a comment. You will then receive a legitimate email from Google, notifying you that you’ve been tagged in a comment. The comment will include an embedded phishing link and may appear to come from someone you trust, such as a co-worker. Unfortunately, if you click the phishing link, malware may be installed on your device. 

Don’t fall for this trick! Follow the tips below to stay safe from similar scams: 
•    Beware of suspicious links. Always hover your cursor over links before you click, and check the commenter’s email address to verify their identity.
•    Check the comment for grammatical errors, such as misspelled words or unusual phrases. Grammatical errors may be a sign that the comment is suspicious.
•    Don’t open documents or files that you weren’t expecting to receive. If you receive a document that you weren’t expecting, make sure you verify that the sender is legitimate before you open it.
 

1/19/22 - Google Voice Authentication Scams

Google Voice is a service that provides virtual phone numbers to make and receive calls and text messages. Each Google Voice number must be linked to a real phone number so that any activity can be traced back to the user. In a new scam, cybercriminals use your name and phone number to create a Google Voice number. Once created, cybercriminals can use the Google Voice number for other phone-based scams. Worse still, they can also use the linked Google Voice number to gain access to your Google account. 

Here’s how the scam works: Cybercriminals target anyone that shares their phone number in a public space. For example, let’s say you post an ad for an old couch on a resale website and include your phone number. A cybercriminal could contact you pretending to be interested in the couch. Then, they could send you a Google authentication code and ask you to send them the code to prove that you are a legitimate seller. Unfortunately, the code actually allows them to link their Google Voice number to your real phone number. 

Remember the following tips to stay safe from similar scams: 
•    If someone wants to confirm that you are a real person, suggest a safe option, such as making a phone call or meeting in a busy, public place.
•    Resale sites are just one example of where cybercriminals could find your phone number. They could also reference social media posts or even your resume. Always be cautious when you’re contacted by someone you don’t know. 
•    Never share a confirmation or authentication code with another person. Keep these codes between you and the service that you need the code for, such as logging in to your bank account. 

12/22/21 - Netflix Scam Double Feature

Netflix is both the world’s largest streaming platform and one of the most impersonated brands among cybercriminals. There have been many Netflix-themed scams over the years, but most of these scams target one of two groups: current Netflix subscribers or potential Netflix subscribers.

To target current Netflix subscribers, cybercriminals send phony email notifications claiming there is a problem with your billing information. To target potential Netflix subscribers, cybercriminals send emails that advertise a deal for new accounts. Both phishing emails include links that lead to Netflix look-alike webpages where you’re asked to provide your personal and payment information. Any information you enter on these fake webpages is delivered straight to the cybercriminals. 

Remember the tips below to stay safe from streaming scams: 
•    Never click on a link within an email that you weren’t expecting, even if the email appears to come from a company or service you recognize.
•    These types of scams aren’t limited to Netflix. Cybercriminals also spoof other streaming services, such as Disney+ and Spotify. Remember that if a deal seems too good to be true, it probably is. 
•    If you receive an unexpected notification, open your browser and navigate to the platform’s website. Then, you can log in to your account knowing that you’re on the platform’s real website and not a phony look-alike website.
 

11/29/21 - Online Shopping Steals

It’s Thanksgiving week in the United States, which means Black Friday and Cyber Monday are finally here! To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers. 

Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you'll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals. 

Follow the tips below to avoid these malicious online stores:
•    Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as "Squishmellows" or "Squashmallows."
•    Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!
•    Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer. 
 

11/16/21 - Online Loan Warning

No legitimate lender would ask for your online banking information and would never ask you to send part of any loan proceed back to them.  You should never give your online banking log-in information to anyone.  Doing so gives that person all of your transaction history information, allows them to withdrawal (or deposit to) your funds, and your account could be used for illegal purposes.  If in doubt call GenFed for help!

 

10/13/21 - Members Receiving Spoofed Phone Calls to Acquire Sensitive Info

GenFed has become aware of members receiving fraudulent phone calls from individuals claiming to be from the Credit Union Fraud Department. These fraudsters are using spoofing technology to make the phone calls appear to be coming from a legitimate GenFed Financial phone number.

The fraudster may claim that a fraudulent charge has been made on the member’s account and the member is asked to confirm his or her identity.  Or the fraudster may make other false claims.

While GenFed Financial actively monitors your accounts for potential fraud, please remember that we will NEVER initiate a call or email asking you to give us your card PIN, Online Banking username and password, or full card number. If you have any doubt about the validity of a phone call you receive from us, please hang up and call your local branch to speak with us immediately.

Please also be aware that you can use our free Card Control service through the cards app to lock your card until you are able to reach us. This will ensure that your card is protected until you are able to contact us.
 

10/13/21 - The Ultimate Data Breach Database

With a year full of high-profile data breaches, one cybercriminal has created the ultimate database. The cybercriminal claims that the database contains over 3.8 billion records and is attempting to sell the information on the dark web. 

Allegedly, the database is made up of scraped phone numbers that were then linked to Facebook profiles, Clubhouse accounts, and other sensitive information. Due to the nature of this data, we expect to see an increase in smishing attacks, hijacked accounts, and other social media scams.

Use the tips below to stay safe from these types of scams:
•    Smishing, or text message phishing, is difficult to spot. When you receive a suspicious text message, ask yourself these questions: Were you expecting this message? When did you give the sender your phone number? Did you sign up for text notifications?
•    Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity. 
•    For a high level of security, keep your social media accounts private. Only accept friend requests or follow requests from people that you know and trust.
 

10/6/21 - No Time to Phish

James Bond is one of the longest-running film series in history. Since fans have been waiting since 2015 for another installment, the new film, No Time to Die, is making headlines. Cybercriminals have wasted no time and are using the film’s release as phish bait in a new scam.

The scam starts with an ad or pop-up window that claims you can stream No Time to Die for free. If you click on the ad, you are taken to a malicious website that plays the first few minutes of the film. Then, the stream is interrupted and you are asked to create an account to continue watching. Of course, creating an account includes providing personal information and a payment method. Unfortunately, if you complete this process the cybercriminals can charge your debit or credit card for as much money as they’d like. Plus, you won’t actually get to watch the film.

Here are some tips to avoid scams like this:
•    Be suspicious of ads, emails, and social media posts that offer free services for something you would typically have to pay for. 
•    Only use well-known, trusted websites to stream movies, shows, and music.
•    Never trust an online ad. Use a search engine to look up reviews, articles, and the official website for any product or service that catches your eye.
 

9/29/21 - Shortened URLs are a Sneaky Shoutcut

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage. 

Don’t fall for this trick! Remember the following tips:
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.
•    This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!
 

9/22/21 - Friendly Spear Phishing

Spear phishing is a phishing attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media. Spear phishing attacks on social media often come from fake accounts, but in a recent scam, cybercriminals used real, compromised accounts. After hijacking an account, cybercriminals impersonated that person and targeted their friends and followers. 

In this scam, cybercriminals use the hijacked account to engage in friendly conversations with you in an attempt to lower your guard. Since you don't know that the account has been hijacked, you are more likely to trust information that they send to you. Once they think they have your trust, the cybercriminals will send you a Microsoft Word document asking for you to review it and give them advice. Once you open the document, the program will ask you to enable macros. If you do enable macros, your system will automatically download and install a dangerous piece of malware. 

Follow the steps below to stay safe from this scam:
•    Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
•    Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.
•    Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

9/15/21 - Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website. 

Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.

Follow the tips below to stay safe from this unique threat:
•    Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
•    Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information. 
•    If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.
 

9/8/21 - Watch Out for Windows 11 Scams

Microsoft Windows is the most widely used operating system in the world. This October, it is getting an upgrade. Microsoft has announced that starting October 5, compatible systems that run the current version of Windows 10 will be offered a free upgrade to Windows 11. 

Cybercriminals are sure to use this announcement in several ways. In the coming weeks, we expect to see update-related phishing emails, fake Windows 11 webpages, and pop-up ads designed to look like a Windows update. 

Don't fall for these scams. Follow the tips below to stay safe:
•    Always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively. 
•    Only trust information from the source. If you want to learn more about the Windows 11 update, go directly to Microsoft’s official website or follow their official social media pages.
•    If you are prompted to update your work computer, reach out to your administrator or IT department. They can check to make sure the update is legitimate and safe.

9/1/21 - COVID-19 is the Never-ending Phish Bait

Cybercriminals have used COVID-19 as phish bait since the start of the pandemic, and they’re not stopping any time soon. In a recent attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form "could carry significant fines". 

If you click the link in the email, you are directed to a realistic but fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a real vaccination form from your local government. The good news is that this form isn't actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.

Remember these tips to avoid similar phishing attacks:
•    Watch out for a sense of urgency, especially when there is a threat of a fine or a penalty. These scams rely on impulsive actions, so always think before you click.
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you receive an unexpected email from someone within your organization, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email. 
 

8/25/21 - Beware of Copyright Scammers

In a recent phishing scam, scammers told users that they have violated copyright laws and must take immediate action to protect their account. The scammers claim that the content the user posted, such as an Instagram photo or a YouTube video, violates copyright law. Users are told that they must immediately click a link to protect their account from suspension or deactivation. However, in a recent version of this scam, the scammers are trying to get you on the phone with a fake support tech.

The way this scam works is that scammers send a fake Digital Millennium Copyright Act (DCMA) complaint that informs users about a potential copyright violation. The user is told that they can click a link to see the original copyright complaint or they can call a phone number to contact technical support. When the user tries to click the complaint link, they are taken to an error page. This error page is used to pressure the user into calling the free, fraudulent phone number instead. Once the user calls, the fake technical support team uses social engineering tactics to pressure the users into revealing sensitive information.

Don’t fall for this trick! Follow the tips below:
•    Beware of urgent messages. Cybercriminals use this sense of urgency to pressure you into acting quickly.
•    Never give away sensitive account information. Organization’s IT teams will not ask for sensitive information, such as passwords, over the phone or over email.
•    Don’t call without verifying the phone number. Verify the organization’s phone number by checking their official website.
 

8/18/21 - Scammers Continue with Another Facebook Scam

Scammers recently used their own third-party Android applications (apps) to hijack over 10,000 Facebook accounts. If you were to download and open one of these malicious apps, you’d see a familiar feature: the “Continue with Facebook” button. Legitimate apps often integrate with websites like Facebook to make account creation quick and easy. In malicious apps, this type of link often leads to a phony login page designed to steal your login credentials. 
This scam is unique because clicking the “Continue with Facebook” button actually opens the official Facebook login page. If you log in to your Facebook account, you’ll give the bad guys far more than your username and password. The malicious apps include an extra bit of code that gathers your account details, location, IP address, and more. Once they hijack your account, the bad guys can use it to generate ad revenue, spread disinformation, or even scam your friends and family. 
Follow these tips to stay safe from malicious applications:
•    Though this attack targets Android users, the technique could be used on any kind of device, even desktop computers. Always be careful when downloading apps or software, regardless of the device that you are using. 
•    Before downloading an app, read the reviews and ratings. Look for critical reviews with three stars or less, as these reviews are more likely to be real. 
•    Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores, including cybercriminals. 
 

8/11/21 - Multi-layered Microsoft Scam

In a recent phishing scam, bad guys combined some of their favorite tricks to create an extra special phishing email. This phishing scam uses a number of different tactics to fool you and your email filters.
The phishing email is designed to look like a real Microsoft OneDrive notification, complete with official logos and icons. If you check the sender’s address, you’ll see an email address that closely resembles a real Microsoft domain. The body of the email references your actual Microsoft username and directs you to click on a button to open a shared Microsoft Excel file. 

To bypass your email filters, the scammers don't use a direct link to their malicious webpage. Instead, the email includes a link from a trusted website called AppSpot, which is a cloud computing platform from Google. If you click on the “Open” button in the email, the AppSpot website immediately redirects you to a compromised Microsoft SharePoint page. On this page, you will be asked to provide your Microsoft credentials to access the supposedly shared file. Any information typed on this page will be delivered directly to the bad guys. 
Remember the following tips to stay safe:
•    Never click on a link or download an attachment from an email that you were not expecting.
•    If you receive an unexpected email from someone who you think you know—stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email. 
•    This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.
 

8/4/21 - Bluffing Blackmail

In a recent large-scale cybersecurity attack, scammers sent over 400,000 phony blackmail attempts. These devious emails are written in an oddly casual tone and seem to outline the bad guy’s entire blackmail process. The scammer claims to have purchased your information from a hacker. To make this claim more convincing, the scammer references an actual password of yours that has been exposed in a data breach. 
The scammer goes on to say that they have installed a piece of malicious software (malware) onto your device. Supposedly, the malware was used to access your webcam and record you without your knowledge. Despite claiming to have full access to your accounts and device, the scammer intends to blackmail you via email. They'll threaten to release an incriminating video of you if you don’t pay them. Don’t be fooled!
Follow these tips to call the scammer’s bluff:
•    Think before you click. If the scammer truly has the access to your accounts and device that they claim to have, why are they emailing you to ask for money?
•    Cybercriminals use information from real data breaches to seem legitimate. Stay informed about data breaches by using a trusted credit and identity monitoring service. A number of reputable institutions provide these services for free.
•    Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you give to retailers and online services.
 

7/28/21 - Sp0t th? HomogIyph

Microsoft recently announced legal action against domains that impersonate the brand using homoglyphs. A homoglyph is a letter or character that closely resembles another letter or character. Cybercriminals use homoglyphs to trick you into thinking a domain belongs to a trusted company.
Here’s an example: Scammers could use a zero (0) in place of a capital letter “O” or they could use a lowercase letter “L” in place of a capital letter “i”. Using these examples, the bad guys can impersonate MICROSOFT[dot]COM as MlCR0S0FT[dot]COM. Some cybercriminals take this method one step further by using characters from other languages. For example, the Russian character “?” could be used in place of an English letter “b”.
Don’t fall for this trick! Remember the tips below:
•    Be cautious when you receive an email that you were not expecting. This trick can be used to impersonate any company, brand, or even a person’s name.
•    Before you click, always hover over a link to preview the destination, even if you think the email is legitimate. Pay close attention to the characters in the URL.
•    If you’re asked to log in to an account or an online service, navigate to the official website and log in there. That way, you can ensure you’re logging in to the real website and not a phony look-alike website.
 

7/21/21 - Macros on Macros

Cybercriminals are always finding new ways to bypass your security filters. In this scam, the bad guys start by sending a Microsoft Word document that has no malicious code or links within it. Once opened in Microsoft Word, the innocent-looking document includes a pop-up that asks you to enable macros. A macro, short for macroinstruction, is a set of commands that can be used to control Microsoft Word, Microsoft Excel, and other programs.
Here’s how the attack works: If you open the attached Microsoft Word document and enable macros, the document automatically downloads and opens an encrypted Microsoft Excel file. The Microsoft Excel file instructs Microsoft Word to write new commands into the same Microsoft Excel file. Once the new commands are added, the Microsoft Excel file automatically downloads and runs a dangerous piece of malware onto your device.
Use the tips below to avoid falling victim to an attack like this one:
•    Never click a link or download an attachment from an email that you were not expecting.
•    Before enabling macros for a file, contact the sender using an alternative line of communication, such as making a phone call or sending a text message. Verify who created the file, what the file contains, and why enabling macros is necessary.
•    This type of attack isn’t exclusive to Microsoft products. The technique could easily be used on a number of other programs. Always think before you click.
 

7/14/21 - Kaseya Security Crisis Scams

Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware. 
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns. 
Here are some tips to stay safe:
•    Watch out for Kaseya-related emails—especially those that claim your organization has been affected. 
•    Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations. 
•    Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
 

7/7/21 - Hidden Google Drive

To help protect you against malicious links, most email clients have filters that flag suspicious-looking emails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in email filters typically do not recognize that this content is malicious. 
In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.
Don’t fall for this trick! Remember:
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you think the email could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign email using a Google Drive link.
•    When an email claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.
 

6/30/21 - Five-Star Fraud

Say the new browser extension that you want to download has a lot of positive reviews. These reviews may make the extension seem legitimate, but not necessarily. Cybercriminals often use fake reviews to trick users into downloading malicious browser extensions.
For example, a malicious Microsoft Authenticator extension with fake reviews was recently found in the Google Chrome Store. The extension had five reviews: three one-star reviews and two five-star reviews. The real one-star reviews warned others that the extension was malware, while the fake five-star reviews praised the extension. This is just one example of how bad guys use fake reviews to gain your trust.
So, how do you know if the cool new extension is safe to download? Follow these tips to stay safe:
•    Only download extensions from trusted publishers. Cybercriminals can easily publish extensions or apps to app stores, so make sure you know who developed the extension before you download it.
•    Be suspicious of extensions that ask you to enter sensitive information. Legitimate extension downloads may request special permissions from you, but they won’t ask you to give up sensitive information.
•    Look for negative reviews. Don’t just focus on the positive reviews. Negative or critical reviews are less likely to be fake. 
 

6/23/21 - Prime Day or Crime Day?

Amazon, the world's largest online retailer, is hosting their huge Prime Day sales event on June 21st and 22nd this year. Subscribers around the world are ready to shop! But while you’re looking for good deals, the bad guys are looking for the opportunity to scam you any way they can. Expect to see all sorts of scams related to Amazon’s Prime day, from fake advertisements to phony shipping notifications.
One Amazon-themed scam uses a phishing email disguised as a security alert. The alert starts with “Hi Dear Customer,” and goes on to say that your account has been “blocked” due to an unauthorized login. The email explains that, “You can't use your account at the movement, Please Verify And Secure your account by following link”. If you were to click the link in the email, you would be sent to a malicious website.
Shop safely by following these tips:
•    Look out for spelling and grammatical errors. This specific phishing email was full of errors, such as using the word “movement” instead of “moment”.
•    Always go directly to Amazon.com when you want to shop, review your order information, or check on the status of your account. 
•    Never trust a link in an email that you were not expecting. Cybercriminals have created hundreds of fake domains with the words "Amazon" and "Prime" in order to trick you.
 

6/16/21 - Phony FINRA Phishing

Once again cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.

In this FINRA-themed phishing email, the sender’s email address uses the domain gateway[dash]finra[dot]org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!

Use the tips below to stay safe from similar attacks:

6/9/21 - New Smishing Scam Borrows Your Phone

In a new Smishing (SMS Phishing) attack aimed at Android users, cybercriminals send a text message that claims you have a delivery that needs to be paid for. If you tap on the link provided in the text, you are taken to a page that asks you to update your Google Chrome app. If you tap the Install Now button on the page, a download begins and you are redirected to a payment screen. On this screen, you are asked to pay a small fee so that your package can be delivered. If you provide any payment information on this page, it is sent directly to the bad guys.
Unfortunately, this scam gets worse. If you tapped the Install Now button mentioned above, you actually downloaded malware that uses the icon and name of Google Chrome to disguise itself. This “app” then uses your mobile number to send thousands of smishing texts to random, unsuspecting victims.

Don’t become a part of their scam! Follow the tips below to stay safe from attacks like this:

6/2/21 - Thank You for Calling—Here’s Some Malware

A recent social engineering scam uses real people in a call center to trick you into downloading malware onto your computer. Here’s how the scam works:
You receive an email claiming that your trial subscription to a publishing company will expire soon. The email states that you will be charged if the subscription is not canceled, and it directs you to call a phone number for assistance. If you call this number a representative happily walks you through how to unsubscribe. The representative directs you to a generic-sounding web address, asks you to enter the account number provided in the original email, and tells you to click a button labeled “Unsubscribe”. If you click, an excel file is downloaded onto your computer. The representative tells you to open that file and enable macros so you can read a confirmation number to them. If you enable macros, a malicious file is installed that allows cybercriminals backdoor access to your system. The bad guys can use this access to install more dangerous malware, such as ransomware.

Follow these tips to stay safe from this social engineering attack:

 

5/26/21 - Using Synonyms to Scam, Con, and Dupe You

Most email clients have security filters that scan your incoming emails for keywords. When certain keywords accompany other suspicious elements, the email will be filtered into your Spam or Trash folder. But cybercriminals can bypass your email filter using one simple tool: synonyms. Bad guys are replacing commonly-filtered words with synonyms (words or phrases that mean the same thing). This simple swap gets their phishing email past your email filters and into your inbox.
In a recent phishing attack, the cybercriminals replaced the term “invoice” with the synonym “Remittance Advice”. Since the term “Remittance Advice” is not a common keyword, the phishing email passes your security filter and is delivered to your inbox. The email includes an image that looks like an attachment. If you click to download the attachment, you’ll actually be clicking on an image that links you to a dangerous phishing site.

Here’s how you can stay safe from scams like this:

 

5/19/21 - QuickBooks Used as Bait for a Quick Scam

An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, you get a dangerous cybersecurity threat.
The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one-thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches.

Here’s how you can stay safe from scams like this:

5/12/21 - Credential Scam With a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.
You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.

Don’t be fooled! Remember these tips:


4/28/21 - Voice Changing “Catphish”

In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.

This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:

 

4/21/21 - Tricky PDF Files

Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.

Don’t fall for these tricks! Remember the following tips:

4/15/21 - Advanced Phishing Hidden in Plain Text

Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.

Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

4/7/21 - Classic Facebook Phishing

While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:

The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.

How many red flags did you see? Remember the following tips:

 

3/31/21 - Instagram Influencer Scams

As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.

Instagram influencers often host special giveaways to raise brand awareness. Typically followers are asked to comment on the post for their chance to win. Unfortunately, bad guys then use these comments to target their victims. You may receive a message from someone spoofing the influencer’s account or claiming that they work with the giveaway host. Then, you are told that you won the giveaway, but that you need to pay a shipping fee or provide some personal information. Any information provided goes straight to the cybercriminals. Don’t fall for it!

Here are some tips to stay safe from influencer scams:

 

3/24/21 - Malicious Mobile Apps in Disguise

Google recently removed a number of dangerous mobile applications (apps) from the Google Play store. These were disguised as generic VPN and audio control apps that appeared to be safe, but once installed, they tricked victims into allowing downloads from untrusted sources.

If you download a disguised app and fall victim to this scam, a dangerous piece of malicious software (malware) is installed on your device. The malware adds malicious code into your financial apps, giving the bad guys access to your banking and credit card accounts. Over time, cybercriminals use this malware to gain complete control over your device and use it however they please.

This is not the first time that malicious apps were found on Google Play or on the Apple app store—and it won’t be the last. When you download applications, remember these tips:

 

3/17/21 - Scammers Use FINRA as Phish Bait

Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!

The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you've got more questions regarding this letter don't hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.

Here’s how you can stay safe from similar attacks:

3/10/21 - LinkedIn File Sharing Scam

LinkedIn is a networking site used to connect with colleagues, employers, and other business contacts. Even though LinkedIn is designed for professionals, it is just as vulnerable as any other social media platform.

In a recent scam, cybercriminals use stolen LinkedIn accounts to message the contacts of those accounts. The message includes a link to a “LinkedInSecureMessage”—which is not a service that LinkedIn provides. The link takes you to an official-looking page that includes the LinkedIn logo and a “View Document” button. If you click the button, a phony LinkedIn login page opens. Information entered on this screen will be sent straight to the cybercriminals who will likely sell your account for use in similar social networking scams.

Don’t fall for it! Remember these tips:

3/3/21 - Shipping Scam Spoofs “Dhl Express”

Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:

Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.

How many red flags did you see? Remember the following tips:

2/24/21 - Exploiting the Coronavirus: Vaccine Invitation Scam

Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.

A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.

Follow these tips to stay safe from similar scams:

2/17/21 - Phishing with Phony Loans

A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.

The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.

Here’s how you can stay safe from scams like this:

2/10/21 - Smishing with PayPal

A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We've permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.

Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.

While this is an advanced attack, you can still stay safe by practicing the tips below:

 

2/3/21 - Advanced Look-alike Login Pages

Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.

Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.

While this is an advanced attack, you can still stay safe by practicing the tips below:

1/27/21 - Romantic Investment Scams

Let’s be honest, the age of social distancing can leave us feeling lonely. To make matters worse, bad guys are leveraging our loneliness for their scams. Romance-related scams are growing more popular and more complex.

In the latest romance-related scam, bad guys use a dating app to find their target, build a relationship, and establish trust. Once you trust them, the scammer will share financial tips and invite you to an exclusive investment site—which is actually a scam. Your new “friend” will guide you through opening an account, buying financial products, and building your investments. Then, one day, all communication stops and you’re left wondering where that money has gone.

Don’t fall for it! Remember these tips:

 

1/20/21 - Exploiting the Coronavirus: Financial Assistance Scams

While the world continues to navigate life during a pandemic, countless families and individuals are struggling financially. In a truly malicious response to the situation, scammers are launching phishing attacks that claim to offer financial assistance to those in need.

The phishing email impersonates your local government and it states that you are eligible to receive financial aid. You’re directed to click a link in the email for more information. If you click the link, you are taken to a phony government website. The site asks for personally identifiable information, including your social security number. Once you’ve provided this information, the site claims that you will be contacted regarding your aid. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.

Here’s how you can stay safe from scams like this:

 

1/13/21 - Watch Out for US Capitol and Parler Scams

Last week, a rally held in the United States Capitol escalated when protestors stormed the Capitol building. This event was later linked to posts on the social media platform Parler. The controversial events at the Capitol and related use of Parler has led both Apple and Google to remove the app from their respective app stores.

Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing this event and the Parler app in their phishing attacks and social media disinformation campaigns.

Here are some tips to stay safe:

 

1/6/21 - Man’s Best Friend is a Scammer’s Best Bait

With stay-at-home orders in place across the globe, many people are buying new pets to help them feel more connected. Unfortunately, shoppers who are looking for a furry friend may be in for a big surprise. Cybercriminals are creating phony online pet shops that advertise unbelievable prices on purebred pups.

These malicious pet shop sites include poorly-written testimonials from alleged buyers that often don’t make sense. For example, one testimonial claimed that their “German Shepherd baby had hatched”. If you overlook these phony testimonials and click the “Buy Me!” button under the photo of an adorable puppy, you’ll be taken to a contact page to begin your email conversation with the supposed seller. Via email, the scammers will ask you to pay for your pup using Bitcoin or a service provider, such as Paypal. Of course, any money you send goes straight to the bad guys and you’ll never receive your pup.

Here are some tips to avoid this ruff scam: