4/1/20 – Exploiting the Coronavirus: Fear of Infection

The newest Coronavirus-themed phishing attack may be the most ruthless yet. The cybercriminals are sending emails that appear to be from a hospital and warn that you have been exposed to the virus through contact with a colleague, friend, or family member. Attached to the email is a “pre-filled” form to download and take with you to the hospital. Don’t be fooled. The attachment is actually a sophisticated piece of malware. This threat relies on panic and fear to bypass rational thinking. Don’t give in!

Remember to stay vigilant:

  • Think before you click. The bad guys rely on impulsive clicking.
  • Never download an attachment from an email you weren’t expecting.
  • Even if the sender appears to be from a familiar organization, the email address could be spoofed.

3/25/20 – Working From Home? Don’t Fall for This “Phony” Call

The Coronavirus Disease 2019 (COVID-19) pandemic has caused a massive shift in the number of employees who are working remotely. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams.

One scam involves cybercriminals calling you and posing as support personnel from the companies or services that your organization may be using to allow you to work remotely. Typically, the caller will try to gain your trust by stating your job title, email address, and any other information that they may have found online (or on your LinkedIn profile). Then, the caller claims that they will send you an email that includes a link that you need to click for important information. Don’t fall for this scam!

Remember the following to help protect yourself from these types of scams:

  • Never provide your personal information or work information over the phone unless you’re the one who initiated the call.
  • Scammers can spoof any number they’d like. Therefore, even if a call looks like it’s coming from a legitimate source, it could be a scam.
  • If you receive this type of call, hang up the phone immediately and notify the appropriate team in your organization.

3/18/20 – Safeguard Your Personal Data During the 2020 Census Season

It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.

By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!

This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:

  • If you receive an email to complete the 2020 Census survey, delete it! The U.S. Census Bureau will only send the official survey notification by mail, or if your survey response is late, an official Census Bureau worker may come to your home to ensure you have received the census.
  • If a Census Bureau worker visits your home, verify that they are who they claim to be. A valid ID badge should have the worker’s photograph, a U.S. Department of Commerce watermark, and an expiration date. If you’re still unsure, call your Regional Census Center and speak with a Census Bureau representative.
  • Remember, the Census Bureau will never ask for the following: your Social Security number, your bank account or credit card numbers, anything on behalf of a political party, donations, or money.

3/11/20 – Exploiting the Coronavirus: Watch out for These Scams!

Look out! The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus (COVID-19).

Below are some examples of the types of scams you should be on the lookout for:

  1. Emails that appear to be from organizations such as the CDC (Centers for Disease Control), or the WHO (World Health Organization). The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments.
  2. Emails that ask for charity donations for studies, doctors, or victims that have been affected by the COVD-19 Coronavirus. Scammers often create fake charity emails after global phenomenons occur, like natural disasters, or health scares like the COVID-19.
  3. Emails that claim to have a “new” or “updated” list of cases of Coronavirus in your area. These emails could contain dangerous links and information designed to scare you into clicking on the link.

Remain cautious! And always remember the following to protect yourself from scams like this:

  • Never click on links or download attachments from an email that you weren’t expecting.
  • If you receive a suspicious email that appears to come from an official organization such as the WHO or CDC, report the email to the official organization through their website.
  • If you want to make a charity donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails, or other messages.

3/4/20 – Convincing Smishing Scam from a Popular Mobile Carrier

Not only do internet criminals phish your email inbox, they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.

Recently, smishing scammers have been sending text messages that appear to come from the popular cell phone service provider, Verizon. The text message is designed to look like a security alert. It warns you to click the link and validate your account before your account access is disabled. If you fall for this alert and click on the link, you’re brought to a very convincing fake website that looks identical to Verizon’s login page. You’re instructed to sign in to your account to “validate your account security”, but if you mistakenly enter your credentials here, the attackers will have your login information and be able to take over your account.

Remember the tips below to protect yourself from smishing scams:

  • Links sent through text messages are usually shortened. Therefore, you can’t see where the link will actually take you. If your mobile device allows it, before clicking the link, hold your finger down to see the full web address of where the link will take you.
  • Always log in to your online accounts through your phone’s browser or through the mobile application you’ve installed on your phone, instead of clicking an unexpected link.
  • Never use the same password for multiple accounts. If you did fall for a scam such as this you may not even realize it happened, but the attackers would be able to break into all of the accounts where you use the same password.

2/26/20 – Watch Out for Malicious Apps in Your App Store

Google recently removed several applications (apps) from their Google Play store because they contained a strain of “clicker” malware that can view your sensitive data and even make in-app purchases on your behalf. Even though they have now removed these apps there could still be more they don’t know about.

This is not the first time that applications with “clicker” malware have been removed from official Android and Apple app stores, and it will not be the last. Ensuring the security of mobile applications is an ongoing challenge.

Consider the following before downloading any application:

  • Do your research: Read app reviews, but make sure they’re not fake or staged! Be wary of applications that don’t have any reviews.
  • Avoid applications that have a low number of downloads.
  • Look for strange context or spelling errors in the application’s description.
  • Consider investing in cybersecurity protection for your mobile device.

When in doubt, avoid downloading questionable applications, and look for a safer alternative.

2/19/20 – Watch Out for This Clever New Credit Card Phishing Scam

Look out! The bad guys are sending a new, attention-grabbing phishing email and they’re targeting the customers of major credit card companies.

Here’s how it works: The email appears to come from one of two well-known credit card companies, either American Express or Chase. The email includes a list of credit card transactions, and you’re asked to confirm or deny whether the transactions are valid. If you click the “No, I do not recognize the transactions” link, you’re brought to a fake login page that looks very similar to the credit card company’s actual login page. Don’t fall for this trick! If you submit your login details, your information is immediately sent to the scammers and your account and your identity will be at risk.

Remember the following to help protect yourself from these types of scams:

  • Do not trust the links in an email that you weren’t expecting.
  • When you receive an email asking you to log in to an account or online service that you use, log in to your account through your browser–not through links in the email. This way, you can ensure you’re logging into the real website and not a phony look-alike.
  • Do not reuse passwords. If you use the same password for multiple accounts and one gets hacked, they’re all at risk of being hacked.

2/12/20 – Another SMS Scam – PayPal Edition

Cyber scammers don’t limit their phishing attacks to your email inbox, they love texting your mobile device too! Their current text, or Short Message Service (SMS), scam uses PayPal as the bait.

The text message claims to be from PayPal, and it states that there has been unusual activity detected on your account. If you click on the link in the text, you’re taken to a phishing site that looks almost identical to PayPal’s login page. You are prompted to enter your email address and then your password. Once you’ve gotten this far, you’re asked to enter your mother’s maiden name, your home address, and your financial details. Do not enter any of your information! If you do, your details are immediately sent to the attackers, and your account and your identity are at risk.

Always remember the following to help protect yourself:

  • Never click on links in a text message or an email that you weren’t expecting.
  • When you receive a message asking you to log in to an account or online service, navigate to the login page from your phone’s browser or use the service’s official mobile application. This way, you can ensure you’re logging in to the real website.
  • Do not reuse passwords. If you use the same password for multiple accounts and one gets hacked, they’re all at risk of being hacked.

Stop, Look, and Think. Don’t be fooled.