This week’s scam target? Sneakers. The trap? Free sneakers.
From Hype Beast, “According to welivesecurity, messages are being sent that claim adidas is giving away 2,500 pairs of sneakers to honor its 69th anniversary. The process begins from a suspicious link on WhatsApp to a site that gathers your geolocation and IP address, that eventually leads to an archaic four-question survey that qualifies the individual for the free shoes. Of course, no shoes will ever be delivered to round out the scheme.” If it sounds too good to be true…
BB&T Phishing Scam
Branch Banking and Trust Company (BB&T) was used as the launching point for a phishing scam this week. From Scamicide, “The email is a scam and if you click on the links contained in the email, you will either be prompted to provide personal information that will be used to make you a victim of identity theft or alternatively, merely by clicking on the link, you will download keystroke logging malware that will steal your personal information from your computer or smartphone and use it to make you a victim of identity theft.” Just don’t click.
Server Admin Scam
If you receive an email that says it contains a “confidential image,” just know that the image is not confidential and the email is a scam. From Hoax-Slayer, “According to this email, the server administrator has sent you a confidential image. Supposedly, you can click a button in the email to view the image. The email includes the logo for the popular web hosting system cPanel. However, the email is not from any legitimate server administrator and has no connection to cPanel. Instead, the message is a phishing scam designed to steal your email account login credentials.” Just don’t click
Phishing Phrontier
More and more we’re seeing phishing attacks being initiated by something other than an email. This week’s example comes from CPO Magazine. “A large number of remote workers in particular have fallen victim to a new brand of cyberattack involving voicemail in recent weeks. The new threat, which comes in the form of voicemail phishing attacks, stands as the most recent attempt by cybercriminals to ride the wave of new targets brought about by a large number of employees relying on digital communication platforms like Zoom, Microsoft Teams, Slack, and Private Branch Exchange (PBX) in the wake of COVID-19.”
LinkedIn Fake Job Scam
Aerospace and defense employees sometimes look for new jobs, and the hackers know it. And that’s probably why they used fake job offers on LinkedIn to reel in their prey.
From SC Magazine, “A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East. To trick prospective victims, the attackers created fraudulent LinkedIn accounts impersonating human resources or hiring managers from various aerospace and defense companies, including Collins Aerospace and General Dynamic. Then they used LinkedIn’s messaging feature to reach out to targeted employees and offer an employment opportunity, in hopes of getting them to open a malicious file sent either directly through LinkedIn or via a combination of email and OneDrive.”
Body Count
Poor love-struck Aussies. They’re only crime was wanting to be in love and how did they get repaid? By getting scammed out of $11 million.
From 9 News in Australia, “Australians were nefariously stripped of more than $11 million in scams last month, with fake investment schemes and the hope of romance the most lucrative criminal ruses. Phishing was the most reported type of scam. Those most at risk of being ripped off were the elderly, aged over 65, with adults aged 35-44 next most vulnerable without any email security services.” The younger ones were no doubt the ones in love, or so they thought.
Alabama Ransomware Attack
Well, another city in Alabama wasn’t properly prepared to fight off a ransomware attack and what was their penalty? How about $300,000.
From Security Week, “A city in northern Alabama will pay a ransom worth $300,000 in Bitcoins in response to a hack of its computer system. Florence City Council voted unanimously at an emergency meeting Wednesday evening to make the payment from the city’s insurance fund in an effort to preserve information tied to its city workers and customers.” Let that be a lesson to you.
CIA Phishing Attack
You have to laugh when the so-called experts get taken to the cleaner, and that’s exactly what happened to the CIA this week, when a group tasked with protecting secrets, didn’t.
From Security Week, “A specialized CIA unit that developed hacking tools and cyber weapons didn’t do enough to protect its own operations and wasn’t prepared to respond when its secrets were exposed, according to an internal report prepared after the worst data loss in the intelligence agency’s history.” Like I said, you have to laugh.
And that’s the week that was.