Invest your money with Schwab? Keep a look out for the latest phishing scam. According to Scamicide, “a new phishing email presently being sent to unsuspecting people that appears to come from Schwab. This particular one came with a Schwab logo. A telltale sign that this is a phishing email is that the email address of the sender was one that has nothing to do with Schwab and was most likely part of a botnet of computers infected by scammers and then used to send out the phishing email in a way that is not readily traceable back to the scammer.” Be careful out there.
A phishing scam that uses what to scam you? Hand sanitizer? That according to WHNT News.
“A phishing email went out to businesses saying the BBB had antiviral, antibacterial hand sanitizer that was being offered exclusively to those receiving the email. It said with only a few weeks until the area opens back up, businesses needed to be stocked. The email then encouraged them to click a link in order to get their supply of hand sanitizer. The BBB says this email was not sent from them, and was a scam.” Keep your hands clean, but not like that.
In what is rapidly becoming a theme of targeting remote workers, ITPro reports that “The Cofense Phishing Defense Center (PDC) has discovered a new phishing campaign that targets employees working from home during the coronavirus pandemic. PDC claims that hackers are attempting to harvest Cisco WebEx credentials using a security warning for the application and have successfully averted Cisco’s own Secure Email Gateway.”
When a healthcare organization tells me they suffered a data breach, I tend to believe them. When they tell me social security numbers were unaffected, I have to look a little deeper. Such is the case with the network of Affordable Urgent Care Clinics based in Texas.
An article online “officially confirmed a combination data breach-ransomware attack that exposed sensitive information. The company is claiming that social security numbers were not impacted in the incident, despite security experts having demonstrated that the attackers have published stolen documents containing patients’ and employees’ SSNs.” Things that make you go hmmmm.
If you’re like most people, you have a router in your home. It’s the little black box that gets internet connectivity from your ISP and distributes it throughout your home either via ethernet cable or via a wireless network. Did you know those routers are currently under attack by scammers looking to capitalize on the coronavirus pandemic?(more…)
Apparently there’s someone out there using the idea that a family member has been a car wreck as an opportunity to phish you in Bowling Green, KY. “According to the Warren County Sheriff’s Office, if a family member was involved in a ‘wreck’ they do not need you to immediately send them money. Also, do not give out your date of birth or social security number.”
By now you should know that coronavirus is being used to phish victims. And now apparently, it’s also being used to launch ransomware…on smartphones. From SC Magazine, “A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access.”
Worried that your security certificate is out of date? You should be, but not because it’s out of date, but because the notice you get informing you it’s out of date is a scam.
This week’s first scam comes courtesy of the U.S. Postal Service. From an article online, “USPS® and the Postal Inspection Service are aware of the circulation of a fake email/email scam claiming to be from USPS officials including the Postmaster General.
Got an Amex or a Chase credit card? Then you were the target of a new phishing campaign this week. According to Information Security Buzz, “A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the no button in the message to dispute the transactions will be redirected to a fake yet legitimate-looking Chase or American Express login site where they will go through a fake verification process that invites them to enter their username, password, birth date, social security number, as well as their bank and credit card information.” (more…)
Our first scam of the week “Says it will pay for data breaches.” Really? You don’t say?
“A new phishing scam that masquerades as a U.S. government consumer agency is supposedly paying data breach victims for the loss of their personally identifiable information. Instead, once consumers enter their name, birthdate, credit card number and Social Security number, you can probably guess what happens next.” Yes, we can.
You know it’s a bad week when the scam of the week involves professional sports teams’ social media accounts getting hacked. From SC Magazine, “According to multiplenews sources, the hackers compromised the NFL’s league Twitter and Facebook account, as well as social media accounts belonging to the Buffalo Bills, Arizona Cardinals, Chicago Bears, Cleveland Browns, Dallas Cowboys, Denver Broncos, Green Bay Packers, Houston Texans, Indianapolis Colts, Kansas City Chiefs, Los Angeles Chargers, Minnesota Vikings, New York Giants, Philadelphia Eagles, San Francisco 49ers and Tampa Bay Buccaneers.” A lot of teams lost this week…and they didn’t even play.
FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam. The company’s customers from across the country, including locals, have received a text message showing a tracking code and asking to click and set delivery preference. The link is fraudulent.”
Think you’re getting paid back for that data breach? Think again because it’s a scam. According to Kim Komando, “Scammers appear to have set up a website claiming to be run by the ‘US Trading Commission’ that promises financial compensation for the leakage of personal data.” There’s only one problem with this. There’s no such thing as the US Trading Commission. “Instead, this highly detailed fraudulent website preys upon hapless data breach victims.”
DuoCircle is pleased to announce that it recently received its AICPA Service Organization Control 2 (SOC 2) Type 1 Report. This report provides detailed information regarding DuoCircle’s policies and controls relevant to security, availability, and confidentiality of data. DuoCircle meets the SOC 2 standards for Security and Availability Trust Services Principles with zero exceptions listed.
If it’s in the news, it will probably be used in a scam shortly thereafter, and such was the case this week. According to an article on Bleeping Computer, “An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials.”
There were pre-holiday phishing attacks and holiday phishing attacks. So, it should come as no surprise that there are post-holiday phishing attacks. According to KLFY.com, phishing emails are targeting shoppers with post-holiday offers.
“Here’s how the scam works: You receive an unsolicited email or text message that appears to be from a major retailer claiming you have a new reward. Experts have seen scammers use the names of Amazon, Kohls, and Costco… but any company can be spoofed. You open the message, and it looks real. It includes a company logo, colors, and a link to claim the reward points or gift from your recent holiday shopping.” You’ve been warned.
DuoCircle is a cloud-based email security solutions company and DuoCircle is offering a Free MX Backup Services account to help ease some of the business impact that the fires have had on Australia.
Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data. According to The Payers, “researchers have spotted an ongoing phishing campaign targeting PayPal customers, where hackers are trying to gain access to customers’ credentials to the payment service.”
The article went on to say, “Targeted customers receive emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices, with the hidden purpose of stealing all their credentials and financial info. To make sure that the potential victims are willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they are secured by confirming their identity.”
