It wouldn’t be a week if there was some scam aimed at Apple customers. Now comes word of a phony Apple phishing email. “Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple. As phishing emails go, this one is pretty good.”
“Obviously if you do not have an account with Apple you know that this is a phishing scam, but even if you do have an account with Apple, there are a number of indications that this is a phishing email. Legitimate companies would refer to your specific account number in the email. They also would specifically direct the email to you by your name. This email had no salutation whatsoever.”
YouTube
YouTube got into the phishing scam action this week. If you receive a notification from YouTube that says something to the effect of “We received a complaint that there are many spam videos on your YouTube channel…” and it includes a request for personal information, you can be sure it’s a scam.
US State Police
Now references to the State Police are being used to scam people. Found on Bleeping Computer, “A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if you send them $2,000 in bitcoins. Pretending to be from a state police detective is a new twist, but what really stands out is that they also include a contact phone number that can be used to call the scammer.”
“Users have reported receiving these emails from states such as California, Georgia, Florida, Minnesota, New York, and Tennessee.”
Phishing Phrontier
A new type of phishing attack appeared this week that uses server-parsed HTML (SHTML). According to SC Magazine, “This particular type of phishing uses SHTML file attachments with JavaScript code, that allows the unsafe URL to be disguised and hidden away from the user.”
It’s really nothing more than an email with a malicious HTML document attached. Opening the document launches the attack.
PowerPoint Malware
Now comes word of malware that can be launched without clicking on anything. As discovered on Extreme Tech, “Security firm Trend Micro says a new method of delivering malware has popped up that doesn’t require you to even click on anything. All you need to do is hover your mouse over the wrong link.”
The article goes on to say that at least it’s not a link directly embedded in an email. Rather it’s a link embedded in PowerPoint presentations.
Body Count
Sure a ransomware attack can cost you money if you do not have phishing protection. It can also leave you without electricity. According to an article on Help Net Security, “A ransomware attack aimed at City Power, the electricity provider for Johannesburg (aka Joburg), South Africa, has resulted in some residents temporarily without power.”
Apparently, the virus attacked the company’s database and software; affected customers’ ability to buy electricity and upload invoices; and affected the company’s ability to respond to outages.
School Districts
It’s one thing for hackers to go after big, bad corporations with no email security service. But it’s another thing when they go after school districts. And that’s exactly what they did when they hit THREE school districts in Louisiana. In fact, it was so bad, the governor declared a state of emergency.
According to SC Magazine, “In what is a first for Louisiana, its governor has declared a state of emergency after three school systems in the state were hit with cyberattacks. Gov. John Bel Edwards issued the declaration in response to cyber incidents that took place over the last few weeks at Sabine, Morehouse, and Ouachita parishes in North Louisiana.”
Capital One Bank
Even the big boys get hit sometimes. Capital One, the tenth largest bank in the US, was hit this week with a massive data breach impacting 106 million accounts. According to Security Week, “Capital One said on Monday that a malicious individual was able to exploit a vulnerability in cloud infrastructure used by the company and gain access to sensitive data on more than 100 million customers and credit applicants.” The good news is they caught the sucker that did it.
And that’s the week that was.