That email alert from DHL telling you your package is on the way. Yeah, it’s a phishing scam, but it’s a little more relaxed than you might expect.
From Naked Security, “The crooks are following a much more relaxed formula that doesn’t say much more than, ‘Hey, here’s how to track your delivery,’ which is the sort of message you might reasonably expect when you order something, or when someone orders something for you. They aren’t in it for the money up front – indeed, they never intend to bill you at all, because it’s your personal data that they’re after instead.” That can be just as bad.
USA President Phishing Scam
That email from President Trump containing Coronavirus Guidelines for America. Yeah, it’s a phishing scam too.
From KnowBe4, “New phishing scams impersonating President Trump and Vice President Pence are designed to install malware or be the start of an extortion scam. At a time when most Americans have both experienced and accepted the emergency alert system that allows texts from the President to be sent to every mobile phone, seeing an email without a proper email security service, from the President or Vice President doesn’t entirely seem too far-fetched.” Not far-fetched at all.
File this under this is scary. From SC Magazine, “Netwalker ransomware actors go fileless to make attacks untraceable.” That’s right, untraceable.
“Malicious actors have been spotted using an especially sneaky fileless malware technique — reflective dynamic-link library (DLL) injection — to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts. Instead of compiling the malware and storing it into the disk, the adversaries are writing it in PowerShell and executing it directly into memory.” Like I said, scary.
How does the saying go? Fool me once shame on you, fool me twice, shame on me. This week’s shame goes to Pitney Bowes, who after getting hit with a ransomware attack seven month ago did just little enough to ensure they got hit again this week.
From SC Magazine, “For the second time in a seven-month span, Pitney Bowes has been hit by a ransomware attack.” If they haven’t already figured it out, successfully getting hit with a ransomware attack makes it MORE likely that you’ll be hit again. I wonder what will happen seven months from now.
Diebold ATM Hack
If you make ATMs, probably the last thing you need is to get hit by a ransomware attack but that’s exactly what happened to Diebold this week, one of the largest manufacturers of ATM machines.
“ATM maker Diebold Nixdorf confirmed on Monday that it was recently hit by a piece of ransomware, but the company said the incident caused only a limited IT systems outage. The incident did not affect ATMs, customer networks, or the general public.” That’s their story and they’re sticking to it.
West Germany Phishing Scam
This one hurts. According to National Cybersecurity News, “The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding. The funds were lost following a classic phishing operation.”
Chalk this up to another COVID-related scam. When will it end? Probably never.
And that’s the week that was.