Cyber Scam of the Week

Should I Provide Personal Information?  ALWAYS use Caution!!

NEVER enter personal details including account numbers, PINs or Social Security Numbers into a web page link that has been sent to you via email or text. GenFed Financial will never request personal information from members via email or text. If you have entered account information from a link in an email or text claiming to be from GenFed Financial, call your local branch.  

If you receive a call from someone claiming to be from GenFed, (GenFed and GenFed's number may even show on your caller ID!) and you are asked for personal information, hang up and call your local branch using a phone number you know or look up.  Occasionally, GenFed may call you to ask for information to verify your identity or a transaction.  Always use caution when providing personal details to anyone that calls you.

As another step to protect yourself against fraud we suggest you complete our Cash / Wire Transfer Questionnaire before making a transaction involving another party. 

Cash/Wire Transfer Questionnaire

2/26/25 - Your Password is their Prize

In this week’s scam, cybercriminals are trying to steal your X (formerly Twitter) login information. They send you an email claiming that someone tried to log into your account from a new device, and you must log into X immediately to verify your account. In another version of this scam, you might receive a different email claiming your account violated copyright laws and that you must submit an appeal. 
Both of these emails direct you to click a link to verify your account, which takes you to what appears to be an X login or password reset page. But these pages are actually fake and controlled by cybercriminals trying to trick you into entering your user credentials. If you enter your login information, they will steal it. Then, they can access your account and use it to post links to crypto or financial scams. The cybercriminals will steal your login details and use your account to scam other X users! 
Follow these tips to avoid falling victim to a phishing scam:
•    If possible, enable two-factor authentication, or 2FA, for your online accounts. 2FA is more secure because it requires two forms of identification to log in to your account. 
•    Always hover over links in emails to see if they’re legitimate. If you must reset your password, always navigate to the official X website or mobile app. 
•    Be suspicious of any urgent requests. Cybercriminals often pressure you to act fast to trick you into falling for their scams. 

2/19/25 - Real Email, Fake Facebook

In this week’s scam, cybercriminals are trying to steal your Facebook login information. They send you an email claiming your Facebook page violates copyright laws. This scam is particularly convincing because the email you receive appears to be from a legitimate sender. The email even contains Facebook logos, although if you look closely, you’ll notice they look slightly different from the real Facebook logo. The email urges you to log in to Facebook to appeal this decision immediately, or you will lose access to your account’s features. 

You are directed to click a button in the email, which takes you to what appears to be a Facebook support page. The support page will prompt you to provide your login information to have your account “reviewed.” But your Facebook page never really violated copyright laws. The Facebook support page is actually fake and controlled by cybercriminals. If you enter your Facebook user credentials, the cybercriminals will steal them! 

Follow these tips to avoid falling victim to a Facebook phishing scam:
•    Be suspicious of unusual emails, even if they appear to be from a legitimate email address. Facebook won't send you emails threatening immediate action.
•    Log in to Facebook through its official website or mobile app to check your account’s status. Don’t click any links in an email claiming to be from Facebook. 
•    Always check logos and spelling in emails claiming to be from Facebook. In this particular scam, the emails contained fake Facebook logos, some with misspelled words. 

2/12/25 - Don't Wish for this Smish

In a recent text message phishing (smishing) scam, cybercriminals send you a text that appears to be from the U.S. Postal Service (USPS). The text says that you have a package at the post office that cannot be delivered due to an incomplete address. The message contains a PDF file and directs you to open it to complete your address. 

You are then directed to click a button in the PDF file, which takes you to what appears to be a USPS web page. The page instructs you to enter your address, personal data, and credit card number so the USPS can attempt to redeliver your package. The catch is there never was a package. The USPS page is actually fake and controlled by cybercriminals. If you enter any information here, cybercriminals will be able to steal it immediately!

Follow these tips to avoid falling victim to a smishing scam: 
•    This smishing scam claims to be from the USPS, but be wary of any unsolicited text messages from unknown numbers. If you aren’t sure if a message is legitimate, delete or report it.
•    Don't reply to unexpected text messages, even to say "STOP" or "unsubscribe." If you have any questions regarding delivery, contact your local post office directly. 
•    Never click on any attachments or links from suspicious text messages or emails. 
 

2/5/25 - A Prime Phishing Scam

Thousands of shoppers worldwide pay for an Amazon Prime membership to access special deals and fast shipping. Cybercriminals know this and attempt to use this to their advantage. In this week’s scam, you receive an email alerting you that your Prime membership will soon expire. A link in the email directs you to a PDF file. 
If you open the PDF file, you will be redirected to what looks like an Amazon login page. Even though the login page looks genuine, it’s actually fake and controlled by cybercriminals. If you enter your login information, the page asks for more sensitive data, such as your home address and credit card information. If you enter your personal information and credit card number, your Amazon Prime membership won’t be renewed. Instead, cybercriminals will have stolen your login and financial information! 
Follow these tips to avoid falling victim to an Amazon Prime phishing scam:
•    You should always be cautious when opening an attachment, especially if the email is unexpected.
•    If you’re concerned that your Amazon Prime membership has expired, go directly to Amazon’s official website or mobile app to check its status.
•    Be suspicious of emails that create a sense of urgency or request sensitive information. If you’re unsure an email is legitimate, contact Amazon directly through their official website or customer service number.
 

1/29/25 - Watch Out for Wildfire Relief Scams

In the United States, thousands of people have lost their homes in California’s recent wildfires. The fires have caused billions of dollars in damages, and cybercriminals are trying to exploit this unfortunate situation. In this week’s scam, cybercriminals contact you by email, phone, or even in person. They claim to be federal officers who can help you receive grant money to rebuild your property. 

The cybercriminals tell you that in order to receive financial aid, you have to pay them fees. Even worse, they ask for information such as your Social Security number and address so that they can steal your identity. If you pay their fees, you won’t receive any grants to repair your property. Instead, your money goes straight into the cybercriminals’ pockets, and your identity will be stolen! 

Follow these tips to avoid falling victim to a disaster-related scam: 
•    Be wary of demands for payment or cash fees. No real federal agencies will ask you for money in return for receiving a grant.
•    Check official government websites for legitimate disaster relief information. Be wary of unsolicited emails, phone calls, or door-to-door visits offering disaster relief.
•    Be cautious of requests for personal information. Real organizations won't ask for sensitive information like Social Security numbers over the phone or via email.
 

1/22/25 - Don't Pay this Paypal Invoice

Millions of people use PayPal to make secure payments online, but cybercriminals have figured out a way to use it maliciously. In this week’s scam, you receive a legitimate email from PayPal requesting that you make a payment. The email is actually from PayPal and even contains a real PayPal link. Even though the email is real, it’s part of a clever trick by cybercriminals. 

The email that is sent to your email address is also sent to an email address you do not recognize. This unrecognized email address actually belongs to the cybercriminals. If you click the link in the email, their email address will be connected to your PayPal account. Once their email address is linked to your account, the cybercriminals will have full access to your PayPal account. They will be able to view all your account details, including your user credentials and financial information!

Follow these tips to avoid falling victim to a phishing scam: 
•    While this scam targets PayPal users, never submit payments after receiving an unexpected email. Instead, navigate directly to an organization’s official website or app to submit a secure payment.
•    Check the email recipients carefully. Be suspicious of emails sent to multiple addresses, especially ones you don't recognize.
•    Remember that emails can be malicious even if the sender’s email address is from a trusted domain. Cybercriminals can gain access to trusted domains to make their scams more believable.
 

1/15/25 - Don't Let Cybercriminals Play You

Online gaming is very popular, but this new phishing scam is no game. In this week’s scam, cybercriminals target users on Discord, a popular app that sends voice, video, and text messages. In this scam, you receive a message on Discord asking you to test a new online game. The message appears to be from the game’s developer asking you to test the game, making it seem convincing. 

If you reply to the message, the cybercriminal will send you a link and a password so that you can supposedly download the game. But the link actually contains malware designed to steal your personal information. Even worse, the malware can send messages containing malicious links to everyone in your contacts list. If your contacts click the links, the malware can infect their computers, too. You won’t be able to test any new games. Instead, the cybercriminals have compromised your account and friends’ accounts!

Follow these tips to avoid falling victim to a gaming phishing scam: 
•    Be cautious when downloading software online. Only download games from official gaming websites. 
•    Never click or reply to unexpected messages, especially if they instruct you to download a file or attachment. 
•    This attack targets gamers, but remember that cybercriminals can use similar methods to trick anyone into downloading malware. 

1/8/24 - Fake Tax Forms, Real Malware

It’s tax season in many countries, and cybercriminals are trying to take advantage of this. In this week’s scam, cybercriminals are targeting Pakistani taxpayers. They are sending phishing emails containing attachments that appear to be official tax documents. The email includes an attachment that appears to be an official tax form from the Pakistani government.

Opening this fake file will install malware on your computer. The malware uses Microsoft Management Console (MSC) files, which can be used to run scheduled tasks on your computer. Because the malware uses scheduled tasks, it can stay active for a long time, even if you reboot your computer. This malware will infect your computer, gather your sensitive information, and steal your data. Your taxes won't be paid, but the cybercriminals will!

Follow these tips to avoid falling victim to a malware phishing scam: 
•    Avoid downloading attachments from unexpected emails. Only download attachments and documents from sources you trust. 
•    This attack targets Pakistani taxpayers, but remember that cybercriminals can use similar methods to target residents of any country. 
•    Always access and download tax-related forms from official financial or government websites. When in doubt, visit an official tax-related website.
 

1/1/25 - Don't be Payday Prey

You may have logged in to your online employee benefits portal to access your employment or pay information. However, if you're unsure how to access it, you may have used Google to find the correct link. In this week’s scam, cybercriminals are trying to take advantage of this by using malicious Google ads, also known as malvertising, that impersonate these portals. When you search for your organization's employee portal, these ads are among the top results.
If you click on one of the fake ads, they direct you to a fake employee portal login page. When you enter your username and password here, cybercriminals are able to steal them. They can then log in to your real employee portal and replace your banking information with their own. You won’t receive your paycheck on the next payday, but the cybercriminals will! 

Follow these tips to avoid falling victim to a malvertising scam: 
•    Anyone can buy ads on Google, including cybercriminals. Always be cautious when clicking on sponsored ads.  
•    Before you click a link, always hover your mouse over it. Watch out for spelling mistakes and suspicious URLs. 
•    If you’re not sure how to access your employee portal, ask your organization’s human resources department for the correct link. 

12/25/24 - From Jackpot to Jeopardy

If something seems too good to be true, it usually is, and this week's scam is no exception. Cybercriminals send you a message on a platform such as WhatsApp, offering you what sounds like an easy job. Supposedly, you will get paid to perform sets of easy tasks, such as liking videos or rating products online. This type of scam is known as a “task scam.”
The cybercriminals will actually pay you in cryptocurrency for completing your tasks during the early part of this scam to try to make this “job” even more convincing. However, you will eventually be asked to send them a large deposit of cryptocurrency so that you can “unlock” your next set of tasks. The cybercriminals claim you will get your money back and that they will pay you an even larger commission. If you send any money, you won’t receive anything in return. Your money will go straight into the cybercriminals’ bank accounts!
Follow these tips to avoid falling victim to a task scam: 
•    Never respond to unsolicited texts or direct messages about job opportunities. Real employers will not attempt to contact you this way. 
•    A real job opportunity won’t ask you for money to get paid. You should always be suspicious if you are asked to deposit money before you can receive your paycheck. 
•    Trust your instincts. You should always be skeptical of unsolicited job offers, especially if they seem too good to be true! 

12/18/24 - Paper Jams and Malvertising Scams

12/11/24 - Caller ID could be WRONG

A recent phising example from a GenFed employee:
Setup:  The fraudsters spoofed Chase’s phone number, so her caller ID showed “Chase Fraud Dept.” Curious about how these scams unfold, she answered the call.
Scam: They claimed there were two suspicious Zelle transactions on her account ($900 and $1,200). They said someone had recreated her phone number, downloaded the Zelle app, and made these transactions. This was the first red flag, as Zelle doesn’t allow transfers of those amounts in their app.
Details: They provided a fake case ID and transaction number and even transferred her to their “Zelle Dispute Department” complete with hold music, making the call feel legitimate.
Action: They asked her to log into Zelle and “send a code” to Zelle’s “Back Office.” The “code” was actually a phone number. That’s when she told them it sounded suspicious (“this sounds phishy”), and they hung up.
Takeaways:
•    This scam was convincing enough to potentially fool someone who is unaware of Zelle’s limits or fraud prevention tactics.
•    The fraudsters used professional-sounding language, fake hold music, and specific details to build trust.
•    The key giveaway was when they asked for action; sending a code to a phone number.

12/11/24 - Fake Firing, Real Malware

12/4/24 - Don't Fall for this Dropbox Phish

Dropbox is a popular file-sharing service many use to share photos, files, and documents. In this week’s scam, cybercriminals are using this service to try and steal your Microsoft user credentials. They use Dropbox to send you an email that appears to come from “Human Resources.” The email states that a document containing salary and health insurance information has been shared with you.

The email is a real email from Dropbox, and it contains a link that will allow you to access the document. The document also contains realistic Microsoft branding, which makes this scam particularly convincing. However, if you click the link in the document, you’ll be taken to a fake Microsoft OneDrive page. If you enter your login information here, you won’t actually be able to update your health insurance information. Instead, the cybercriminals have stolen your credentials!

Follow these tips to avoid falling victim to a phishing scam: 
•    An email could be fake even if the sender’s email address is from a trusted domain. Cybercriminals can gain access to trusted domains to make their scams more believable. When in doubt about the legitimacy of an email, follow your organization’s email reporting policy. 
•    Before you click any link, always hover your mouse over it. Watch out for suspicious URLs that can hide a website's true domain.
•    Never click a link in an email that you aren’t expecting. If you have doubts about an email your organization supposedly sent, always confirm it is legitimate before clicking any links.

11/27/24 - From Flow Charts to Phishing

You may have used Microsoft Excel, Word, and PowerPoint for work projects, but you might be less familiar with Microsoft Visio. Visio is used to make diagrams and flow charts. However, cybercriminals are using this tool to try to steal your user credentials. In this week’s scam, cybercriminals send you a phishing email that contains a link. The email appears legitimate, and it looks like a proposal or purchase order. 

If you click the link, you will be taken to a Microsoft Sharepoint page that contains a Visio file. The Visio file contains another link, and you will be instructed to press your Ctrl key and click the link. If you press this key, it will bypass security features on your computer and allow the link to direct you to a fake Microsoft login page. The cybercriminals can see any information you enter here, and they are trying to trick you into giving them your sensitive information! 

Follow these tips to avoid falling victim to a phishing scam: 
•    If you receive a suspicious email, be cautious. If you have doubts about the email’s legitimacy, follow your organization’s procedure to report it. 
•    Always be cautious when opening unexpected attachments or files, even if they appear to come from someone you might know. 
•    Always think before you click. Cyberattacks are designed to catch you off guard and trigger you to act impulsively. 
 

11/20/24 - Artificial Intelligence, Real Scam

You may be familiar with ChatGPT, an AI assistant that generates realistic conversations. It was developed by an organization called OpenAI. In this week's scam, cybercriminals could send you a phishing email that appears to be from OpenAI. The email warns that you will lose access to ChatGPT unless you update your payment method and pay a subscription fee. 

The email appears to be legitimate, and it even contains the OpenAI logo and an official support email address in the text. But like many phishing scams, the email also includes a link to a fake webpage asking for your personal data and credit card information. If you click the link and enter your information, your subscription to ChatGPT will not be renewed. Instead, the cybercriminals will have stolen your personal information and money! 

Follow these tips to avoid falling victim to a phishing scam: 
•    When you receive an email, stop and look for red flags. If you have doubts, always visit the official website to verify that the email you received is legitimate.
•    Always hover your mouse over links in emails. Watch out for spelling mistakes, unusual domains, or suspiciously long URLs that can hide a website's true domain.
•    If you receive a suspicious or unexpected email, follow your organization’s procedure for reporting it. 
 

11/13/24 - From Tickets to Email Trickery

If you recently bought a ticket to a local event, you may have used Eventbrite’s website or smartphone app. Eventbrite is an online platform that allows you to create, promote, and attend events. But cybercriminals are abusing this platform to steal your personal information and money. In this week’s scam, cybercriminals use Eventbrite to set up a fake event and then email you an invitation. 

The Eventbrite email invitation contains realistic logos and brands, and it appears to be legitimate. But if you select the link within the email, you will be taken to a fake webpage that is actually controlled by cybercriminals. The webpage will prompt you to enter personal data such as your login information, tax identification number, and even your credit card number. The cybercriminals are trying to steal your personal details and funds!

Follow these tips to avoid falling victim to a phishing scam: 
•    Be wary of emails that urge you to take quick action. Phishing emails are designed to catch you off guard and trigger you to act impulsively. 
•    Never select a link in an unexpected email. In this case, it would be best to navigate to Eventbrite’s official website or smartphone app if you have concerns about tickets you’ve purchased. 
•    If you aren’t sure if an email you received is legitimate, contact Eventbrite’s customer support directly to verify.

11/6/24 - The Fake TSA Precheck Email

Many air travelers turn to TSA PreCheck for its quickness and ease. TSA PreCheck is a US airport screening program that allows you to get through airport security with fewer steps and without waiting in long lines. But cybercriminals take advantage of this tool to trick travelers. In this scam, you receive an email that appears to come from TSA PreCheck. The email encourages you to enroll or renew your membership and provides a link to what looks like the official TSA PreCheck website.

The website promises you can skip the long security lines at the airport by paying a fee. However, this website is a fake version of the real TSA PreCheck website. If you enter any money or financial information here, the scammers will be able to see it immediately. The benefits you buy from the fake website will not work at any airport. Worst of all, the cybercriminals have stolen your sensitive information and money!

Follow these tips to avoid falling victim to a phishing scam:
•    This particular scam targets US air travelers, but remember that this type of scam can be used for other organizations as well. Always be cautious before clicking on unexpected emails.
•    Be wary of requests to pay a fee right away. Cybercriminals will try to pressure you into acting quickly.
•    When you first enroll in the actual TSA PreCheck, you pay in person, not online. Also, real Transportation Security Administration (TSA) emails never contain direct payment links. When in doubt, contact the TSA directly. 
 

10/30/24 - Beware the Fake Cashier's Check

No one is immune to being targeted by scammers, including lawyers and law firms. Lawyers often handle debt collection, and cybercriminals are seeking to take advantage of that. In this week’s scam, a law firm is contacted by someone claiming to be a client who needs assistance with collecting a debt payment. The firm works with the client to determine who owes the debt and then sends a letter requesting that the debt be paid. The person who owes the debt money immediately agrees to pay and sends what appears to be a real cashier’s check to cover the cost.

The law firm deposits the check and wires money to the client’s account. However, both the client and the person who owes the debt are scammers who are working together. The entire story about being owed a debt is a scam, and the cashier’s check is fake. The fake check doesn’t clear at the bank, and the scammers are able to escape with the law firm’s money!

Follow these tips to avoid falling victim to a cashier’s check scam:
•    Look for red flags. Always be suspicious of situations or opportunities that seem too good to be true.
•    Be extra cautious when dealing with money or other financial requests. Trust your instincts and contact your bank if you have concerns about a check or money transfer.
•    Be suspicious of requests to take action quickly. Cybercriminals pressure their victims to act quickly so they won’t be caught.

10/23/24 - Don't Let this Opportunity Knock

Cybercriminals frequently target people who are looking for opportunities. In this week’s scam, you might receive a text message or email with what looks like real job listings from a cybercriminal posing as a recruiter. The message even includes flexible hours, positions, benefits, and salary. If you reply, the cybercriminal asks you for further information, such as your pay expectations, making this scam convincing.

Then, they direct you to continue the chat through a separate app, such as WhatsApp, Skype, or Telegram. In that separate app, they ask for your personal information. They may ask for your Social Security Number, driver’s license number, or even your credit card number for application fees. The catch is that no real job recruiter will ask you to pay them a fee upfront. The cybercriminals are trying to steal your personal data and money!

Follow these tips to avoid falling victim to this employment scam: 
•    If you receive a text message from someone claiming to be a job recruiter, be cautious. Real job recruiters never reach out by text messages. 
•    Scammers will often ask you to reply to them in a separate app so that they can avoid security oversights. Always be cautious if someone asks you to respond to them using a different app or platform.
•    Cybercriminals can pose as anyone, including job recruiters. If you receive a job offer that seems too good to be true, it probably is.

10/16/24 - Don't Fall for this Blackmail Scam

Cybercriminals are always looking for ways to trick you into acting impulsively, and this scam is no exception. They obtain your personal information through data breaches and then use photos of your home accessed from Google Maps to play on your emotions. They claim that they have videos of you and other personal information that they will release if you don't pay a ransom.

In this scam, you receive an email with an attachment containing a photo of your home and your street address. The scammers claim they know where you live and that they’ve hacked into your home computer to take videos of you using its camera. Then, they threaten to release the footage if you don’t pay them with Bitcoin immediately. The photo of your home makes it seem like they could have actual videos of you, making their scam terrifying and convincing. The catch is that the cybercriminals don’t have any videos of you in your home. They are trying to scare you into giving them your money! 

Follow these tips to avoid falling victim to this blackmail scam: 
•    Never click a link or download an attachment in an unexpected email.
•    If you receive a similar email, do not respond or pay the ransom. Attacks like these are designed to catch you off guard and trigger you to act impulsively. 
•    Be careful with the personal information you share online. Cybercriminals can use this information to target you in phishing attacks.

10/9/24 - Hurricane Scams

Scammers will frequently use high-profile events, such as natural disasters, to try to trick you. In the aftermath of Hurricane Helene in the United States, scammers have wasted no time in turning this situation to their advantage. They've been using AI to generate fake images that play on your emotions, to get you to donate your money to help people who have been affected by the disaster. Recently, an image of a scared little girl holding a puppy and being evacuated from a flood area has been circulating on Facebook and other social media.

However, this image is fake. The scammers are trying to trick you into clicking a link to "donate" to a fake relief effort or to steal your personal information. In either case, their goal is to get you to act impulsively. If you donate money or enter any personal information, it will not help any victims who were impacted by the hurricane. However, it will help the scammers steal your money and your data!

Follow these tips to avoid falling victim to a hurricane scam:
•    Be wary of AI-generated images. Look for signs that an image might be fake, such as unusual details or inconsistencies.
•    Make sure that the charity you’re donating to is legitimate. Only donate through the official websites of well-known charitable organizations.
•    Don't act impulsively. Take time to research before donating or clicking on links, especially in the aftermath of a disaster.
 

10/2/24 - The Shopping List Swindle

Walmart’s Lists feature allows you to create an online shopping list and share it with others. In this week's scam, cybercriminals are using Lists and malicious Google ads to steal your personal information and money. This scam begins when you search for Walmart’s customer service page on Google. You’ll see a sponsored ad result that claims to lead to a page that provides Walmart’s customer service information. If you click it, the ad will direct you to a Walmart List page. However, instead of containing normal shopping items, the List contains a phone number that appears to be for Walmart’s customer service team.

However, both the ad and the Walmart List were created by cybercriminals. If you call the number, you’ll be connected directly to a scammer. They will ask for your personal and financial information, and then they will attempt to scare you by saying that your account was used to transfer money illegally. The scammer will then try to pressure you into transferring your money into a Bitcoin account in order to prevent additional transactions. If you do transfer the money, it will go directly to the cybercriminals! 

Follow these tips to avoid falling victim to a shopping list swindle:
•    Be wary of clicking on Google ads. Anyone can buy a sponsored ad on Google, including cybercriminals.
•    Be suspicious of anyone forcing you to act quickly. Scammers frequently attempt to trick you into acting impulsively.
•    Always think before clicking on a link or providing your personal information, even on official websites. Trust your instincts and be on the lookout for anything that seems suspicious.

9/25/24 - Watch Out for Election-Themed Scams

In this week's scam, cybercriminals are taking advantage of the upcoming United States elections to try and steal your personal information and money. The scams vary slightly and involve fake text messages, social media posts, phone calls, and more. Cybercriminals use AI to make these phishing attempts even more convincing. These scams can be easy to fall for since political candidates also use these methods to raise funds and promote their campaigns. 

In one version of this scam, you receive a text message or email with a malicious link directing you to donate to a political candidate. The link takes you to a fake webpage asking you to share your credit card number. If you donate, your money goes directly into the cybercriminals’ pockets. The cybercriminals also pretend to be campaign volunteers and send fake surveys requesting your personal and financial information. In another version of this scam, you receive a phone call asking you to update your voter information or register to vote. If you provide your voter information on the call, the cybercriminals will steal it! 

Follow these tips to avoid falling victim to an election-themed scam: 
•    Before you click a link, always hover your mouse over it. Only use secure, official websites to donate funds to candidates and register to vote. 
•    This scam concerns the US elections, but remember that cybercriminals can use these tactics during elections in any country.
•    Trust your instincts. If you receive suspicious phone calls, messages, or emails, follow your organization’s reporting policies. 
 

9/18/24 - The Mircosoft Forms Fakeout

In this week’s scam, cybercriminals are using a tool called Microsoft Forms to try and trick you into giving them your Microsoft 365 or Adobe login information. Microsoft Forms allows you to create surveys, quizzes, and other documents. Unfortunately, cybercriminals are using this tool to create forms that contain malicious links. These fake forms can easily fool you into thinking they’re official Microsoft documents because they have convincing titles and even use Microsoft icons when viewed in a web browser. 

In this scam, you receive an email instructing you to urgently change your password, read messages, or look at sensitive work documents. The email directs you to the form, prompting you to click a link. However, the link is malicious, and if you click it, you will be directed to a fake Microsoft 365 or Adobe login page. This page will prompt you to enter your sign-in details, such as your email address and password. If you enter your login credentials here, cybercriminals can steal them!

Follow these tips to avoid falling victim to a Microsoft Forms scam:
•    Be cautious whenever you receive an urgent request, such as changing your password or viewing sensitive documents. Remember that cybercriminals play on your emotions by forcing you to act quickly. 
•    Before you click a link, always hover your mouse over it. Watch out for spelling mistakes or suspiciously long URLs that can hide a website's true domain.
•    If you receive a suspected phishing email, follow your organization’s policies for reporting suspicious emails.
 

9/11/24 - Fake Funeral Livestream

Unfortunately, cybercriminals will go to great lengths to try to trick you and steal your information. In this week’s scam, cybercriminals are stealing photos and personal details of recently deceased people from social media. They use these photos and personal details to create convincing comments on Facebook. When an announcement is posted about the deceased person, the cybercriminals leave a comment. The comment says that the funeral is being streamed online and that you need to click a link to watch it.

However, the funeral service isn’t actually being streamed online. If you click the link in the comment, you’ll be taken to a fake website that’s controlled by the cybercriminals. The website includes instructions to enter your credit card information so that you can supposedly watch the funeral. If you enter any information here, the cybercriminals will be able to see it immediately. You won’t actually be able to watch the funeral service online, but the cybercriminals will be able to charge your credit card!

Follow these tips to avoid falling victim to a fake funeral scam:
•    Never donate money to an online fund unless you can verify it has been set up by an official source. 
•    If you’re experiencing a major loss, set your social media websites to private before posting details about the deceased person. This will make it more difficult for cybercriminals to steal personal photos and information.
•    Always use caution when entering financial information online. Make sure that the website you're visiting is legitimate. 
 

9/4/24 - Don't be Fooled by Fake Phone Numbers

In this week’s scam, cybercriminals are using Google search results to try to trick you into calling a phone number that they control. If you search for an organization on Google, scammers can manipulate the search results to display a fake phone number for the organization. Don't take a chance of losing your investments on a risky phone call. 

If you search on Google and call the fake number from one of these manipulated search results, you will be connected to a scammer. They will attempt to trick you out of your money by saying that your account needs updates or you need to transfer funds. They may ask you for your login information so that they can access your account. Once they gain access to your account, they can quickly transfer your funds to accounts that they control. This is one investment that you don’t want to risk!

Follow these tips to avoid falling victim to a phone number scam:
•    Confirm that you are on the organization’s official website if you are going to buy one of their products or use one of their services.
•    Double-check that the listed phone number is the same one on the organization’s official website. 
•    Report any fake listings, ads, or any other type of disinformation through Google’s Report services. 
 

8/28/24 - Beware of the Celebrity Cash Grab

In a recent scam, cybercriminals posted a fake video of Elon Musk on YouTube, trying to trick you into handing over your money. Cybercriminals often use AI to impersonate celebrities so that they can spread misinformation or trick people into falling for their scams. This particular scam attempts to trick you into depositing your cryptocurrency into an online account.  

In this scam, the cybercriminals used AI to create a fake video that looks and sounds like the real Elon Musk. The video contains a QR code, and the AI-generated Musk urges you to scan it. If you follow the instructions to scan the code, you will be directed to deposit money into an account with the promise of receiving a larger return for your investment. The catch is there is no return on your investment. Your funds are deposited right into the scammers’ pockets! 

Follow these tips to avoid falling victim to an AI video scam:
•    Be wary of any social media content that uses endorsements from celebrities, because celebrities can be impersonated online.
•    Be cautious whenever you are prompted to enter financial information online. Only use official financial websites. 
•    No legitimate financial institution will guarantee a large return on a small investment. If the opportunity seems too good to be true, it usually is. 
 

8/21/24 - You Don't Want to Win this Phishing Prize

When it comes to staying safe online, it usually helps to remember an old rule: “If it seems too good to be true, it usually is.” In this week’s scam, cybercriminals are trying to trick you into forgetting this simple rule by sending you phishing emails. The phishing emails say that you have an opportunity to win a prize, usually from a major organization or brand, such as Marriott, Costco, Lowes, and more. 

The emails vary slightly in their content, but they all offer you the opportunity to win a prize by simply clicking a button and providing some personal information. However, the emails were sent by cybercriminals. If you click the link, you will be directed to a webpage that they control. If you enter any personal or financial information here, the cybercriminals will be able to see it immediately. You won’t win any prize from clicking the links, but the cybercriminals will. They’ll be able to steal your data! 

Follow these tips to avoid falling victim to a phishing scam:
•    Major companies don’t usually give things away for free. Be very cautious of any unsolicited emails that offer something at no cost.
•    Be very cautious when entering personal or financial information, especially after clicking a link in an email. If you need to enter your information online, make sure that you are on the organization’s official webpage.
•    Look for signs of a phishing email. Most will contain a call to action, such as clicking a link in order to win a prize. If you aren’t sure about the legitimacy of an email, follow your organization’s policy for reporting suspicious emails.
 

8/14/24 - Pastejack Attack

In this week’s scam, cybercriminals are trying to trick you into running malicious code using PowerShell, a powerful tool for executing commands on your computer. This technique is known as “pastejacking”, which involves copying and pasting malicious code into your computer and then allowing it to run.

This scam begins when you receive what appears to be an urgent email that contains an attachment. If you try to open the attachment, an error will display that says, “Failed to connect to the ‘OneDrive’ cloud service, to fix the error you need to update the DNS cache manually.” The message also provides a few lines of code and instructions on how to copy and paste it into a Windows PowerShell Terminal. The message urges you to take action, which is exactly what scammers want. If you follow their instructions, you will run a malicious command on your machine. The code will install malware, giving the scammers access to your personal data.
  Follow these tips to avoid falling victim to pastejacking:
•    You will never receive a legitimate email that tells you to open an attachment using PowerShell. If you receive an email instructing you to use PowerShell, immediately report it to your IT team.
•    Be cautious of any emails that prompt you to take urgent action. Creating a sense of urgency is a common technique that scammers use to trick you.
•    If you are unsure about the legitimacy of an email or attachment, contact your organization’s IT or security team for further instructions.
 

7/31/24 - CrowdStrike Outage Phishing Scams

Recently, a mass IT outage caused confusion and chaos. A buggy software update deployed by the cybersecurity company CrowdStrike impacted Windows computers worldwide. Systems were affected globally, resulting in delayed flights, business closures, and more. However, what may be bad news for you could be good news for cybercriminals. Cybercriminals often seek to turn major events to their advantage by sending out phishing emails or text messages related to the event. By using a major event that you are familiar with, they hope that they can trick you into clicking on malicious links or attachments. 

Shortly after the outage, cybercriminals began creating fake websites. The websites claim to belong to IT workers who can assist with troubleshooting the outage and restoring access to affected computers. There are files on the fake websites that appear to be software updates for Windows computers. However, these files actually contain malware. If you download them, malicious software can be installed on your computer, giving cybercriminals access to your personal data! 

Follow these tips to avoid falling victim to any CrowdStrike-related scams: 
•    This specific scam involves fake websites, but remember that cybercriminals will exploit this event in different ways. Be on the lookout for any suspicious activity related to the CrowdStrike outage. 
•    Don’t download any files or attachments from websites or emails. Any troubleshooting related to the CrowdStrike outage should be addressed by your organization’s IT team. 
•    Be cautious of unexpected calls, emails, or text messages that seem urgent to respond to. Cybercriminals will try to use this outage to trick you into acting impulsively. 

8/7/24 - These Travel Offers are too Good to be True

In this week’s scam, cybercriminals are taking advantage of travelers and tourists by sending out fake emails. The emails appear to be from legitimate airlines, hotels, and other travel-related organizations. However, the emails are actually a clever trick that scammers use to steal your money and personal information.
The email you receive could appear to be from any travel organization, and they usually offer a chance to win a prize or a travel package. Or the email may sound urgent, such as claiming that you need to resolve an issue with your Airbnb or hotel account. If you click the link in one of these emails, you will be taken to a fake website and instructed to enter your personal information or user credentials. Anything you enter on these fake websites is transmitted directly to the cybercriminals. You do not win a prize for following the instructions in the emails, but the cybercriminals do. They get your data!

Follow these tips to avoid falling victim to travel scams:
•    Be skeptical of email offers that sound too good to be true. 
•    Unsolicited emails that instruct you to take an urgent action should be treated very cautiously. Cybercriminals often try to create a sense of urgency to trick you into falling for their scams.
•    Legitimate travel organizations will not ask you to provide sensitive or personal information through email. Always make sure that you are using the organization’s official webpage before entering any information or user credentials. 
 

 

7/24/24 - Don't Medal with Olympic Scams

With the Paris Olympics beginning this week, be on the lookout for phishing emails and text messages pointing you to fake Olympics-branded websites or offering discounted merchandise or tickets. Cybercriminals will take advantage of all the excitement around the Olympics to try to steal your personal information or money.

Billions of cyberattacks were launched during the Tokyo 2020 Olympics, and this year’s event is proving to be just as popular. Online criminal activity has already increased, with fake Olympics tickets being advertised, counterfeit Olympics-branded websites appearing, and stolen personal information being sold online. If you are traveling to Paris to view the Olympic Games, you should also be aware of increased cybersecurity risks in the city - public Wi-Fi networks can be hacked to steal your personal data!

Follow these tips to avoid falling victim to any Olympics-related scams:
•    Be cautious of unsolicited emails or messages about tickets or deals. If something seems too good to be true, it probably is.
•    Only purchase tickets or souvenirs from official websites or vendors.
•    If you are traveling to the event, avoid using public Wi-Fi networks or hotspots. These networks can be compromised by cybercriminals.

7/17/24 - These Prime Deals are Too Good to be Real

Amazon Prime Day is this week, and there are plenty of deals for you to take advantage of. However, cybercriminals are also looking to turn these deals to their advantage. In this particular scam, cybercriminals have created fake websites that look very similar to the real Amazon website. Then, they send you phishing emails and text messages that contain links to the fake websites they created.

The phishing emails and messages will sound alarming to try to trick you into clicking impulsively. They may say that there’s an urgent problem, that your account has been suspended, or that your payment details need to be updated. They will usually threaten to delete your account if the problem isn’t addressed soon. If you click the link in the email or message, you’ll be directed to a fake website. If you enter your login credentials or payment information, that data will be sent directly to the cybercriminals.
 
Follow these tips to avoid falling victim to an Amazon Prime Day scam:
•    Check the URL of a website very carefully before entering any information. The URL may look very similar to the legitimate Amazon web page but will have subtle differences.
•    Be cautious of unexpected emails or text messages, especially if they instruct you to click a link. If you suspect that there may be a problem with your Amazon account, it’s safer to navigate directly to Amazon’s website instead.
•    If a deal seems too good to be true, it probably is. Be very skeptical of unrealistic deals and suspicious offers.
 

7/10/24 - Healthcare Hijinks

In this week’s scam, cybercriminals are tricking healthcare workers into stealing their user credentials. Then, they use those credentials to redirect money from medical insurance payments into their own bank accounts. Healthcare organizations are frequent targets for cybercriminals because they have access to large amounts of data and personal information.

In some cases, the hackers gain access to a user’s email account by stealing their credentials through phishing emails. At other times, they call the organization’s IT help desk and use social engineering to pretend to be an employee who needs help with accessing their account. Then, they can reset the password and gain access to an organization’s financial systems. Once they have accessed the systems, they can reroute insurance payments into their own bank accounts. 
 
Follow these tips to avoid falling victim to a social engineering scam:
•    Enable multi-factor authentication (MFA) for your accounts. This extra layer of security will make your accounts more difficult to access if your user credentials are stolen.
•    Be cautious of unexpected emails. Do not click on links or provide personal information without verifying that the email is legitimate.
•    This particular scam targets the healthcare industry, but remember that similar tactics could be used to target any organization. Any unexpected phone calls or emails should be treated with caution.
 

7/3/24 - Android Malware Apps

You may not think too much about downloading an app onto your phone. Apps are widely available and can make navigating a website from your phone much easier. However, many people may not realize that they can also be used by cybercriminals to steal your information. In this week’s scam, cybercriminals are targeting Android devices with malicious apps. The apps include a fake Google Chrome app and a fake sports streaming app called 4K Sports.

If you download these apps, malware will be installed on your phone. Cybercriminals design this malware to allow them to access your phone without you knowing about it. This malware can record what you type into your phone or allow cybercriminals to control your phone remotely. It can even access your phone contacts and send them text messages. The texts contain links to web pages with malicious apps available for download, allowing the malware to continue to spread. 

 
Follow these tips to avoid falling victim to a malicious app scam:
•    Only download apps from official and trusted sources like the Google Play Store or the Apple App Store. Avoid downloading apps from third-party websites or links sent via text or email.
•    Read reviews and do research before downloading any app, especially lesser-known ones.
•    Don't click on suspicious links in unexpected text messages or emails, even if they appear to come from someone you know.

6/26/24 - School Board Election Phishing

No one is immune to being targeted by phishing attacks. In this week’s scam, cybercriminals targeted candidates in a local election. During any election season, many candidates post information about themselves online or on social media sites. Scammers can use this information to craft targeted attacks on the candidates. In the specific attacks mentioned below, the scammers pretended to be another election candidate. This type of attack is known as Business Email Compromise (BEC).

In one of the attacks, the scammers emailed an election candidate. In the email, they impersonated someone else who was also running for election. The scammers explained that they needed the victim to purchase $500 in Apple gift cards and send them via email. When this didn’t work, the scammers later sent a separate email that appeared to come from DocuSign. This email contained an attachment that directed the victim to a fake login screen that prompted them to enter their user credentials in order to continue. If the victim had fallen for either of these scams, the scammers would have been able to steal both money and login credentials from the victim.
 
Follow these tips to avoid falling victim to a BEC scam:
•    Be wary of any unsolicited emails or calls asking you to buy gift cards or transfer money, even if they appear to be from someone you know. Verify the request through another channel before acting.
•    Be extra vigilant during high-profile events like elections when scammers may increase phishing attempts.
•    Remember, the information that you post online is publicly available for anyone to see. Scammers can use this information to target you with more realistic phishing attacks.

6/20/24 - Malware Spreadsheet Spread

Scammers always look for ways to get you to make impulsive decisions. They usually scare or alarm you so that you react without thinking. In this week’s scam, cybercriminals send you an email with many urgent-sounding words that are designed to grab your attention immediately. The email looks like a payment invoice and contains an Excel attachment. It mentions that the attached forms need to be processed “as soon as possible” and that “penalties” will result from any payment delays.

If you open the attached Excel file, you’ll be presented with a pop-up window that instructs you to “Enable Editing” by clicking a button. If you click the button, the malware will begin installing on your computer. This particular malware is highly advanced. Once installed on your computer, it can steal user credentials and other personal information. The malware is designed to avoid being detected by your antivirus software. Once it has made its way onto your computer, it is very difficult to remove it.
 
Follow these tips to avoid falling victim to a malware phishing scam:
•    Be cautious of emails that create a sense of urgency or fear. Phrases like "as soon as possible," "penalties," and other alarming language are common tactics used by scammers.
•    Never select “Enable Editing” or “Enable Content” on attachments from untrusted or unexpected sources. Selecting either of these options is a common way for malware to be installed.
•    Verify the legitimacy of any invoice or payment request by directly contacting the company using known contact information.
 

6/13/24 - Be on Patrol for these Fake Calls

In this week’s scam, cybercriminals are impersonating U.S. Customs and Border Protection (CBP) agents. The scammers call you and claim that CBP has intercepted drugs or money shipments that are addressed to you. They insist that you must confirm personal details to help them resolve the case. If you refuse to cooperate, the scammers threaten to send police to arrest you. 

To seem more credible, the scammers may provide actual CBP employee names and numbers that they find online, as well as fake case and badge numbers. In some cases, there is a recorded message that says to press a number to speak to a "CBP officer" about an intercepted shipment. The real CBP stresses that these calls are complete scams and that the agency never requests money or personal information like Social Security numbers over the phone. 
 
Follow these tips to avoid falling victim to a Border Patrol phone scam:
•    The CBP will not call you to request money or financial information. If you receive a call asking you to share personal information, it’s best to hang up and contact the government agency directly at a verified number.
•    This particular phone scam impersonates the CBP, but remember that scammers could call you and impersonate any government entity.
•    Scammers rely on scaring you into making an impulsive decision. If you receive an unexpected phone call urging you to take action, be extra cautious. It could be a scam.
 

6/5/24 - Malware Office Suite

“You get what you pay for,” and this week’s scam is no exception. Cybercriminals are distributing a “free” pirated version of Microsoft Office across torrenting websites. The catch is that it’s actually malware. If you download and install it, the malware can begin harvesting your personal data.

If you download the malicious Microsoft Office file, the installation process appears to be legitimate. The installer looks professional and even allows you to select the version of Microsoft Office you would like to install. However, if you run the file, malware will install on your computer. The malware is designed to avoid detection from most antivirus systems. Even if your antivirus software scans and removes it, this particular malware can re-install itself afterward. This “free” version of Microsoft may actually cost you something after all - your personal data!
 
Follow these tips to avoid falling victim to a malware scam:
•    Never download software from unofficial sources. A pirated version of the software isn’t an official release, and it may contain malware. 
•    If something is too good to be true, it probably is. Microsoft Office is a software that you would normally pay for, and a free version isn’t likely to be legitimate.
•    Be sure to follow your organization’s instructions regarding antivirus software and data backups. Having updated software and data backups can help to protect your machine from a malware infection.
 

5/29/24 - These Banking Emails are Counterfeit

In this week’s scam, cybercriminals are sending out phishing emails that claim to be from many different banking organizations. By impersonating different banks, the cybercriminals hope to trick even more people into clicking on malicious links. The emails all have different images and text, depending on which bank the cybercriminals are impersonating. However, all the emails claim that you need to take urgent action and download an attachment.

No matter which email you receive, there will be a link to an attachment. If you click the link, the attachment will download and display a clickable image of a PDF logo. If you click the image, malware will begin installing on your device. This malware can then gather personal data and financial information and even steal email addresses from your email inbox. The malware can then send similar phishing emails to all of your email contacts! 
 
Follow these tips to avoid falling victim to a malware scam:
•    Scammers rely on creating a sense of urgency to trick you into clicking on links. If you receive an unexpected email, always stop and think before you click.  
•    In this situation, the email claims to be from your bank. Instead of clicking on a link in the email, you should contact your bank directly to verify if action is needed.
•    Be sure to follow your organization’s instructions regarding security updates and antivirus software. By keeping your software up to date, you can help protect your device from a malware infection.
 

 

5/22/24 - Don't be Fooled by Spear Phishing

In this week’s scam, cybercriminals are trying to scam you by sending you text messages from an unknown number claiming to be from your boss. The texts contain a lot of detailed information about your workplace, making them seem legitimate. They seem legitimate because the scammers research your organization and manager before texting you. They use the information they find in their research to try and trick you into believing that you are actually speaking with your manager. This scam is a type of personalized phishing attack known as spear phishing.

The scammers send casual messages about your organization to put you at ease before moving to what they really want—money. They tell you that they have a business expense that they urgently need to pay for. Then, they ask you to send them money using a cryptocurrency such as Bitcoin. If you send it to them, the money will go directly to the cybercriminals. You may then need to speak to your real manager to explain what happened!
 
Follow these tips to avoid falling victim to a spear phishing scam:
•    Be skeptical if you receive a message from an unknown number, especially if you are being asked to act urgently.  
•    Any unexpected financial request should be treated very cautiously. It is highly unlikely that your actual manager would ask for you to send them money using cryptocurrency.
•    If you receive an unusual message, follow your organization’s reporting policy. Others in your organization may be receiving similar messages. By reporting the message quickly, you can help prevent other attacks from being successful.
 

5/15/24 - Government Phishing

Cybercriminals like to manipulate people into acting on impulse because anyone can fall for this trick, even government officials. In this week’s scam, a Russian hacking group is targeting members of the Polish government with an enticing phishing email. The email contains a link that claims to provide information about a mysterious person who has been in contact with Polish government authorities.

If you click it, the link redirects you through multiple websites before reaching an archive of .zip files. This archive contains a malicious file that is disguised as a photograph. If you open the file, a distracting image is displayed while the malicious software secretly downloads onto your device. Once installed, the malware can collect your sensitive data and send it back to the hackers.
 
Follow these tips to avoid falling victim to similar scams:
•    Avoid clicking on links in emails, especially if the email is not expected. 
•    Phishing emails may contain alarming or sensitive topics to try and trick you into clicking on a link. Always be mindful any time an email is encouraging you to take action.
•    If an email seems suspicious, always follow your organization’s reporting policy. An email that is reported quickly can help to protect your organization from a larger phishing attack.
 

5/8/24 - Mystery Box Mayhem

If something seems too good to be true, it usually is, and this recent phishing scam is no exception. This week, cybercriminals are sending an email that appears to come from the online retailer Shein. The sender’s email address isn’t from a Shein domain, and the email does not contain any official logos or branding. However, the email claims that you have won a Shein Mystery Box and encourages you to click a link to claim your prize.

If you click the link, you’ll be taken to a website with a URL different from the official Shein website. You’ll be instructed to enter your personal information there so that you can receive the mystery box. Of course, this is a fake website that is controlled by cybercriminals. If you enter your information here, they will be able to steal it immediately.
 
Follow these tips to avoid falling victim to a phishing scam:
•    Check other sources to verify the legitimacy of an email. In this case, the email claims that Shein is giving away a mystery box. If this were a real giveaway, Shein’s official web page would contain more information. 
•    Hover your mouse over the link in the email. This action will allow you to see the webpage URL where the link will direct you. In this case, the website URL is not connected to Shein.
•    Pay close attention to the sender and body of the email. This phishing email sender doesn’t appear to be related to Shein. The body of the email doesn’t contain logos or branding, meaning that it is unlikely to be an official email.
 

 

5/1/24 - Fake Login Fiasco

Scammers frequently try to trick you into clicking on malicious links in emails by making them appear legitimate. In a recent scam, they are trying to trick you with an email that appears to be related to your Microsoft account security. The email says that there has been some unusual activity on your account and that many of your account’s features have been locked. There is a link in the email, along with instructions to click it so that you can review all activity on your account.

If you click the link, you’ll be taken to what appears to be a Microsoft login page. However, the login page is actually fake, and you won’t be taken to your Microsoft account if you enter your login information here. Instead, entering your user credentials on this page will allow cybercriminals to steal them. Once they have your username and password, they can use them to access your account and steal your personal information.
 
Follow these tips to avoid falling victim to a phishing scam:
•    Scammers will often try to scare you into acting impulsively. Always stop and think before clicking, especially if an email is instructing you to act quickly.
•    Pay attention to the details of the email. Phishing emails will often contain spelling and grammatical errors, or the wording of the email may seem unusual.
•    Navigate to the official website in your browser whenever possible. Clicking a link in an email may direct you to a fake or malicious website.
 

4/24/24 - Cheaters Never Win

Cybercriminals often find creative ways to spread malware, and this recent scam is no exception. They are posting malicious links in the comment sections of video gaming websites and forums. If you click on one of the links, it will download a .zip file for a program called Cheat Lab. The software is enticing to gamers since it claims to help them cheat at their favorite games. The software doesn’t actually help players cheat, but it does help cybercriminals gain access to your personal data.

At first glance, Cheat Lab appears to be a legitimate program and even has an activation code. If you install it, there is a message with an offer to receive a free version of the software if you send it to your friends. However, the program is actually malware. Once you have installed it, cybercriminals will gain access to your sensitive information. Even worse, if you follow the instructions in the message and send it to all your friends, cybercriminals might also gain access to your friends’ data! 
 
Follow these tips to avoid falling victim to a malware scam:
•    Be skeptical of offers and deals. If you find a link for a free product that seems too good to be true, it probably is.
•    When downloading software, be mindful of the source. Legitimate companies do not distribute their software by posting links in comments. You should only download software from a trusted company or source. 
•    This scam targets gamers, but similar tactics could be used against anyone. Always stop and think before clicking on a link.
 

4/17/24 - Toolway Turmoil

Scams that occur over text messaging are called smishing scams. This week, cybercriminals are using smishing to target motorists. They send a fake text message claiming that you have a toll due for driving on the Pennsylvania Turnpike. The toll is not for a large amount, but the message says that if it isn’t paid immediately, you will be charged additional late payment fees. 

There is a link in the text message, and you are instructed to tap the link in order to settle your balance. However, the text message is actually from cybercriminals, and if you tap the link, it could take you to a fake payment website. Cybercriminals use fake websites to steal your login credentials, take your money, and install malware on your phone. Always stop and think before you click! 
 
Follow these tips to avoid falling victim to a smishing scam:
•    Be cautious when making a payment after receiving a text message. You should always visit the official website of the organization to make a payment instead of clicking the link in the message.
•    Always stop and question if a message is expected prior to taking action. If you have not recently driven on the tollway,  receiving a message regarding paying a toll would be very suspicious. 
•    This smishing scam targets drivers on the Pennsylvania Turnpike. But this sort of scam could target tollways in any location.
 

4/10/24 - Unsecured Security App

In this week’s scam, cybercriminals are spreading malware by using a fake security app. They send you a text message that says a large financial transaction has just occurred using your bank account. It instructs you to call a phone number if you have not authorized the transaction. Of course, the transaction never occurred, and the cybercriminals are trying to scare you into acting impulsively.

If you dial the number, you’ll be connected to a cybercriminal who will instruct you to download a security app. The app is disguised as an official McAfee Security product and is designed to take control of your device. If you install it, cybercriminals will use it to steal your data, and they will have complete control of your phone. Once they have control of your phone, they can install other malware and access your personal information.
 
Follow these tips to avoid falling victim to a fake app scam:
•    Only download apps from an official source, such as the Google Play Store or the Apple Store. Apps available on official platforms are tested for security and are far less likely to be malicious.
•    If you receive an unexpected text message regarding a large transaction, contact your bank directly using the information provided on their official website. Do not communicate using the information provided in the text message. 
•    Always stop and think before taking action. Scammers use scare tactics to create a sense of urgency to get you to act without thinking.
 

4/3/24 - Suspicious Smishes

Cybercriminals often use text messages to try and trick you into clicking on malicious links, a method known as “Smishing.” In a recent scam, they send a fake text message that says a package is unable to be delivered to you. The text contains a link, but it may not be clickable. There is a security feature on many smartphones that automatically disables links in unexpected messages. So, the cybercriminals will instruct you on how to bypass the feature. The message says to copy and paste the link into your browser to open it. There is a sense of urgency to the message. It says that you must use the link to confirm your delivery information in 12 hours in order to receive your package.

If you follow the instructions and open the link, you will be taken to a web page that appears to belong to the package carrier. You will be asked to enter your personal or financial information on the website. However, the website is fake, so entering your personal details will allow cybercriminals to steal this information. 
 
Follow these tips to avoid falling victim to a smishing scam:
•    In this case, the instructions ask you to paste the link into your browser in order to open it. Be aware of unusual instructions in a text message. The message also instructs you to take action quickly. Cybercriminals frequently use this technique to try and trick you into acting impulsively.
•    It is suspicious to receive a text message for a package delivery if you are not expecting a package. Always ask yourself if the message is expected. 
•    Do not tap on links in an unexpected message. It’s always safer to navigate to the official website in your web browser. 
 

3/27/24 - Fake Financial File Phishing

In a recent phishing email scam, cybercriminals use vague financial terms that attempt to make you curious enough to click the attachment in the email. The subject of the email is “Remittance Summary,” and the malicious attachment is named “Payment Advice.” The body of the email only says, “Find attached payment advice for remittance.. Kindly revert.” The sender of the email appears to be legitimate, but it is actually sent from a fake sender address. If you download the PDF file, the malware will begin installing on your computer.

The attached malware is designed to gather sensitive information from your device. It can find personal data stored in your web browser, such as login credentials. It can also install a keylogger, which is a type of malware that records every key pressed on your keyboard. Whenever you enter your username and password, the keylogger can record exactly what you’ve typed and send it directly to the cybercriminals.  
 
Follow these tips to avoid falling victim to a financial phishing scam:
•    Be skeptical. If an email looks suspicious or contains unusual grammatical errors, immediately report it to your organization.
•    Check the email address carefully. Cybercriminals will often use email addresses that appear very similar to legitimate senders.
•    Never download unexpected attachments. If you’re not expecting an attachment or the email is from someone that you don’t know, don’t open it.
 

3/20/24 - Leave a Message After the Phish

It’s no secret that cybercriminals are using AI technology to craft phishing emails, but did you know AI can also help them with voice phishing (vishing)? It’s surprisingly easy to teach AI software to sound like a specific person. All they need to recreate your voice is a short audio clip, like one from a recorded phone call or a video posted to social media. Once the cybercriminals have your voice, they can easily target friends, family members, and coworkers with AI-powered vishing.

Cybercriminals often use this tactic to impersonate managers and executives of an organization. In this scam, you receive an unexpected call from upper management asking you to help with an urgent project. The voice will direct you to wire money to a vendor in order to meet a looming deadline. Of course, if you follow their directions, you’ll actually be wiring money to the cybercriminals instead. 
 
Follow these tips to stay safe from AI-powered vishing attacks:
•    When you receive an unexpected message, contact the person using a reliable source. You can use a phone number you have on file, an official email address, or a messaging system like Teams or Slack.
•    If you’re speaking to the caller directly, ask questions that would be difficult for an imposter to answer correctly.
•    Even if the request is urgent, stop and think before you take action. Ask yourself questions like: Is this something in my job description? Or is there a procedure this person should follow?

3/13/24 - Invitation to a Malware Party

Cybercriminals recently targeted European diplomats by impersonating representatives for the ambassador of India. They each received a fake invitation to an exclusive wine-tasting party. But, the invitation was actually a trick to install malware onto their devices. This type of scam could be used to target anyone, so let’s take a closer look at how it worked.

The scam starts with a simple phishing email that includes an attached PDF file. The PDF file is a convincing invitation to a party, complete with official-looking letterhead and contact information. The invitation asks you to complete a questionnaire in order to reserve your spot. If you click the questionnaire link, you are redirected to a website that automatically downloads malware onto your device. Once installed, the malware hides on your device and sends data back to the cybercriminals. 
 
Follow the tips below to stay safe from similar scams:
•    Be cautious of unexpected and exciting opportunities. Remember, if something seems too good to be true, it probably is!
•    When you receive an email or invitation, stop and look for red flags. Consider the timing of the invitation and look for any spelling or grammatical errors.
•    Never click a link or download an attachment in an email that you weren’t expecting. 
 

3/6/24 - Tax Attacks

Millions of people around the world are paying their taxes this time of year, and cybercriminals are hoping to get paid, too. In this week’s scam, they’re taking advantage of tax season by trying to trick you into opening an email and downloading a malicious PDF attachment. The email they send looks like a government form and includes a link to download the PDF attachment. The scammers even include helpful instructions for pasting the web page URL into your browser in case the link isn’t working.

Clicking the link will redirect you to a fake webpage and initiate a file download. Malware is installed on your computer once the file downloads. Remember, cybercriminals don’t only want your money—they also want your data! And they can use this malware to steal your user credentials and other personal data. 
  
Follow these tips to avoid falling victim to a tax scam:
•    The latest software versions for devices often contain security updates. Make sure that your devices are running the latest software updates recommended by your IT team.
•    Follow your organization’s instructions for reporting any suspicious emails that you receive. Quickly reporting suspicious emails can help keep your organization safe!
•    Be skeptical of unsolicited emails from the government or other financial entities. Always double-check with the organization that sent the form if you have doubts about its authenticity.
 

2/28/24 - Phony Utility Ads

Search engines, like Google, are so popular that many people use the search feature instead of typing a URL. For instance, people may quickly search for their electricity provider's name to find the online payment portal. And for this week's scam, that's exactly what cybercriminals want you to do. This scam tries to trick you into clicking on a fake ad instead of the billing portal that you’re trying to find. The scammers purchase a variety of fake utility payment advertisements, and you see those ads during your searches. They know that they can trick you more easily if you contact them instead of them reaching out to you.

If you click on one of these ads, you will be prompted to dial a phone number. Dialing the number puts you directly in contact with a scammer. They may try to scare you by saying your bill must be paid immediately. Or they may tempt you with an offer to help you save money—but only if you act now. Neither the advertisement nor the person you are talking to is legitimate. Paying them won’t help with your utility bills, but the scammer might use you to help pay their own bills!
  
Follow these tips to avoid falling victim to a utility bill scam:
•    Remember, anyone can purchase an advertisement. Be cautious when clicking on ads, even if they seem relevant to you.
•    Scammers often ask you to make payments using unusual methods, such as gift cards or money transfers. If something seems strange about a financial transaction, stop immediately!
•    If an offer seems too good to be true, it probably is. Always stop and think before taking action.
 

2/21/24 - Remote Desktop Robbery

In this recent scam, cybercriminals are trying to trick you into downloading software that they can use to access your computer. They start by sending you a fake email that appears to come from your bank. The email says that there is an issue with your account and that their team needs to investigate. Of course, there isn’t actually an issue, but the scammer offers to help you fix it.

Scammers often use fake emails to trick you into downloading malicious files. But in this scam, they have you download legitimate remote desktop software that is normally used by IT professionals to assist you. In this case, even though the software you downloaded is legitimate, the person who is asking you to install it is a scammer. If you allow them to access your desktop, they have full control of your computer. Then they can request passwords or other login information from you to gain access to your financial accounts and data.
  
Follow these tips to avoid falling victim to a remote desktop scam:
•    Be suspicious of any unexpected emails claiming that there is an issue with your account. If you have reason to believe the request is genuine, contact your bank using a verified number or email address.
•    Never give control of your computer to someone who contacts you, even if they claim to be from your bank or tech support.
•    Never share passwords or login information with anyone. This data is personal, and your bank will never ask you for it.
 

2/14/24 - Deepfake Deception

AI scams are becoming more frequent, and they’re also becoming more sophisticated. In a recent scam, cybercriminals demonstrated just how convincing AI fraud can be by faking an entire video call. In fact, the scammers were able to steal over 200 million Hong Kong dollars by emailing an employee and pretending to be their organization’s Chief Financial Officer (CFO).

The fake CFO asked the employee to make a secret financial transaction. He initially dismissed the email as a phishing attempt. But later, he was lured into attending what he believed was a video meeting with the organization’s CFO and other employees. The meeting attendees looked and sounded exactly like coworkers that the employee recognized, but they were all deepfakes. The scammers used AI technology to create believable video and audio of the CFO. After the meeting, the employee was convinced that the financial request was genuine and he sent the payment as requested. 

As AI scams continue to become more realistic, it’s more important than ever to learn how to spot them! Follow these tips to avoid falling victim to an AI scam:
•    Always be wary of requests that are being sent in an unusual way. Receiving a secret financial transfer request, even from a CFO, isn’t likely genuine!
•    Trust your instincts. 
•    Cybercriminals typically try to get you to act impulsively. Always stop and think before taking action.
 

2/7/24 - Microsoft Teams Chat Attach

As people become more aware of phishing emails, cybercriminals are forced to turn to alternative platforms to trick their victims. For example, many organizations use Microsoft Teams as a messaging and communication platform. But did you know that it can also be used for phishing attacks?

Microsoft Teams allows users who are not part of your organization to message you. Cybercriminals recently exploited this feature to send phishing messages to Microsoft Teams users. The message includes a malicious file disguised as a PDF attachment. The scammers make the file look like a PDF file to trick you into thinking that you are downloading a normal attachment, but it’s really an installer file in disguise. The file actually contains malware that is installed once the file is downloaded.
  
As cybercriminals continue to find new attack methods, it’s more important than ever to remain alert! Follow these tips to avoid falling victim to a Microsoft Teams phishing attack:
•    Be suspicious of unexpected messages, even if they appear to come from a trusted source, such as Microsoft Teams. When in doubt, always attempt to verify the authenticity of the person who sent you the message!
•    File names aren’t always what they seem. Always be sure that an attachment is legitimate before you click on it!
•    Remember, this type of phishing attack isn’t exclusive to Microsoft Teams. Scammers could use this type of attack on any messaging platform.
 

1/31/24 - I Can't Believe my Credentials are Gone

This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.

Scammers use compromised Facebook accounts to post these “I can’t believe he is gone” phishing links. The posts appear to come from your friends and family, which makes this phishing attack very convincing. If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family. 

Follow these tips to avoid falling victim to a Facebook phishing attack:
•    When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
•    A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
•    Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.
 

1/24/24 - This Fake App Takes the Cake

This recent scam is impressively complex. The cybercriminals start by impersonating law enforcement officers. They contact you, claiming that your bank account may have been involved in financial fraud. You’re then asked to download a mobile app to help them investigate further. If you download the app, the cybercriminal walks you through the steps to set this scam in motion. 

First, you are given a case number. When you search for that number in the app, you’ll find legal-looking documents with your name on them. These documents make the scam feel more legitimate. Once your guard is down, the app asks you to select your bank from a list and then enter your account number and other personal information.

The most clever part of this scam is what the app does in the background. When you first install the app, it blocks all incoming calls and text messages. That way, you won’t be alerted if your bank attempts to contact you about unusual behavior on your account. If all goes as planned, the cybercriminals will steal your money and sensitive information before you know what happened. 

No matter how advanced the app is, you can stay safe from scams like this by following the tips below.
•    Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites—including cybercriminals.
•    Be cautious of scare tactics that play with your emotions. Cyberattacks are designed to catch you off guard and trigger you to reveal sensitive information.
•    If you’re contacted by someone claiming to be in a position of authority, like law enforcement, ask them to confirm their identity. Real officials will understand your concerns and can provide information that doesn’t require you to download an app.
 

1/17/24 - These Crypto Ads are a Real Drain

Have you seen online ads stating you can make tons of money with cryptocurrency? Be careful –many of these ads are scams. Social engineers want to make you think you can get rich quickly. But they are trying to trick you into providing personal information.

Recently, cybercriminals have exploited advertisements on X, better known as Twitter. They use the ads to promote websites that lead to crypto scams. If you click on the ad, you will arrive on a page that asks you to set up an account on a fake site. To exchange cryptocurrencies like Bitcoin, you need a crypto wallet. So, you will be asked to connect this fake account to a crypto wallet. Since you are on a malicious phishing page, it drains the cryptocurrency from your connected wallet. Then, it will send your cryptocurrency to the cybercriminal’s account.

Follow these tips to avoid falling victim to one of these scams:
•    Think before you click. If an ad makes huge promises or pressures you to act fast, don’t trust it. 
•    Set up an ad blocker on your internet browser. The blocker stops many ads from showing up, so you won't see or click on harmful ones.
•    Stick to sites you trust. Stay away from ads on websites or social media that you're not familiar with.
 

1/10/24 - Ransoming Businesses Is a Successful Business

On Christmas Eve, cybercriminals targeted three hospitals in Germany using Lockbit 3.0 ransomware. Ransomware is a type of malicious software that infects computers and networks. It holds data and other sensitive information “hostage” in exchange for payment. If you refuse to meet their payment demands, the cybercriminals could destroy the files. Or they could make them available to the public, resulting in data theft and leaks of sensitive information.

Ransomware as a Service (RaaS), such as Lockbit 3.0, has become a successful business model for cybercriminals. It is often marketed to scammers who are looking to use ransomware to target specific organizations. Far from being an amateur operation, RaaS groups operate like legitimate businesses. They have professional websites, customer service teams, and even supporting documentation. All are designed with one purpose – to help scammers steal data!

Follow these tips to avoid falling victim to a ransomware attack:
•    Always be mindful of a sense of urgency in emails. Never click on links or attachments without first verifying their legitimacy.
•    Trust your instincts! If something seems suspicious, always verify before clicking.
•    Ransomware can strike at any time.  As a user, it’s important to remain alert and cautious.
 

1/3/24 - This Fake PDF File is a Real Threat

Even as the holiday season comes to an end, cybercriminals continue to target holiday travelers in a recent scam. This scam starts with a simple phishing email and an attachment that appears to be a hotel invoice. Unfortunately, the attachment isn’t an actual PDF file. It’s a complex attack designed to steal your sensitive information. 

If you happen to download and open the attachment, an error message appears. The message claims that you need an update in order to view the PDF file. But the file isn’t actually a PDF document, and the error isn’t actually for an update. In reality, the file is a form of malware, and if you agree to the update, you’ll launch that malware. Once launched, it quickly scans your device, collects your sensitive information, and sends it to the cybercriminals. This malware helps the scammers start off the new year with their ideal gift—your personal data!

Follow these tips to stay safe from similar scams:
•    Cybercriminals are counting on you to click without thinking. Never open attachments received from an unexpected email.
•    If you booked a hotel for the holidays and received an email about it, check for details that confirm the email’s legitimacy, such as the reservation number, check-in time, and room details.
•    Remember that this type of attack isn’t exclusive to travel invoices. Cybercriminals could use this fake PDF file technique in a number of scenarios.
 

12/27/23 - Easy Income is an Easy Scam

Countless people around the world are experiencing economic strain. It’s no surprise that cybercriminals are ready to take advantage of this situation. In fact, they’re using a unique social engineering tactic to gain your trust and steal your money. 

In a recent scam, cybercriminals claim you can earn cash by simply liking YouTube videos. To convince you that the job is legitimate, they send you a few dollars after your first day of “work.” Later, you’ll be offered an opportunity to join an exclusive list of VIPs who make even more money. Of course, you’ll have to invest to become a VIP. How much? Up to $1,000. Once paid, you can expect the cybercriminals to take the money and run.

Follow these tips to stay safe from similar scams:
•    Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic offers to lure you into their scams.
•    This attack exploits the excitement and hope of earning easy money. Don’t let cybercriminals play with your emotions.
•    Legitimate businesses will never ask you to pay money to get a job. Anyone who asks you to do so is trying to scam you.
 

12/21/23 - An Early Tax Reminder from the IRS

The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams. 

Tax scams aren’t specific to the US. Around the world, cybercriminals are readying their phishing emails and text messages (smishing). Handling your taxes is often a difficult task. So, bad actors use this sensitive topic to catch your attention or manipulate your emotions. 

Follow the tips below to stay safe during tax season:
•    Know what to expect from your local revenue agency. For example, in the US, the IRS typically contacts taxpayers by mail, not email or text. 
•    Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
•    Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed. 
 

12/13/23 - Disney+ Phishing Deal

Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. These emails are often fake notifications that encourage you to make a call to correct an error. A recent scam impersonating the popular streaming service Disney+ is a great example of this tactic.

In this scam, cybercriminals send an email that appears to be an invoice from Disney+. The email states that you will be charged for a new subscription and directs you to call the number provided if this was an unauthorized purchase. To make the email more alarming, the amount of money shown is three times the advertised price of a monthly subscription. If you call the number in the email, a cybercriminal posing as customer services will answer. They will ask you for sensitive information, like your payment method, and may even try to gain remote access to your device.

Follow these tips to stay safe from callback phishing scams:
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to act impulsively.
•    Consider the email’s context, timing, grammar, and other details. For example, does the invoice reference your real credit or debit card?
•    Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.
 

12/6/23 - Smishing is All the Rage

According to a recent report from security vendor Zimperium, you are six to ten times more likely to be tricked by SMS phishing (smishing) than traditional email phishing. Cybercriminals love these odds, so smishing has become extremely popular. It’s important to understand the significance of these attacks and how to stay safe. 

This surge in smishing attacks also comes with new threats. For example, did you know that you could get malware on your mobile device? In fact, Zimperium reported a 51 percent increase in mobile malware samples in 2022. The report also states that 80 percent of malicious websites function on mobile browsers. This means that cybercriminals are specifically designing their attacks for use on mobile devices.

Follow the tips below to stay safe from smishing attacks:
•    Think before you tap. Cyberattacks are designed to catch you off guard and trigger you to open links impulsively. 
•    Consider the origin of the text message. Did you sign up for SMS alerts? Is the message similar to other text messages you’ve received from this organization?
•    Never log in to an account from a link in a text message. Instead, navigate to the organization’s official website to log in.
 

11/29/23 - Post Shopping Scams

Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.

Two common post-shopping scams are fake shipping delays and unexpected purchase confirmations. Typically, these scams include a sense of urgency designed to catch you off guard in the hopes that you will click impulsively. You may be directed to click a link for tracking information or download a receipt for an expensive order that you did not place. These emails can be alarming, but if you take your time, they are easy to catch.

Use the tips below to spot post-shopping scams:
•    If you are expecting a package and receive a related email, look for details such as the order number, purchase date, and payment method.
•    If you receive a notice from a retailer, don’t click any links in the email. Instead, use your browser to navigate directly to the retailer’s official website and look up your order there. 
•    Remember to stop and look for red flags. For example, see if the email was sent outside of business hours or lists prices in a currency that you don’t typically use.
 

11/22/23 - A New Spin on Callback Phishing

Earlier this month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic. 

In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization. 

Stay safe from similar scams by following the tips below:
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
•    Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?
•    Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.

 

11/17/23 - Unbottling the Soda Phish

A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a  seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.

In this phishing attempt, these cybercriminals spoof the email address to appear as if it's from PepsiCo. They even use an actual PepsiCo employee's name in some cases. The email uses common business terms to be more convincing. It also has a sense of urgency, threatening a consequence if you don't quickly respond. This urgency and the recognition of the PepsiCo brand increase the likelihood that you’ll take the bait. 

Follow the tips below to stay safe from similar scams:
•    Even if the sender appears legitimate, verify the email address and contact the organization through a different method, such as an official organization phone number. 
•    Beware of urgent requests. Take a moment to review and think critically, especially if the email includes a response deadline.
•    Avoid opening attachments or clicking links from unsolicited emails. 
 

11/8/23 - Amazon's Not-So-Real Alerts

Have you noticed any suspicious PDF attachments in your Microsoft Outlook recently? There has been a surge in phishing emails with PDF attachments sent to Outlook users over the last several months. Many of these emails are Amazon-themed phishing scams that are focused on targeting Outlook users in North America, Southern Europe, and Asia.

In this scam, cybercriminals are posing as Amazon support and sending notifications claiming that your Amazon account is on hold due to billing errors. The email urges you to resolve this issue by clicking a link to update your billing information. The cybercriminals cleverly hide their malicious intent behind URL shorteners and other tricks, making these unsafe links hard to spot. If you click one of these links, you’ll be sent to a fake website designed to steal your login credentials or credit card information. The PDF files attached to these phishing emails also contain malware, which can cause security risks if you download them to your device. 

Follow the tips below to stay safe from similar scams:
•    Always be suspicious of unexpected emails, particularly if they ask for personal or financial information.
•    If you receive an email claiming that you need to verify information on your account, navigate directly to the official website instead of clicking on a link. 
•    This attack isn't exclusive to Outlook users. Anyone who uses email can be exploited, so be careful with the emails you receive.
 

11/1/23 - Job Offer or Digital Danger?

Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail. 

In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description. If you click on the link, you’ll be sent to an unsafe website that will lead you to malware-infected Google Drive files. If you download these files, the cybercriminals can gain access to your internet browser's cookies and session data. This information helps them steal your login credentials and other sensitive information.

Follow the tips below to stay safe from similar scams:
•    Be suspicious of unexpected LinkedIn messages, especially those with job offers from unfamiliar sources.
•    Confirm that the person you’re speaking to is actually who they say they are. Look up the organization on official websites to verify job offers. 
•    Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic job offers to lure you into fake websites to access your sensitive information.
 

10/25/23 - Summit Sabotage

Earlier this year, an established cybercriminal group targeted the Women Political Leaders (WPL) Summit held in Belgium. Summits and conferences provide a unique opportunity for cybercriminals to target people of power or those who are experts in their field. Whether you’re a speaker or an attendee, this attack is a great learning opportunity.

In this scam, the cybercriminals created a malicious website that looked like the official WPL Summit website. Then, they invited attendees of the WPL Summit to download photographs from the event. If downloaded, you would receive a ZIP file that contained legitimate photographs. Unfortunately, the file also contained a downloader for a popular piece of backdoor malware. Once installed, the cybercriminal group could monitor your device and steal sensitive information.

Follow the tips below to stay safe from scams like this:
•    Stop and think before downloading anything from the internet. This type of cyberattack relies on impulsive downloads. 
•    Always hover your mouse over a link to make sure that it leads to a legitimate and relevant website. Cybercriminals can easily make a website look official with logos and copied designs.
•    Keep your devices up to date. Software updates often include security patches to protect you against known vulnerabilities.
 

10/18/23 - Scams Related to the Israel-Hamas War

The recent Israel-Hamas war has made headlines worldwide. As usual, cybercriminals have been quick to take advantage of the dreadful news. Cybercriminals often use high-profile news events for disinformation campaigns, which include false information designed to intentionally mislead you. 

Stay alert in the coming weeks, as cybercriminals are already referencing the war in social media disinformation campaigns. Last week, videos were posted on X, formally known as Twitter, that claimed to be footage of the Israel-Hamas war. These videos were actually from video games and fireworks celebrations, but they still went viral.  Cybercriminals can use disinformation like this to try to catch your attention and manipulate your emotions. Disinformation can be used as a phishing tactic to try to get you to click on suspicious links or open malicious attachments.   

Follow the tips below to stay safe from these types of scams:
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. 
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
•    Stay informed by following trusted news sources. If you see a sensational headline, research the news story to verify that it’s legitimate. 
 

 

10/12/23 - New Message from Cybercriminals

Researchers at Guardio Labs have discovered a new cyberattack. This attack targets business accounts on the popular social media network, Facebook. A group of cybercriminals are using Facebook Messenger to try and steal sensitive information. 

In this scam, cybercriminals use the Messenger app to ask you about your business. In this message, they include an attachment. If you download or select the attachment, it will install malware onto your device. Once installed, cybercriminals can spy on you, watch your keystrokes, and steal your sensitive information.   

Follow the tips below to stay safe from similar scams:
•    Never download an attachment in a message that you weren’t expecting. 
•    Be cautious when opening messages from unknown users. It could be a cybercriminal in disguise. 
•    Remember that this type of attack isn’t exclusive to business accounts. Cybercriminals could use this technique to try to phish anyone.
 

10/4/23 - This LastPass Scam is So Last Year

Last year, the popular password manager LastPass was the victim of a data breach. Because of this, cybercriminals have access to the names, email addresses, and phone numbers of LastPass’s customers. Since the breach, cybercriminals have been using LastPass’s data breach in various cyberattacks. 

Recently, cybercriminals launched a phishing attack targeting LastPass users. In this scam, cybercriminals send you a spoofed LastPass email with a link asking you to verify your information. If you click the link, you’ll be taken to a spoofed LastPass login page. If you enter your login information, cybercriminals will have access to your sensitive information.  

Follow the tips below to stay safe from similar scams:
•    Never click a link in an email that you weren’t expecting. 
•    Be cautious when entering login information on a website accessed through an email. To stay safe, navigate directly to the organization's official website.
•    Stay educated and watch the news for data breaches. If a service you use is breached, be extra cautious of any emails you get from that organization.
 

9/27/23 - Smishy Package Failed to Deliver

Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy. 

In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information. 

Follow the tips below to stay safe from similar scams:
•    Never tap a link in a text message that you weren’t expecting. 
•    Be cautious when entering payment information on a website accessed via text message. To stay safe, navigate directly to the organization's official website.
•    Remember that this type of attack isn’t exclusive to postal services. Cybercriminals could use this technique to impersonate any business in any country. 

9/21/23 - Bet on Cybercriminals

MGM Resorts International is an American hospitality and entertainment organization. This past week, MGM made headlines with the news of a cyberattack costing over 52 million dollars in lost revenue. Nearly all of MGM’s hotels, casinos, and ATMs went offline. This massive attack started with a simple social engineering scam. 

Using information found on a LinkedIn post, a cybercriminal impersonated an MGM employee and called their IT department. They asked to have their password reset, and the IT department reset the employee’s password. This gave the cybercriminal access to the employee’s account and eventually led to the cybercriminal taking over MGM’s entire system. This is a great example of why it’s important to learn how to protect yourself and others from similar attacks. 

Follow the tips below to stay safe from similar scams:
•    Be careful with the information you share about yourself online. Cybercriminals can use this information to target you in phishing attacks. 
•    Confirm that the person you’re speaking to is actually who they say they are. Try reaching out to them using another form of contact or by meeting with them face-to-face.
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you.
 

9/13/23 - Watch Out for .us Domains

The Interisle Consulting Group has published a report that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” in “knowbe4[.]com”. 

Although .us is the country code for the United States, cybercriminals have been using this domain to attack organizations worldwide such as Apple, Great Britain’s Royal Mail, and the Denmark Tax Authority. Cybercriminals may use these domains to trick you into thinking you're visiting an official US website instead of a malicious one. Clicking a malicious .us link from cybercriminals could lead to malware or trick you into revealing sensitive information.

Follow the tips below to spot similar scams:
•    Never click a link in an email that you weren't expecting.
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

9/6/23 - Scan Here to Get Phished

A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.

In a recent scam, cybercriminals sent phishing emails disguised as multi-factor authentication (MFA) messages. The email instructs you to scan the QR code to enable MFA on your device. If you scan the QR code, you’ll be taken to a spoofed login page. If you enter your login credentials, cybercriminals could gain access to more of your sensitive information. 

Follow the tips below to stay safe from similar scams:
•    Think before you scan a QR code. Cyberattacks are designed to catch you off guard and trigger you to scan impulsively. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
•    Be cautious before entering any login information on a website from a QR code. Instead, navigate directly to the official website.

8/30/23 - Duolingo Data Leak

Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.

In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak. For example, cybercriminals may send you a spoofed Duolingo email claiming that you need to change your password or email address. Cybercriminals could also use your leaked name or email address to send more sophisticated phishing attacks. These attacks could be completely unrelated to Duolingo.

Follow the tips below to stay safe from similar scams:
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    Remember that this type of attack isn’t exclusive to Duolingo. Cybercriminals could use this technique to impersonate any app.
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

8/23/23 - Phishy Search Results

Cybercriminals are at it again with search engine optimization (SEO) attacks. Legitimate organizations use SEO to help their websites and documents appear more often in search engine results. Unfortunately, cybercriminals are using a combination of SEO and malicious PDF files to try to steal your sensitive information. 

In these attacks, cybercriminals use SEO to manipulate the top search results to show malicious PDF files. These files look like regular search results and will open in your browser when clicked. They are often designed to look like real websites and contain dangerous links. If you click one of these links, it could take you to a malicious website or download malware onto your device. 

Follow the tips below to stay safe from similar scams:
•    SEO attacks rely on impulsive clicks, so you can’t always trust the first search result. Read the titles and descriptions of the results to find what you’re looking for. 
•    Before clicking a search result, hover your mouse over it to check the URL. If the URL ends in “.pdf,” the search result leads to a PDF file, not a website.
•    Be cautious before clicking any links in a PDF file. They could lead to malicious websites. 

6/28/23 - Call 800-Cybercriminal

Recently, cybercriminals have taken advantage of Soda PDF, a PDF viewing service. Using Soda PDF, cybercriminals are sending malicious PDF files to try to trick you into sharing your phone number and payment information. Because Soda PDF is a legitimate service, this scam can be hard to recognize. So, it's important to learn how to protect yourself and others.

In this scam, cybercriminals use Soda PDF to send you an email with a PDF file. The file will contain a phone number and prompt you to call if you have any questions. If you call this number, a cybercriminal will ask for your payment information. Then, the cybercriminal can use information that you shared to steal your money and call you in additional scams.

Follow the tips below to spot similar scams:
•    Never click a link or download an attachment in an email that you aren’t expecting. 
•    Think before calling unknown phone numbers. Verify that a phone number is legitimate by navigating to the organization’s official website. 
•    Remember that this type of attack isn’t exclusive to Soda PDF. Cybercriminals could use this technique to exploit any file-sharing service.
 

6/20/23 - Text messages & spoofed websites used to lure members into scam

Fraudulent text messages — appearing to come from the credit union — containing links to spoofed websites are being sent to members. The spoofed websites are made to look like the credit unions’ legitimate websites and members are enticed to click on the link and share confidential information such as username, passwords, as well as 2-factor authentication passcodes. These fraud attempts have resulted in losses from account takeovers.  GenFed will not text you asking for personal information.

5/31/23 - Permission to Hack

Recently, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps. 

In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to steal your information. If you download this app, you’ll be prompted to accept permissions that align with what the app claims to do. However, if you accept these permissions, you’ll grant cybercriminals access to your personal information, such as your location, text messages, and more. 

Follow the tips below to stay safe from similar scams:
•    Only download apps from trusted publishers. Anyone can publish an app on official app stores—including cybercriminals. 
•    Enable security settings on your device, such as Google Play Protect which scans for malicious apps.
•    Remember that this type of attack isn’t exclusive to the Google Play Store. Cybercriminals could use this technique to put malicious apps on any platform. 
 

5/24/23 - PayPal Payment Ploy

Recently, cybercriminals have taken advantage of PayPal, the popular international online payment platform. Cybercriminals are spoofing PayPal in order to try and steal your personal or financial information.

In this scam, cybercriminals send you a phishing email saying that one of your PayPal payments didn’t process and that you need to act fast. The email contains a phone number allegedly from PayPal, prompting you to call. This phone call appears legitimate, but it’s actually from cybercriminals spoofing PayPal. If you call this number, cybercriminals can trick you into giving away your personal or financial information. 

Follow the tips below to stay safe from similar scams:
•    Be cautious when giving your financial information to someone over the phone. Instead, avoid using phone numbers provided in emails and navigate to the organization’s official website. 
•    Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
•    Remember that this type of attack isn’t exclusive to PayPal. Cybercriminals could use this technique to impersonate any organization in any country. 
 

5/3/23 - Watch out for Coronation-Related Scams

This upcoming week, King Charles III will be coronated as the new king of the United Kingdom. When a major historical event is about to take place, people often look to social media and online news sources for information about the event. 

Cybercriminals take advantage of high-profile news stories to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing the king’s coronation in phishing attacks and social media disinformation campaigns.

Follow the tips below to stay safe from similar scams:
•    Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
•    Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you.
•    If you receive a suspicious email, follow your organization’s procedure to report the email.

4/12/23 - Interview with a Cybercriminal

Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.

This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they'll be able to access your account for their own malicious goals. 

Follow the tips below to stay safe from similar scams:
•    Remember that spear phishing attacks can impersonate anyone, such as a media outlet or a close friend. Think before you click, and never click a link in an email that you aren’t expecting. 
•    Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, reach out to them in person or by phone to verify. 
•    When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
 

3/1/23 - IT or Cybercriminal?

Coinbase, a cryptocurrency platform, was the latest victim of a social engineering attack. Social engineering occurs when cybercriminals manipulate you to try to steal your sensitive information. 

In this recent attack, a cybercriminal sent smishing (SMS phishing) messages to Coinbase employees. These messages contained a link directing employees to log in to their company accounts. Shortly after one employee clicked this link, Coinbase saw and prevented the cybercriminal from gaining internal access. Later, the cybercriminal called the same employee and claimed to be from Coinbase’s IT department. The employee thought the call was legitimate, and the cybercriminal stole some sensitive information over the phone. 

Follow the tips below to stay safe from similar scams:
•    Always be cautious of unexpected text messages.
•    Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
•    Before you share any sensitive information over the phone, verify that the caller is actually who they say they are. 
 

1/18/23 - Single Sign-On Smishing

Okta's single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren't the only people who benefit from this service. Cybercriminals are taking advantage of Okta and other SSO services in a recent smishing (SMS phishing) scam.

To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.

Follow the tips below to stay safe from similar scams:
•    Always be cautious of unexpected text messages. While this scam targets Okta users, it could be used with any authentication service.
•    Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
•    Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
 

12/28/22 - Smishing is 50% off!

Have you ever received text messages about special discounts or promotions for a service you use? Many legitimate organizations send promotional text messages to their customers. Unfortunately, cybercriminals are sending text messages with fake promotions to try to manipulate you.

In a recent smishing (SMS phishing) scam, cybercriminals send you a text message offering a discount that's only available for a limited time. The text message claims that the discount is for a common expense such as gas, an electricity bill, or even a car insurance policy. To claim your discount, the text message states that you need to click a link and enter sensitive information, including your bank account information. If you click the link and enter this information, cybercriminals can use it to access your bank account and steal your money.

Follow the tips below to stay safe from similar smishing scams:
•    Think before you interact with a text message. Did you sign up for text messages from the organization? Is the text message similar to other text messages you’ve received from the organization?
•    If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.
•    Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
 

10/26/22 - Google Translate phishing Scams

Google Translate is a free service that you can use to translate text from one language to another. Since Google Translate is a Google product, many people view it as a sign that a webpage is trustworthy. Now, cybercriminals are spoofing Google Translate pages to make their phishing campaigns seem legitimate.

In a new phishing scam, cybercriminals send an email claiming that important emails are being withheld from your inbox. The email instructs you to click a link to log in and confirm your account. This link will redirect you to a spoofed login page that displays a Google Translate banner. This banner claims that text on this page has been translated into your language and makes the page look legitimate. If you enter your login credentials, cybercriminals will use them to access your account and steal your sensitive information.

Use the tips below to spot Google Translate phishing scams:
•    If you receive an email claiming you have an account issue, always log in to the organization’s website directly.
•    Before you click a link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.
•    Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds a layer of security by requiring that you provide additional verification to log in to your account.
 

5/11/22 - Spoofed SMTP Relay Services

Simple Mail Transfer Protocol (SMTP) is the standard method that mail servers use to send emails. Organizations typically use an SMTP relay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service. 

Using this vulnerability, cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let’s say that a legitimate organization owns the domain sign-doc[dot]com and uses Gmail to relay its marketing emails. Cybercriminals could send phishing emails from a malicious domain, such as wishyoudidntclickthis[dot]com, and disguise the emails by spoofing the legitimate domain, sign-doc[dot]com. Since the spoofed domain is being relayed through Gmail, most email clients will consider the malicious email safe and allow it to pass through security filters.

Follow the tips below to stay safe from similar scams:
•    This type of attack isn’t limited to Gmail. Other SMTP relay services could have similar vulnerabilities. Even if an email seems to come from a legitimate sender, remain cautious. 
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.
 

1/26/22 - Google Docs Comment Con

Google Docs is one of the world’s most popular document sharing and editing applications. Along with the ability to create and share documents, Google Docs allows users to add comments to these documents. In a new scam, cybercriminals have taken advantage of this feature by inserting phishing links into comments.

In this scam, cybercriminals use a real Google account to create a document in Google Docs and then tag you in a comment. You will then receive a legitimate email from Google, notifying you that you’ve been tagged in a comment. The comment will include an embedded phishing link and may appear to come from someone you trust, such as a co-worker. Unfortunately, if you click the phishing link, malware may be installed on your device. 

Don’t fall for this trick! Follow the tips below to stay safe from similar scams: 
•    Beware of suspicious links. Always hover your cursor over links before you click, and check the commenter’s email address to verify their identity.
•    Check the comment for grammatical errors, such as misspelled words or unusual phrases. Grammatical errors may be a sign that the comment is suspicious.
•    Don’t open documents or files that you weren’t expecting to receive. If you receive a document that you weren’t expecting, make sure you verify that the sender is legitimate before you open it.
 

1/19/22 - Google Voice Authentication Scams

Google Voice is a service that provides virtual phone numbers to make and receive calls and text messages. Each Google Voice number must be linked to a real phone number so that any activity can be traced back to the user. In a new scam, cybercriminals use your name and phone number to create a Google Voice number. Once created, cybercriminals can use the Google Voice number for other phone-based scams. Worse still, they can also use the linked Google Voice number to gain access to your Google account. 

Here’s how the scam works: Cybercriminals target anyone that shares their phone number in a public space. For example, let’s say you post an ad for an old couch on a resale website and include your phone number. A cybercriminal could contact you pretending to be interested in the couch. Then, they could send you a Google authentication code and ask you to send them the code to prove that you are a legitimate seller. Unfortunately, the code actually allows them to link their Google Voice number to your real phone number. 

Remember the following tips to stay safe from similar scams: 
•    If someone wants to confirm that you are a real person, suggest a safe option, such as making a phone call or meeting in a busy, public place.
•    Resale sites are just one example of where cybercriminals could find your phone number. They could also reference social media posts or even your resume. Always be cautious when you’re contacted by someone you don’t know. 
•    Never share a confirmation or authentication code with another person. Keep these codes between you and the service that you need the code for, such as logging in to your bank account. 

12/22/21 - Netflix Scam Double Feature

Netflix is both the world’s largest streaming platform and one of the most impersonated brands among cybercriminals. There have been many Netflix-themed scams over the years, but most of these scams target one of two groups: current Netflix subscribers or potential Netflix subscribers.

To target current Netflix subscribers, cybercriminals send phony email notifications claiming there is a problem with your billing information. To target potential Netflix subscribers, cybercriminals send emails that advertise a deal for new accounts. Both phishing emails include links that lead to Netflix look-alike webpages where you’re asked to provide your personal and payment information. Any information you enter on these fake webpages is delivered straight to the cybercriminals. 

Remember the tips below to stay safe from streaming scams: 
•    Never click on a link within an email that you weren’t expecting, even if the email appears to come from a company or service you recognize.
•    These types of scams aren’t limited to Netflix. Cybercriminals also spoof other streaming services, such as Disney+ and Spotify. Remember that if a deal seems too good to be true, it probably is. 
•    If you receive an unexpected notification, open your browser and navigate to the platform’s website. Then, you can log in to your account knowing that you’re on the platform’s real website and not a phony look-alike website.
 

11/29/21 - Online Shopping Steals

It’s Thanksgiving week in the United States, which means Black Friday and Cyber Monday are finally here! To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers. 

Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you'll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals. 

Follow the tips below to avoid these malicious online stores:
•    Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as "Squishmellows" or "Squashmallows."
•    Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!
•    Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer. 
 

11/16/21 - Online Loan Warning

No legitimate lender would ask for your online banking information and would never ask you to send part of any loan proceed back to them.  You should never give your online banking log-in information to anyone.  Doing so gives that person all of your transaction history information, allows them to withdrawal (or deposit to) your funds, and your account could be used for illegal purposes.  If in doubt call GenFed for help!

 

10/13/21 - Members Receiving Spoofed Phone Calls to Acquire Sensitive Info

GenFed has become aware of members receiving fraudulent phone calls from individuals claiming to be from the Credit Union Fraud Department. These fraudsters are using spoofing technology to make the phone calls appear to be coming from a legitimate GenFed Financial phone number.

The fraudster may claim that a fraudulent charge has been made on the member’s account and the member is asked to confirm his or her identity.  Or the fraudster may make other false claims.

While GenFed Financial actively monitors your accounts for potential fraud, please remember that we will NEVER initiate a call or email asking you to give us your card PIN, Online Banking username and password, or full card number. If you have any doubt about the validity of a phone call you receive from us, please hang up and call your local branch to speak with us immediately.

Please also be aware that you can use our free Card Control service through the cards app to lock your card until you are able to reach us. This will ensure that your card is protected until you are able to contact us.
 

10/13/21 - The Ultimate Data Breach Database

With a year full of high-profile data breaches, one cybercriminal has created the ultimate database. The cybercriminal claims that the database contains over 3.8 billion records and is attempting to sell the information on the dark web. 

Allegedly, the database is made up of scraped phone numbers that were then linked to Facebook profiles, Clubhouse accounts, and other sensitive information. Due to the nature of this data, we expect to see an increase in smishing attacks, hijacked accounts, and other social media scams.

Use the tips below to stay safe from these types of scams:
•    Smishing, or text message phishing, is difficult to spot. When you receive a suspicious text message, ask yourself these questions: Were you expecting this message? When did you give the sender your phone number? Did you sign up for text notifications?
•    Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity. 
•    For a high level of security, keep your social media accounts private. Only accept friend requests or follow requests from people that you know and trust.
 

10/6/21 - No Time to Phish

James Bond is one of the longest-running film series in history. Since fans have been waiting since 2015 for another installment, the new film, No Time to Die, is making headlines. Cybercriminals have wasted no time and are using the film’s release as phish bait in a new scam.

The scam starts with an ad or pop-up window that claims you can stream No Time to Die for free. If you click on the ad, you are taken to a malicious website that plays the first few minutes of the film. Then, the stream is interrupted and you are asked to create an account to continue watching. Of course, creating an account includes providing personal information and a payment method. Unfortunately, if you complete this process the cybercriminals can charge your debit or credit card for as much money as they’d like. Plus, you won’t actually get to watch the film.

Here are some tips to avoid scams like this:
•    Be suspicious of ads, emails, and social media posts that offer free services for something you would typically have to pay for. 
•    Only use well-known, trusted websites to stream movies, shows, and music.
•    Never trust an online ad. Use a search engine to look up reviews, articles, and the official website for any product or service that catches your eye.
 

9/29/21 - Shortened URLs are a Sneaky Shoutcut

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it's longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage. 

Don’t fall for this trick! Remember the following tips:
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.
•    This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!
 

9/22/21 - Friendly Spear Phishing

Spear phishing is a phishing attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media. Spear phishing attacks on social media often come from fake accounts, but in a recent scam, cybercriminals used real, compromised accounts. After hijacking an account, cybercriminals impersonated that person and targeted their friends and followers. 

In this scam, cybercriminals use the hijacked account to engage in friendly conversations with you in an attempt to lower your guard. Since you don't know that the account has been hijacked, you are more likely to trust information that they send to you. Once they think they have your trust, the cybercriminals will send you a Microsoft Word document asking for you to review it and give them advice. Once you open the document, the program will ask you to enable macros. If you do enable macros, your system will automatically download and install a dangerous piece of malware. 

Follow the steps below to stay safe from this scam:
•    Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
•    Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.
•    Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

9/15/21 - Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website. 

Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.

Follow the tips below to stay safe from this unique threat:
•    Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
•    Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information. 
•    If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.
 

9/8/21 - Watch Out for Windows 11 Scams

Microsoft Windows is the most widely used operating system in the world. This October, it is getting an upgrade. Microsoft has announced that starting October 5, compatible systems that run the current version of Windows 10 will be offered a free upgrade to Windows 11. 

Cybercriminals are sure to use this announcement in several ways. In the coming weeks, we expect to see update-related phishing emails, fake Windows 11 webpages, and pop-up ads designed to look like a Windows update. 

Don't fall for these scams. Follow the tips below to stay safe:
•    Always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively. 
•    Only trust information from the source. If you want to learn more about the Windows 11 update, go directly to Microsoft’s official website or follow their official social media pages.
•    If you are prompted to update your work computer, reach out to your administrator or IT department. They can check to make sure the update is legitimate and safe.

9/1/21 - COVID-19 is the Never-ending Phish Bait

Cybercriminals have used COVID-19 as phish bait since the start of the pandemic, and they’re not stopping any time soon. In a recent attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form "could carry significant fines". 

If you click the link in the email, you are directed to a realistic but fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a real vaccination form from your local government. The good news is that this form isn't actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.

Remember these tips to avoid similar phishing attacks:
•    Watch out for a sense of urgency, especially when there is a threat of a fine or a penalty. These scams rely on impulsive actions, so always think before you click.
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you receive an unexpected email from someone within your organization, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email. 
 

8/25/21 - Beware of Copyright Scammers

In a recent phishing scam, scammers told users that they have violated copyright laws and must take immediate action to protect their account. The scammers claim that the content the user posted, such as an Instagram photo or a YouTube video, violates copyright law. Users are told that they must immediately click a link to protect their account from suspension or deactivation. However, in a recent version of this scam, the scammers are trying to get you on the phone with a fake support tech.

The way this scam works is that scammers send a fake Digital Millennium Copyright Act (DCMA) complaint that informs users about a potential copyright violation. The user is told that they can click a link to see the original copyright complaint or they can call a phone number to contact technical support. When the user tries to click the complaint link, they are taken to an error page. This error page is used to pressure the user into calling the free, fraudulent phone number instead. Once the user calls, the fake technical support team uses social engineering tactics to pressure the users into revealing sensitive information.

Don’t fall for this trick! Follow the tips below:
•    Beware of urgent messages. Cybercriminals use this sense of urgency to pressure you into acting quickly.
•    Never give away sensitive account information. Organization’s IT teams will not ask for sensitive information, such as passwords, over the phone or over email.
•    Don’t call without verifying the phone number. Verify the organization’s phone number by checking their official website.
 

8/18/21 - Scammers Continue with Another Facebook Scam

Scammers recently used their own third-party Android applications (apps) to hijack over 10,000 Facebook accounts. If you were to download and open one of these malicious apps, you’d see a familiar feature: the “Continue with Facebook” button. Legitimate apps often integrate with websites like Facebook to make account creation quick and easy. In malicious apps, this type of link often leads to a phony login page designed to steal your login credentials. 
This scam is unique because clicking the “Continue with Facebook” button actually opens the official Facebook login page. If you log in to your Facebook account, you’ll give the bad guys far more than your username and password. The malicious apps include an extra bit of code that gathers your account details, location, IP address, and more. Once they hijack your account, the bad guys can use it to generate ad revenue, spread disinformation, or even scam your friends and family. 
Follow these tips to stay safe from malicious applications:
•    Though this attack targets Android users, the technique could be used on any kind of device, even desktop computers. Always be careful when downloading apps or software, regardless of the device that you are using. 
•    Before downloading an app, read the reviews and ratings. Look for critical reviews with three stars or less, as these reviews are more likely to be real. 
•    Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores, including cybercriminals. 
 

8/11/21 - Multi-layered Microsoft Scam

In a recent phishing scam, bad guys combined some of their favorite tricks to create an extra special phishing email. This phishing scam uses a number of different tactics to fool you and your email filters.
The phishing email is designed to look like a real Microsoft OneDrive notification, complete with official logos and icons. If you check the sender’s address, you’ll see an email address that closely resembles a real Microsoft domain. The body of the email references your actual Microsoft username and directs you to click on a button to open a shared Microsoft Excel file. 

To bypass your email filters, the scammers don't use a direct link to their malicious webpage. Instead, the email includes a link from a trusted website called AppSpot, which is a cloud computing platform from Google. If you click on the “Open” button in the email, the AppSpot website immediately redirects you to a compromised Microsoft SharePoint page. On this page, you will be asked to provide your Microsoft credentials to access the supposedly shared file. Any information typed on this page will be delivered directly to the bad guys. 
Remember the following tips to stay safe:
•    Never click on a link or download an attachment from an email that you were not expecting.
•    If you receive an unexpected email from someone who you think you know—stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email. 
•    This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.
 

8/4/21 - Bluffing Blackmail

In a recent large-scale cybersecurity attack, scammers sent over 400,000 phony blackmail attempts. These devious emails are written in an oddly casual tone and seem to outline the bad guy’s entire blackmail process. The scammer claims to have purchased your information from a hacker. To make this claim more convincing, the scammer references an actual password of yours that has been exposed in a data breach. 
The scammer goes on to say that they have installed a piece of malicious software (malware) onto your device. Supposedly, the malware was used to access your webcam and record you without your knowledge. Despite claiming to have full access to your accounts and device, the scammer intends to blackmail you via email. They'll threaten to release an incriminating video of you if you don’t pay them. Don’t be fooled!
Follow these tips to call the scammer’s bluff:
•    Think before you click. If the scammer truly has the access to your accounts and device that they claim to have, why are they emailing you to ask for money?
•    Cybercriminals use information from real data breaches to seem legitimate. Stay informed about data breaches by using a trusted credit and identity monitoring service. A number of reputable institutions provide these services for free.
•    Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you give to retailers and online services.
 

7/28/21 - Sp0t th? HomogIyph

Microsoft recently announced legal action against domains that impersonate the brand using homoglyphs. A homoglyph is a letter or character that closely resembles another letter or character. Cybercriminals use homoglyphs to trick you into thinking a domain belongs to a trusted company.
Here’s an example: Scammers could use a zero (0) in place of a capital letter “O” or they could use a lowercase letter “L” in place of a capital letter “i”. Using these examples, the bad guys can impersonate MICROSOFT[dot]COM as MlCR0S0FT[dot]COM. Some cybercriminals take this method one step further by using characters from other languages. For example, the Russian character “?” could be used in place of an English letter “b”.
Don’t fall for this trick! Remember the tips below:
•    Be cautious when you receive an email that you were not expecting. This trick can be used to impersonate any company, brand, or even a person’s name.
•    Before you click, always hover over a link to preview the destination, even if you think the email is legitimate. Pay close attention to the characters in the URL.
•    If you’re asked to log in to an account or an online service, navigate to the official website and log in there. That way, you can ensure you’re logging in to the real website and not a phony look-alike website.
 

7/21/21 - Macros on Macros

Cybercriminals are always finding new ways to bypass your security filters. In this scam, the bad guys start by sending a Microsoft Word document that has no malicious code or links within it. Once opened in Microsoft Word, the innocent-looking document includes a pop-up that asks you to enable macros. A macro, short for macroinstruction, is a set of commands that can be used to control Microsoft Word, Microsoft Excel, and other programs.
Here’s how the attack works: If you open the attached Microsoft Word document and enable macros, the document automatically downloads and opens an encrypted Microsoft Excel file. The Microsoft Excel file instructs Microsoft Word to write new commands into the same Microsoft Excel file. Once the new commands are added, the Microsoft Excel file automatically downloads and runs a dangerous piece of malware onto your device.
Use the tips below to avoid falling victim to an attack like this one:
•    Never click a link or download an attachment from an email that you were not expecting.
•    Before enabling macros for a file, contact the sender using an alternative line of communication, such as making a phone call or sending a text message. Verify who created the file, what the file contains, and why enabling macros is necessary.
•    This type of attack isn’t exclusive to Microsoft products. The technique could easily be used on a number of other programs. Always think before you click.
 

7/14/21 - Kaseya Security Crisis Scams

Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware. 
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns. 
Here are some tips to stay safe:
•    Watch out for Kaseya-related emails—especially those that claim your organization has been affected. 
•    Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations. 
•    Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
 

7/7/21 - Hidden Google Drive

To help protect you against malicious links, most email clients have filters that flag suspicious-looking emails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in email filters typically do not recognize that this content is malicious. 
In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.
Don’t fall for this trick! Remember:
•    Never click on a link or download an attachment in an email that you were not expecting.
•    If you think the email could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign email using a Google Drive link.
•    When an email claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.
 

6/30/21 - Five-Star Fraud

Say the new browser extension that you want to download has a lot of positive reviews. These reviews may make the extension seem legitimate, but not necessarily. Cybercriminals often use fake reviews to trick users into downloading malicious browser extensions.
For example, a malicious Microsoft Authenticator extension with fake reviews was recently found in the Google Chrome Store. The extension had five reviews: three one-star reviews and two five-star reviews. The real one-star reviews warned others that the extension was malware, while the fake five-star reviews praised the extension. This is just one example of how bad guys use fake reviews to gain your trust.
So, how do you know if the cool new extension is safe to download? Follow these tips to stay safe:
•    Only download extensions from trusted publishers. Cybercriminals can easily publish extensions or apps to app stores, so make sure you know who developed the extension before you download it.
•    Be suspicious of extensions that ask you to enter sensitive information. Legitimate extension downloads may request special permissions from you, but they won’t ask you to give up sensitive information.
•    Look for negative reviews. Don’t just focus on the positive reviews. Negative or critical reviews are less likely to be fake. 
 

6/23/21 - Prime Day or Crime Day?

Amazon, the world's largest online retailer, is hosting their huge Prime Day sales event on June 21st and 22nd this year. Subscribers around the world are ready to shop! But while you’re looking for good deals, the bad guys are looking for the opportunity to scam you any way they can. Expect to see all sorts of scams related to Amazon’s Prime day, from fake advertisements to phony shipping notifications.
One Amazon-themed scam uses a phishing email disguised as a security alert. The alert starts with “Hi Dear Customer,” and goes on to say that your account has been “blocked” due to an unauthorized login. The email explains that, “You can't use your account at the movement, Please Verify And Secure your account by following link”. If you were to click the link in the email, you would be sent to a malicious website.
Shop safely by following these tips:
•    Look out for spelling and grammatical errors. This specific phishing email was full of errors, such as using the word “movement” instead of “moment”.
•    Always go directly to Amazon.com when you want to shop, review your order information, or check on the status of your account. 
•    Never trust a link in an email that you were not expecting. Cybercriminals have created hundreds of fake domains with the words "Amazon" and "Prime" in order to trick you.
 

6/16/21 - Phony FINRA Phishing

Once again cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.

In this FINRA-themed phishing email, the sender’s email address uses the domain gateway[dash]finra[dot]org. The email claims that your organization has received a compliance request and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!

Use the tips below to stay safe from similar attacks:

• Look for threats of urgency, such as the need to pay a penalty if you don’t act quickly enough. These scams rely on impulsive actions, so always think before you click.
• Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.
• If you are worried that the email could be legitimate, reach out to the company another way. Do not click any links or use the contact information provided in an email.

6/9/21 - New Smishing Scam Borrows Your Phone

In a new Smishing (SMS Phishing) attack aimed at Android users, cybercriminals send a text message that claims you have a delivery that needs to be paid for. If you tap on the link provided in the text, you are taken to a page that asks you to update your Google Chrome app. If you tap the Install Now button on the page, a download begins and you are redirected to a payment screen. On this screen, you are asked to pay a small fee so that your package can be delivered. If you provide any payment information on this page, it is sent directly to the bad guys.
Unfortunately, this scam gets worse. If you tapped the Install Now button mentioned above, you actually downloaded malware that uses the icon and name of Google Chrome to disguise itself. This “app” then uses your mobile number to send thousands of smishing texts to random, unsuspecting victims.

Don’t become a part of their scam! Follow the tips below to stay safe from attacks like this:

• Only download and update apps through your device’s official app store.
• Though this attack targets Android users, this technique could be used on any kind of mobile device, so always be suspicious of unexpected text messages.
• If you are expecting a package, stay up-to-date on your order by visiting the retailer’s official website and not by tapping a link in a text message.

6/2/21 - Thank You for Calling—Here’s Some Malware

A recent social engineering scam uses real people in a call center to trick you into downloading malware onto your computer. Here’s how the scam works:
You receive an email claiming that your trial subscription to a publishing company will expire soon. The email states that you will be charged if the subscription is not canceled, and it directs you to call a phone number for assistance. If you call this number a representative happily walks you through how to unsubscribe. The representative directs you to a generic-sounding web address, asks you to enter the account number provided in the original email, and tells you to click a button labeled “Unsubscribe”. If you click, an excel file is downloaded onto your computer. The representative tells you to open that file and enable macros so you can read a confirmation number to them. If you enable macros, a malicious file is installed that allows cybercriminals backdoor access to your system. The bad guys can use this access to install more dangerous malware, such as ransomware.

Follow these tips to stay safe from this social engineering attack:

• This attack tries to spark feelings of alarm and frustration by claiming that you will be charged for something you didn’t sign up for. Don’t let the bad guys toy with your emotions.
• Remember that cyber attacks come from real people and real people can lie over the phone, just as they do in phishing emails.
• If you’re concerned that a warning could be legitimate, look up the company and try contacting them another way—not by using the phone number that they provided in an email.

 

5/26/21 - Using Synonyms to Scam, Con, and Dupe You

Most email clients have security filters that scan your incoming emails for keywords. When certain keywords accompany other suspicious elements, the email will be filtered into your Spam or Trash folder. But cybercriminals can bypass your email filter using one simple tool: synonyms. Bad guys are replacing commonly-filtered words with synonyms (words or phrases that mean the same thing). This simple swap gets their phishing email past your email filters and into your inbox.
In a recent phishing attack, the cybercriminals replaced the term “invoice” with the synonym “Remittance Advice”. Since the term “Remittance Advice” is not a common keyword, the phishing email passes your security filter and is delivered to your inbox. The email includes an image that looks like an attachment. If you click to download the attachment, you’ll actually be clicking on an image that links you to a dangerous phishing site.

Here’s how you can stay safe from scams like this:

• Never click a link or download an attachment in an email that you were not expecting.
• Watch out for uncommon language. For example, the phrase “Remittance Advice" is not a commonly-used term in basic transactional emails. This could be an indication that the phrase replaced a more common keyword.
• When an email claims to include an invoice, try to find evidence of the transaction elsewhere. Do you have an unexpected credit card charge? Did someone in your family order something on your account?

 

5/19/21 - QuickBooks Used as Bait for a Quick Scam

An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, you get a dangerous cybersecurity threat.
The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one-thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches.

Here’s how you can stay safe from scams like this:

• Never click a link or download an attachment in an email that you were not expecting.
• Remember that bad guys can disguise anything, even file types.
• If you think the notification could be legitimate, navigate to the official QuickBooks website and log in to your account to confirm.

5/12/21 - Credential Scam With a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.
You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.

Don’t be fooled! Remember these tips:

• Remember that any site, brand, or service can be spoofed.
• Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.
• Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites.

4/28/21 - Voice Changing “Catphish”

In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.

This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:

• Keep your social media accounts private and only accept friend requests from people that you know and trust.
• If you meet someone online, be sure to verify their identity. You could use a search engine to find their other social media profiles or simply ask to have a video call to make a face-to-face connection.
• Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

 

4/21/21 - Tricky PDF Files

Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.

Don’t fall for these tricks! Remember the following tips:

• Never click or download an attachment in an email that you were not expecting.
• Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
• If you receive a suspicious email, be sure to contact your IT department or follow the specific procedure for your organization.

4/15/21 - Advanced Phishing Hidden in Plain Text

Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.

Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

• Remember that bad guys can disguise anything, even file types.
• Never click a link or download an attachment in an email that you were not expecting.
• When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.

4/7/21 - Classic Facebook Phishing

While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:

The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.

How many red flags did you see? Remember the following tips:

• Question everything. For example, your name is part of your Facebook profile, so why is the email addressing you as “User”?
• Look for a sense of urgency. In this example, the email gives you 72 hours to verify your account. Remember, the bad guys rely on impulsive clicks.
• Pay close attention to the grammar and capitalization. For example, the words “This link will expires in...” should be “This link will expire in...”. Also in that same line, the word “We” is in the middle of a sentence, so this should be lowercase.

 

3/31/21 - Instagram Influencer Scams

As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.

Instagram influencers often host special giveaways to raise brand awareness. Typically followers are asked to comment on the post for their chance to win. Unfortunately, bad guys then use these comments to target their victims. You may receive a message from someone spoofing the influencer’s account or claiming that they work with the giveaway host. Then, you are told that you won the giveaway, but that you need to pay a shipping fee or provide some personal information. Any information provided goes straight to the cybercriminals. Don’t fall for it!

Here are some tips to stay safe from influencer scams:

• The technique could easily be used on any social media platform. Be skeptical of anyone who contacts you that you don’t know personally.
• This attack exploits your excitement of winning a prize to get you to act impulsively. Don’t let the bad guys play with your emotions.
• Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!

 

3/24/21 - Malicious Mobile Apps in Disguise

Google recently removed a number of dangerous mobile applications (apps) from the Google Play store. These were disguised as generic VPN and audio control apps that appeared to be safe, but once installed, they tricked victims into allowing downloads from untrusted sources.

If you download a disguised app and fall victim to this scam, a dangerous piece of malicious software (malware) is installed on your device. The malware adds malicious code into your financial apps, giving the bad guys access to your banking and credit card accounts. Over time, cybercriminals use this malware to gain complete control over your device and use it however they please.

This is not the first time that malicious apps were found on Google Play or on the Apple app store—and it won’t be the last. When you download applications, remember these tips:

• Read reviews and ratings for the app. Look for reviews that are critical or reviews with three stars or less, as these are less likely to be fake.
• Avoid apps with few or no reviews and apps that have a low number of downloads.
• Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores—including cybercriminals.

 

3/17/21 - Scammers Use FINRA as Phish Bait

Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!

The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you've got more questions regarding this letter don't hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.

Here’s how you can stay safe from similar attacks:

• By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.
• Watch for poor spelling and grammar in supposedly-official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesistate”.
• Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.

3/10/21 - LinkedIn File Sharing Scam

LinkedIn is a networking site used to connect with colleagues, employers, and other business contacts. Even though LinkedIn is designed for professionals, it is just as vulnerable as any other social media platform.

In a recent scam, cybercriminals use stolen LinkedIn accounts to message the contacts of those accounts. The message includes a link to a “LinkedInSecureMessage”—which is not a service that LinkedIn provides. The link takes you to an official-looking page that includes the LinkedIn logo and a “View Document” button. If you click the button, a phony LinkedIn login page opens. Information entered on this screen will be sent straight to the cybercriminals who will likely sell your account for use in similar social networking scams.

Don’t fall for it! Remember these tips:

• Stay up-to-date on which features your accounts and platforms offer. For example, LinkedIn does not offer a file sharing feature.
• Never trust a link in a message that you were not expecting. If you think the notification could be legitimate, reach out to the sender by phone to be sure.
• Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!

3/3/21 - Shipping Scam Spoofs “Dhl Express”

Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:

Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.

How many red flags did you see? Remember the following tips:

• Look for poor grammar and capitalization. For example, the sender name “Dhl” should be “DHL”. Also, in the body of the email, the word “Please” is in the middle of a sentence, so this should be lowercase.
• Check the file type. The email attachment is a .html file, but most legitimate documents are shared as PDFs, spreadsheets, or word documents. HTML files are designed to be opened in a web browser, much like a link to a website.
• Watch out for anything out of the ordinary. An Adobe PDF login window blocking what appears to be a Microsoft Excel file is quite unusual.

2/24/21 - Exploiting the Coronavirus: Vaccine Invitation Scam

Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.

A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.

Follow these tips to stay safe from similar scams:

• We all want the pandemic to be over and this attack tries to exploit those feelings. Don’t let the bad guys toy with your emotions. Think before you click!
• Don’t trust an email. Visit an official government website or a trusted news source for information on vaccine availability.
• Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.

2/17/21 - Phishing with Phony Loans

A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.

The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.

Here’s how you can stay safe from scams like this:

• Think before you click! Desperate times call for diligent measures.
• If you or your organization need financial help, reach out to legitimate and well-known programs—don’t trust an unexpected email.
• Stay up-to-date on your country’s relief efforts by following local news and other trusted sources.

2/10/21 - Smishing with PayPal

A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We've permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.

Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.

While this is an advanced attack, you can still stay safe by practicing the tips below:

• Check for poor grammar in supposedly-official messages. Did you catch the grammatical error in the example above? It asks you to “click link below” instead of “click the link below”.
• Question the situation. For example, did you give PayPal your mobile number? And did you ever sign up to receive text notifications?
• Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, navigate to the official website and log in there.

 

2/3/21 - Advanced Look-alike Login Pages

Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.

Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.

While this is an advanced attack, you can still stay safe by practicing the tips below:

• Never click a link in an email that you were not expecting.
• Remember that any site, brand, or service can be spoofed.
• When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.

1/27/21 - Romantic Investment Scams

Let’s be honest, the age of social distancing can leave us feeling lonely. To make matters worse, bad guys are leveraging our loneliness for their scams. Romance-related scams are growing more popular and more complex.

In the latest romance-related scam, bad guys use a dating app to find their target, build a relationship, and establish trust. Once you trust them, the scammer will share financial tips and invite you to an exclusive investment site—which is actually a scam. Your new “friend” will guide you through opening an account, buying financial products, and building your investments. Then, one day, all communication stops and you’re left wondering where that money has gone.

Don’t fall for it! Remember these tips:

• Romance scams aren’t exclusive to dating apps. The technique could easily be used on social media as well. Be skeptical of anyone who contacts you that you don’t know personally.
• This attack exploits the loneliness of life during a pandemic. Don’t let the bad guys play with your emotions. Think before you click!
• Remember, if something sounds too good to be true, it is probably a scam.

 

1/20/21 - Exploiting the Coronavirus: Financial Assistance Scams

While the world continues to navigate life during a pandemic, countless families and individuals are struggling financially. In a truly malicious response to the situation, scammers are launching phishing attacks that claim to offer financial assistance to those in need.

The phishing email impersonates your local government and it states that you are eligible to receive financial aid. You’re directed to click a link in the email for more information. If you click the link, you are taken to a phony government website. The site asks for personally identifiable information, including your social security number. Once you’ve provided this information, the site claims that you will be contacted regarding your aid. Don’t be fooled! Anything you enter here is sent directly to the cybercriminals.

Here’s how you can stay safe from scams like this:

• Never click on a link in an email that you weren’t expecting. Even if the sender appears to be a legitimate organization, the email address could be spoofed.
• Stay up-to-date on response efforts through official government websites and trusted news sources.
• If you feel the email could be legitimate, use another means of communication to reach out to the sender, such as calling their official phone number—not the one listed in the suspicious email.

 

1/13/21 - Watch Out for US Capitol and Parler Scams

Last week, a rally held in the United States Capitol escalated when protestors stormed the Capitol building. This event was later linked to posts on the social media platform Parler. The controversial events at the Capitol and related use of Parler has led both Apple and Google to remove the app from their respective app stores.

Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing this event and the Parler app in their phishing attacks and social media disinformation campaigns.

Here are some tips to stay safe:

• Watch out for Parler-related emails—especially those that offer an alternative way to download or install the app.
• Be suspicious of emails, texts, and social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
• No matter how shocking the news, always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively.

 

1/6/21 - Man’s Best Friend is a Scammer’s Best Bait

With stay-at-home orders in place across the globe, many people are buying new pets to help them feel more connected. Unfortunately, shoppers who are looking for a furry friend may be in for a big surprise. Cybercriminals are creating phony online pet shops that advertise unbelievable prices on purebred pups.

These malicious pet shop sites include poorly-written testimonials from alleged buyers that often don’t make sense. For example, one testimonial claimed that their “German Shepherd baby had hatched”. If you overlook these phony testimonials and click the “Buy Me!” button under the photo of an adorable puppy, you’ll be taken to a contact page to begin your email conversation with the supposed seller. Via email, the scammers will ask you to pay for your pup using Bitcoin or a service provider, such as Paypal. Of course, any money you send goes straight to the bad guys and you’ll never receive your pup.

Here are some tips to avoid this ruff scam:

• Always be wary of websites with poorly-written information, including testimonials and reviews from customers.
• Remember, if a price sounds too good to be true—it is! Purchasing a purebred dog is typically very expensive, so scammers are trying to use low prices to trick you into acting impulsively.
• If you are in the market for a new pet, be sure to research the rescue shelter, pet adoption agency, or licensed breeder before making a purchase.