Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Voice Phishers Targeting Corporate VPNs
The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.
From “Krebs on Security” Brian Krebs (8/19/2020)
OUCH! Newsletter: Video Conferencing Safely and Securely
With so many of us now working from home, you are most likely finding yourself remotely connecting with your co-workers using virtual conferencing solutions like Zoom, Slack, or Microsoft Teams. Your family members - perhaps even your children – may also be using these same technologies to connect with friends or for remote learning. Regardless of why you are connecting, here are key steps you can take to make the most of these technologies safely and securely.
From “SANS” Lodrina Cherne (8/05/2020)
27% Of Consumers Hit With Pandemic-Themed Phishing Scams
Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic, TransUnion reveals. “From the impacts of phishing and other well documented COVID-19 scams like unemployment fraud, it’s clear that fraudsters have the data and increasing opportunities to create synthetic identities and utilize stolen identities,” said Shai Cohen, senior vice president of Global Fraud & Identity Solutions at TransUnion.
From “Help Net Security” (7/24/2020)
Hackers will begin by sending low-level employees emails that look trustworthy, but might include links directing them to a scam website that asks them to input their username and password. Once they have access to that employee's account, they can use it to send trustworthy-seeming emails to others in the company.
From “Business Insider” Aaron Holmes (7/18/2020)
Copycat Hacking Groups Launch DDoS Attacks
Each attack is preceded by an email sent to the victim explaining it will be hit with a DDoS attack if the ransom is not paid by a preset date. If the victim declines to pay the attackers by that time, a five-bitcoin per day penalty is applied until the deadline is reached. At that point an attack is launched.
From “Bank Info Security” Doug Olenick (8/18/2020)
5G Brings Benefits, But Also Heralds Fresh Security Threats
The continuing rollout of the fifth generation of mobile networks and technologies, known collectively as 5G, is set to radically transform the business world. Incredible new speeds, dramatically reduced latency and fresh swathes of bandwidth will allow real-time connectivity on a whole new scale. Smart cities, autonomous vehicles and augmented reality present amazing opportunities, so it’s no surprise that investment in 5G technologies from governments and businesses is enormous and growing. Amid the excitement of all this technological promise, significant new dangers are being overlooked.
From “Forbes” Steve Durbin (8/11/2020)
2020 Census: Visiting Homes And Sending Emails
Scammers may pose as census takers to get your personal information — and then use it to commit identity theft and other frauds. But there are ways you can identify official census takers. The Census Bureau will never ask for your full Social Security number, bank account or credit card numbers, money or donations, or anything on behalf of a political party. The 2020 Census will not ask citizenship status.
From “Federal Trade Commission” Colleen Tressler (8/19/2020)
Scams In Between Stimulus Packages
Never pay up front for mortgage help. In fact, it’s illegal for companies to charge you before they help you with your mortgage — but that doesn’t stop scammers from trying. If you find yourself behind on your mortgage, talk with your mortgage servicer right away to see what options you have. And whether you own or rent, it’s worth talking with a legal services organization if you feel like things are taking a hard turn south toward foreclosure or eviction.
From “Federal Trade Commission” Jennifer Leach (8/11/2020)
You’re More Likely To Fall For A Netflix Phishing Scam Than Ever – Here’s How To Stay Safe
A greater number of Netflix phishing scams are circulating the internet than ever before, thanks to a dramatic increase during lockdown. Analysis of the entire lockdown period (March-July 2020) uncovered a 646% increase in the number of phishing URLs targeting Netflix users, compared with the same period in 2019.
From “Tech Radar” Joel Khalili (8/10/2020)
Small Businesses Targeted With Unauthorized Withdrawals
The last thing struggling small business owners need right now is to have money unlawfully taken from their pockets. According to a complaint filed today by the FTC, that’s exactly what a company that offered financing to small business did to its customers.
From “Federal Trade Commission” Rosario Méndez (8/03/2020)
How Threat Actors Are Bypassing Two-Factor Authentication For Privileged Access
While multifactor authentication is still a security best practice, there have been recent attack vectors that circumvent the mitigation controls it provides and prove once again that no security solution is 100% effective.
From “Forbes” Jeff Hughes (8/21/2020)
Phishing Campaign Spoofs SBA Loan Offer
Because this phishing scam closely spoofs the SBA email address and loan application, it could prove difficult to detect that it's fraudulent. Those who receive an email about a loan application should call the SBA to check its legitimacy.
From “Bank Info Security” Prajeet Nair (8/10/2020)
OkCupid: Hackers Want Your Data, Not A Relationship
If a victim clicks on a crafted link -- potentially sent personally through the app or posted on a public forum -- PII, profile data, user characteristics -- such as those submitted when profiles are created -- preferences, email addresses, IDs, and authentication tokens could all be compromised and exfiltrated to the attacker's command-and-control server (C2).
From “ZDNet” Charlie Osborne (7/29/2020)
Malware Is Down, But IoT And Ransomware Attacks Are Up
The first half of 2020 saw malware decline 24% globally, but IoT attacks and ransomware are up, with the US seeing a staggering 109% rise in ransomware, according to new data from the security company SonicWall. In the first six months, global malware attacks fell 24%, to 3.2 billion from 4.8 billion in the year-earlier period, according to SonicWall's midyear threat report. The drop is the continuation of a downward trend that began last November, the company said.
From “Tech Republic” Esther Shein (7/23/2020)
8 Tips For Crafting Ransomware Defenses And Responses
Ransomware-wielding attackers are increasingly doing much more than just crypto-locking systems with malware and demanding a payoff in return for the promise of a decryption tool.
From “Bank Info Security” Mathew J. Schwartz (7/29/2020)