It’s always good when you can get a heads up on scams coming at you. This one courtesy of TechRepublic. According to an article there, here are the phishing email subject lines you need to be on the lookout for:
- Password Check Required Immediately
- Vacation Policy Update
- Branch/Corporate Reopening Schedule
- COVID-19 Awareness
- Coronavirus Stimulus Checks
- List of Rescheduled Meetings Due to COVID-19
- Confidential Information on COVID-19
- COVID-19 – Now airborne, Increased community transmission
- Fedex Tracking
- Your meeting attendees are waiting!
Thanks to TechRepublic for that.
Expecting some grant money for COVID-19 relief? Forget about it; it’s a scam.
This from a local news site, “Recently, people are stepping forward reporting to BBB’s ScamTracker they’ve received an email, message through Instagram, or a text message from a friend stating they’ll get money from a COVID-19 ‘Global Empowerment Fund’ or other similarly named fund. All the recipient is required to do is respond to the message with banking account information and the funds will be transferred to it. The messaging sounds legitimate because it claims to come from the Federal Trade Commission or another government agent. However, the FTC warns there is no money and there is no fund of such kind.” You’ve been warned.
Cloud technology is used for everything today, and apparently that includes launching a phishing attack. The victim this time? Google Cloud Services.
According to SC Magazine, “In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing a malicious link and uploaded to Google Drive. While Google ultimately suspended this particular hacker project and its URL as phishing abuse (as well as all associated URLs), it’s unclear how much damage might have been inflicted before being discovered.”
Well here’s a clever twist on ransomware. Normally ransomware encrypts a company’s data and asks for a ransom in exchange for encrypting the data. Now, news comes out this week that there’s ransomware targeting…industrial software. Rather than encrypt data and ask for a ransom, this attack kills operational processes and asks for a ransom.
“Many ransomware families are designed to kill certain types of running processes. They might target security products to prevent them from blocking the attack and they can also terminate critical system processes.”
This was not a good week to be a US Presidential candidate. According to SC Magazine, Joe Biden, the presumptive Democratic nominee for President, had his Twitter account hacked. “Verified Twitter accounts belonging to high-profile individuals like Joe Biden promised followers a large pay out if they’d just send bitcoin to a block chain address — ostensibly to donate to Covid-19 community aid — after the social media platform was breached.” That wasn’t the end of it.
This was not a good week to be a tech icon either. According to Security Week the Twitter accounts of some of the biggest tech companies and tech leaders were hit with the same Twitter attack. “The official Twitter accounts of Apple, Elon Musk, Jeff Bezos and others were hijacked on Wednesday by scammers trying to dupe people into sending cryptocurrency bitcoin, in a massive hack.”
Former President Barack Obama was also a victim. So, I guess it doesn’t matter if you’re running for President or you were already President. Those are equal opportunity hackers.
Scientist Phishing Attack
Finally, this was also not a good week to be a scientist investigating coronavirus. From ZDNet, “Russian hackers are targeting coronavirus scientists with phishing and malware attacks. Advisory from the UK’s National Cyber Security Centre warns of an active spear-phishing campaign by APT 29 – a hacking group associated with Russian intelligence services – in an effort to steal research data.” They advised using email security services. Next week can’t get here soon enough.
And that’s the week that was.