6/3/20 – Exploiting the Coronavirus: Massive Excel Phishing Attack
Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait. The phishing email looks like it is from the Coronavirus Research Center of John Hopkins University–a well known medical organization in the US. The email includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware.
If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely. Cybercriminals are using NetSupport Manager to gain complete control over a victim’s system; allowing them to steal sensitive data, install more malicious software, and even use the machine for criminal activities. Don’t be a victim!
Here are some ways to protect yourself from this scam:
- Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
- Never download an attachment from an email that you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
- Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.
5/27/20 – Exploiting the Coronavirus: Malicious Zoom Installer
Whether you’re working from home or trying to stay in touch with loved ones, video conferencing apps like Zoom are becoming the new normal. Cybercriminals have exploited this type of application before, but their latest scam may be the trickiest yet.
Scammers are sending out phishing emails with links to download the latest version of Zoom. When clicked, the link takes you to a third-party website–not the official Zoom site–to download an installer. If you download and run the file, the program truly does install Zoom. The trick is, the installer also places a remote access trojan (RAT) on to your computer. This RAT gives cybercriminals the ability to observe everything you do on your machine. This includes keylogging (saving what you type), recording video calls, and taking screenshots–all of which can be used to steal your sensitive information.
Don’t fall victim to this scam! Remember the following:
- If an email directs you to install or update an application, do not click on the link in the email. Instead, go directly to the official website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
- When using a work device, reach out to your IT department before installing any software. They can check that the application is legitimate and safe.
5/20/20 – Exploiting the Coronavirus: Phony COVID-19 Tracking
Countries around the world are developing COVID-19 tracking applications for mobile devices. These apps use digital tracking to help identify and notify users who have been in contact with someone diagnosed with the virus. Only a handful of countries have released this kind of app to the public, but cybercriminals are already using them as inspiration for scams.
The bad guys are sending phishing emails and smishing attacks (phishing via text messages) claiming that you have been in contact with someone diagnosed with Coronavirus. The message insists that you get tested and it includes a link that supposedly leads to a website where you can sign up for more information. The truth is, the link takes you to a malicious website that is designed to steal any information you enter and deliver it to the bad guys. Don’t be fooled!
Remember these tips:
- Never click on a link from an email or text message that you weren’t expecting–even if it appears to be from a legitimate organization.
- Think before you click. The scammers are expecting an impulsive click.
- Stay up-to-date on local regulations and containment efforts through official government websites and trusted news sources.
5/13/20 – Exploiting the Coronavirus: From Unemployed to Money Mule
Due to the Coronavirus crisis, unemployment numbers have skyrocketed. As usual, the bad guys are quick to take advantage of these hard times and are sending out phony work-from-home opportunities. Typically, these phishing emails contain grammar mistakes and offer minimal details about the hiring company and the job requirements. But the scammers still manage to grab your attention because the job opportunity includes a great paycheck.
Once accepted, these scammers ease the victim into their new “job”, by asking them to complete basic errands, but eventually they’re given the task of transferring funds from one account to another. Typically, these are stolen funds and the unsuspecting “employee” is being used as a money mule. Even though these victims are unaware of the crime they are committing, they can still face hefty fines and prison time.
Remember these tips and share them with your friends and family who may be looking for work:
- Be wary of emails with spelling or grammatical errors.
- Never trust unusual requests or job offers. If something doesn’t feel right, it probably isn’t.
- If you feel you have been solicited to be a money mule, contact your local authorities or report the situation to the appropriate federal agency.
5/6/20 – Exploiting the Coronavirus: Netflix is More Popular Than Ever – Especially with Cybercriminals
Long before the COVID-19 pandemic, bad guys were spoofing Netflix emails in an attempt to collect your sensitive information. With more and more people looking for at-home entertainment, Netflix has gained over 15 million new subscribers. Cybercriminals are happily taking advantage of this larger audience!
Netflix themed phishing attacks can vary from phony email alerts accusing you of non-payment to offering you free streaming access during the pandemic. Both of these strategies include a link that takes you to a fake Netflix page designed to gather your information and deliver it to the bad guys.
Use the following tips to stay safe:
- These types of scams aren’t limited to Netflix. Other streaming services like Disney+ and Spotify are also being spoofed. Remember that if something seems too good to be true, it probably is.
- Never click on a link that you weren’t expecting. Even if it appears to be from a company or service you recognize.
- When an email asks you to log in to an account or online service, log in to your account through your browser – not by clicking the link in the email. This way, you can ensure you’re logging into the real website and not a phony look-alike.
4/29/20 – Exploiting the Coronavirus: Smishing Violation!
Governments across the globe have created restrictions to help reduce the spread of Coronavirus. These regulations change often and vary by country, region, and city. So knowing exactly what is expected of you can be a challenge. It’s no surprise that the bad guys are taking advantage of this confusion!
Cybercriminals are using text messaging, or short message service (SMS), to pose as a government agency. The message says you have been seen leaving your home multiple times and as a result you are being fined. They urge you to click on their official-looking link to pay this “fine” online. If you click the link, you’ll be taken to a payment page where you can give your credit card details directly to the bad guys!
This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing because criminals know how to spoof their phone number to appear as though they’re calling from an official source. Be careful!
Here’s how to stay safe from this smishing attack:
- Think before you click. The bad guys want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
- Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
- Stay informed during this confusing time by following local news, government websites, and other trusted sources.
4/22/20 – Exploiting the Coronavirus: Re-opening your organization? The bad guys have a plan!
Recently, some countries have chosen to lift restrictions that were originally put in place to control the spread of COVID-19. Beware! The bad guys are already taking advantage of this news. They have crafted a well-written phishing email that appears to come from the VP of Operations in your organization. The message claims that your organization has a plan for reopening, and it instructs you to click on a link to see this plan. Clicking the link opens what appears to be a login page for Office365, but don’t be fooled! If you enter your username and password on this page, you would actually send your sensitive credentials directly to the bad guys.
Here’s how to protect yourself from this clever attack:
- Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.
- When an email asks you to log in to an account, do not click the link in the email. Instead, go directly to the website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
- This attack tries to exploit the restlessness and uncertainty of life in quarantine. Don’t let the bad guys toy with your emotions. Think before you click!
4/15/20 – Exploiting the Coronavirus: “PANDEMIC IS WITHIN, BEWARE!”
During this storm of COVID-19 phishing scams, the bad guys love posing as your trusted Human Resources department. One recent HR scam started with an overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a mess of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.
The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. Who could it be? Wasn’t Bill coughing last week? I just have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to quietly steal data through your organization’s network. Don’t be fooled!
Remember these tips:
- Watch for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
- Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source.
- When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.
4/1/20 – Coronavirus Stimulus Scams Surface
Fraudsters haven’t wasted any time with scams related to the coronavirus. In response to the federal stimulus package,the Better Business Bureau (BBB) reported that fraudsters have deployed a variety of scams involving coronavirus stimulus checks. The BBB Scam Tracker has received several reports of coronavirus scams where individuals are contacted through text messages, social media post /messages, or phone calls.
One version of the scam targets seniors through a Facebook post informing them that they can get a special grant to help pay medical bills. The link within the post takes them to a bogus website claiming to be a government agency called the “U.S. Emergency Grants Federation” where they are asked to provide their Social Security Number under the guise of needing to verify their identity. In other versions, fraudsters claim individuals can get additional money –up to $150,000 in some cases. The victims are asked to pay a “processing fee” to receive a grant.
In North Carolina, there are several reports of a coronavirus scam in which potential victims received phone calls. Fraudsters told the victims they qualified for a $1,000 to $14,000 coronavirus stimulus payment; however,they must first pay a processing fee.
Coronavirus direct payments will likely be in the form of direct deposits or through U.S. Treasury checks. Fraudsters may look to seize this opportunity to create counterfeit U.S. Treasury checks to use in their scams. Knowing when the stimulus checks will be issued, fraudsters could steal U.S. Treasury checks out of the mail and attempt to cash the. This was a common occurrence in the aftermath of Hurricane Sandy as fraudsters counterfeited and forged U.S. Treasury checks representing the Federal Disaster Assistance checks.
Fraudsters may also attempt to scam you into providing your account number under the pretense of direct depositing the stimulus payment to your account.
- Government agencies do not communicate through social media outlets, such as Facebook
- Never pay a fee for a government grant. A government agency will never request an advanced processing fee to receive the grant
- Beware of fake government agencies promoted by fraudsters. The only official list of all U.S. federal grant-making agencies can be found at www.grants.gov
3/25/20 – Phishing Attacks – what you need to know
Cybercriminals are using concerns about the coronavirus to launch phishing attacks.
While COVID-19, or the novel coronavirus, is capturing attention around the world, cybercriminals are capitalizing on the public’s desire to learn more about the outbreak. There are reports of phishing scams that attempt to steal personal information or to infect your devices with malware, and ads that peddle false information or scam products.
In one example, a phishing email that used the logo of the CDC Health Alert Network claimed to provide a list of local active infections. Recipients were instructed to click on a link in the email to access the list. Next, recipients were asked to enter their email login credentials, which were then stolen.
What Should You Do:
1. If you are looking for information on the coronavirus, visit known reputable websites like U.S. Center for Disease Control or the World Health Organization.
2. Be on the lookout for phishing emails which may appear to come from a trusted source. Remember, you can look at the sender’s details – specifically the part of the email address after the ‘@’ symbol – in the ‘From’ line to see if it looks legitimate.
3. Be wary of emails or phone calls offering unexpected or unprompted information. Also be aware of emails from unfamiliar sources that contain links or attachments. Do not click on these links, as they could be embedded with malware.
4. Although social media companies like Facebook are cracking down on ads spreading coronavirus conspiracies and fake cures, some ads may make it past their review process. Remember, it’s best to seek information on the disease from official sources like those mentioned above.
3/11/20 – Exploiting the Coronavirus: Watch out for These Scams!
Look out! The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus (COVID-19).
Below are some examples of the types of scams you should be on the lookout for:
- Emails that appear to be from organizations such as the CDC (Centers for Disease Control), or the WHO (World Health Organization). The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments.
- Emails that ask for charity donations for studies, doctors, or victims that have been affected by the COVD-19 Coronavirus. Scammers often create fake charity emails after global phenomenons occur, like natural disasters, or health scares like the COVID-19.
- Emails that claim to have a “new” or “updated” list of cases of Coronavirus in your area. These emails could contain dangerous links and information designed to scare you into clicking on the link.
Remain cautious! And always remember the following to protect yourself from scams like this:
- Never click on links or download attachments from an email that you weren’t expecting.
- If you receive a suspicious email that appears to come from an official organization such as the WHO or CDC, report the email to the official organization through their website.
- If you want to make a charity donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails, or other messages.