Do you use Adobe Cloud? Have you received an email saying you’ve been sent files via Adobe Cloud recently? If the answer to both is “yes.” you’ve probably been scammed.
According to Hoax-Slayer, “the email is a phishing scam designed to steal your email account password and has no connection to Adobe. If you click the link, you will be taken to a website that appears to host a business-related spreadsheet. However, the spreadsheet is greyed out and a pop-up box claims that you must enter your email password to gain full access. If you do enter your password, it will be collected by the scammers and used to hijack your email account and any online services that are linked to it.” Keep safe out there.
Microsoft Phishing Scam
Microsoft is one of the most abused brands by scammers and this week the scammers were trying to keep the Microsoft numbers up. This week’s ploy? The “unusual sign-in activity” phishing email.
From Hoax-Slayer, “The email, which purports to be from the Microsoft Team, claims that the company has detected something unusual about a recent sign-in to your Microsoft account. However, the email is not from Microsoft and the claims about a suspect sign-in are just a trick to get you to click the link. It is a phishing scam designed to steal your account login credentials.”
COVID-19 UK Phishing Scam
Getting laid off due to COVID-19 really stinks. Do you know what stinks worse? Getting targeted by a phishing scam because you got laid off due to COVID-19.
From Meta Compliance, “Just hours after the UK government opened its furlough scheme for applications, opportunistic fraudsters targeted organisations with a devious furlough phishing scam with the aim of stealing bank account details. In an effort to trick those seeking furlough support, the scam is cleverly disguised as an official email from HM Revenue & Customs, with the subject line ‘Your COVID-19 Relief Package’.” But, of course, it’s a phishing scam that can reach your inbox without email security services. Told you it stinks worse.
We’re always impressed when scammers can do more with less. Such is the case this week with a vulnerability found in Samsung mobile phones that requires…zero clicks.
From SC Magazine, “The problem only exists within Samsung phones running Android version 4.4.4 or later. This version was first offered in late 2014 but is still actively developed by the vendor with the latest version being pushed out on January 10, 2020 or just before Samsung was informed of the problem on January 28.” Check your Samsung phone and get it patched.
Favicon Credit Card Skimming Malware
You may not know what a favicon is, but you’ve seen them. They are the small icons associated with a website like the “W” in Wikipedia. Usually you can click on them to return to the home page. What would you say if I told you favicons have been found to contain credit card skimming malware? Turns out, it’s true.
According to SC Magazine, “Malicious actors set up an entire online repository of malicious, credit card skimmer-laden favicons to lure in companies looking for a graphic to appear in their browser tab.” It’s getting to the point where you can’t click on anything anymore without taking a risk.
You just knew the hackers weren’t going to slow down and take it easy on healthcare organizations during the COVID-19 pandemic, regardless of what they promised. And of course, they haven’t.
From SC Magazine, “various ransomware groups attacked Fresenius, Europe’s largest private hospital operator, as well as a pair of U.S.-based plastic surgery clinics. Germany-based Fresenius, has experienced disruptions across its global operations after being hit with the malicious Snake encryptor. DataBreaches.net reported both of the plastic surgery attacks, speculating that perhaps the two incidents were made possible by the compromise of a shared vendor or business associate.”
Sedwick County Gift Card Scam
If you’ve been following the news at all, then you know scammers’ favorite payoff is no longer cash but is now gift cards. Such was the case in Sedgwick County, Kansas which was recently hit by an email scam.
From the kansas.com website, “A Sedgwick County employee was duped into using $800 in taxpayer money to buy gift cards in a phishing scam. The email asked the person to buy gift cards to ‘recognize employees in the Sedgwick County Public Safety’.” They were just trying to do a good deed.
And that’s the week that was.