Ever since the pandemic, phishing attacks on Amazon have skyrocketed. Afterall, more people are shopping online. Such is the case in Taylorville, Ill where “A new email phishing scam is making its way to people’s emails, according to the Taylorville Police Department.”
According to the report, “An email that looks like it’s from Amazon said there was a problem renewing their Amazon Prime Account. The email then gives the user a prompt to find the documents attached to follow on-screen instructions. The instructions then ensure there isn’t a problem with the renewal by gaining personal information.” Yeah, it’s a scam.
Continue reading “Cyber Security News Update – Week 22 of 2020” »
That email alert from DHL telling you your package is on the way. Yeah, it’s a phishing scam, but it’s a little more relaxed than you might expect.
From Naked Security, “The crooks are following a much more relaxed formula that doesn’t say much more than, ‘Hey, here’s how to track your delivery,’ which is the sort of message you might reasonably expect when you order something, or when someone orders something for you. They aren’t in it for the money up front – indeed, they never intend to bill you at all, because it’s your personal data that they’re after instead.” That can be just as bad.
Continue reading “Cyber Security News Update – Week 21 of 2020” »
Do you use Adobe Cloud? Have you received an email saying you’ve been sent files via Adobe Cloud recently? If the answer to both is “yes.” you’ve probably been scammed.
According to Hoax-Slayer, “the email is a phishing scam designed to steal your email account password and has no connection to Adobe. If you click the link, you will be taken to a website that appears to host a business-related spreadsheet. However, the spreadsheet is greyed out and a pop-up box claims that you must enter your email password to gain full access. If you do enter your password, it will be collected by the scammers and used to hijack your email account and any online services that are linked to it.” Keep safe out there.
Continue reading “Cyber Security News Update – Week 20 of 2020” »
First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans. From ABC7 in Chicago, “More help is on the way for small businesses struggling because of the pandemic. Nearly 500,000 loans, totalling $52 billion, have already been approved. It’s the second round of help for businesses, but along with waiting for money, owners are also facing scammers.” Continue reading “Cyber Security News Update – Week 19 of 2020” »
Invest your money with Schwab? Keep a look out for the latest phishing scam. According to Scamicide, “a new phishing email presently being sent to unsuspecting people that appears to come from Schwab. This particular one came with a Schwab logo. A telltale sign that this is a phishing email is that the email address of the sender was one that has nothing to do with Schwab and was most likely part of a botnet of computers infected by scammers and then used to send out the phishing email in a way that is not readily traceable back to the scammer.” Be careful out there.
Continue reading “Cyber Security News Update – Week 18 of 2020” »
A phishing scam that uses what to scam you? Hand sanitizer? That according to WHNT News.
“A phishing email went out to businesses saying the BBB had antiviral, antibacterial hand sanitizer that was being offered exclusively to those receiving the email. It said with only a few weeks until the area opens back up, businesses needed to be stocked. The email then encouraged them to click a link in order to get their supply of hand sanitizer. The BBB says this email was not sent from them, and was a scam.” Keep your hands clean, but not like that.
Continue reading “Cyber Security News Update – Week 17 of 2020” »
In what is rapidly becoming a theme of targeting remote workers, ITPro reports that “The Cofense Phishing Defense Center (PDC) has discovered a new phishing campaign that targets employees working from home during the coronavirus pandemic. PDC claims that hackers are attempting to harvest Cisco WebEx credentials using a security warning for the application and have successfully averted Cisco’s own Secure Email Gateway.”
Continue reading “Cyber Security News Update – Week 16 of 2020” »
When a healthcare organization tells me they suffered a data breach, I tend to believe them. When they tell me social security numbers were unaffected, I have to look a little deeper. Such is the case with the network of Affordable Urgent Care Clinics based in Texas.
An article online “officially confirmed a combination data breach-ransomware attack that exposed sensitive information. The company is claiming that social security numbers were not impacted in the incident, despite security experts having demonstrated that the attackers have published stolen documents containing patients’ and employees’ SSNs.” Things that make you go hmmmm.
Continue reading “Cyber Security News Update – Week 15 of 2020” »
If you’re like most people, you have a router in your home. It’s the little black box that gets internet connectivity from your ISP and distributes it throughout your home either via ethernet cable or via a wireless network. Did you know those routers are currently under attack by scammers looking to capitalize on the coronavirus pandemic? Continue reading “Cyber Security News Update – Week 14 of 2020” »
Apparently there’s someone out there using the idea that a family member has been a car wreck as an opportunity to phish you in Bowling Green, KY. “According to the Warren County Sheriff’s Office, if a family member was involved in a ‘wreck’ they do not need you to immediately send them money. Also, do not give out your date of birth or social security number.”
Continue reading “Cyber Security News Update – Week 13 of 2020” »
By now you should know that coronavirus is being used to phish victims. And now apparently, it’s also being used to launch ransomware…on smartphones. From SC Magazine, “A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access.”
Continue reading “Cyber Security News Update – Week 12 of 2020” »
Worried that your security certificate is out of date? You should be, but not because it’s out of date, but because the notice you get informing you it’s out of date is a scam.
Continue reading “Cyber Security News Update – Week 11 of 2020” »
We always get excited when we stumble upon a vulnerability that affects a billion of anything. Today’s star? Kr00k. It’s crime? Exposed Data from Over a Billion Wi-Fi Devices.
Continue reading “Cyber Security News Update – Week 10 of 2020” »
This week’s first scam comes courtesy of the U.S. Postal Service. From an article online, “USPS® and the Postal Inspection Service are aware of the circulation of a fake email/email scam claiming to be from USPS officials including the Postmaster General.
Continue reading “Cyber Security News Update – Week 9 of 2020” »
Got an Amex or a Chase credit card? Then you were the target of a new phishing campaign this week. According to Information Security Buzz, “A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the no button in the message to dispute the transactions will be redirected to a fake yet legitimate-looking Chase or American Express login site where they will go through a fake verification process that invites them to enter their username, password, birth date, social security number, as well as their bank and credit card information.” Continue reading “Cyber Security News Update – Week 8 of 2020” »
Our first scam of the week “Says it will pay for data breaches.” Really? You don’t say?
“A new phishing scam that masquerades as a U.S. government consumer agency is supposedly paying data breach victims for the loss of their personally identifiable information. Instead, once consumers enter their name, birthdate, credit card number and Social Security number, you can probably guess what happens next.” Yes, we can.
Continue reading “Cyber Security News Update – Week 7 of 2020” »
You know it’s a bad week when the scam of the week involves professional sports teams’ social media accounts getting hacked. From SC Magazine, “According to multiple news sources, the hackers compromised the NFL’s league Twitter and Facebook account, as well as social media accounts belonging to the Buffalo Bills, Arizona Cardinals, Chicago Bears, Cleveland Browns, Dallas Cowboys, Denver Broncos, Green Bay Packers, Houston Texans, Indianapolis Colts, Kansas City Chiefs, Los Angeles Chargers, Minnesota Vikings, New York Giants, Philadelphia Eagles, San Francisco 49ers and Tampa Bay Buccaneers.” A lot of teams lost this week…and they didn’t even play.
Continue reading “Cyber Security News Update – Week 6 of 2020” »
FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam. The company’s customers from across the country, including locals, have received a text message showing a tracking code and asking to click and set delivery preference. The link is fraudulent.”
Continue reading “Cyber Security News Update – Week 5 of 2020” »
Think you’re getting paid back for that data breach? Think again because it’s a scam. According to Kim Komando, “Scammers appear to have set up a website claiming to be run by the ‘US Trading Commission’ that promises financial compensation for the leakage of personal data.” There’s only one problem with this. There’s no such thing as the US Trading Commission. “Instead, this highly detailed fraudulent website preys upon hapless data breach victims.”
Continue reading “Cyber Security News Update – Week 4 of 2020” »
(San Diego, CA – January 16, 2020)
DuoCircle is pleased to announce that it recently received its AICPA Service Organization Control 2 (SOC 2) Type 1 Report. This report provides detailed information regarding DuoCircle’s policies and controls relevant to security, availability, and confidentiality of data. DuoCircle meets the SOC 2 standards for Security and Availability Trust Services Principles with zero exceptions listed.
Continue reading “For Immediate Release: DuoCircle Completes SOC 2 Compliance & Certification” »