I hope to never receive an email from the United States Supreme Court. It couldn’t possibly be good news. I would be very suspicious. But there is one small group of people who, if they received such an email, might not be suspicious: C-suite executives. And that’s exactly what some hackers thought as they targeted such individuals with a zero-day credential phishing attack impersonating the Supreme Court.
That email alert from DHL telling you your package is on the way. Yeah, it’s a phishing scam, but it’s a little more relaxed than you might expect.
From Naked Security, “The crooks are following a much more relaxed formula that doesn’t say much more than, ‘Hey, here’s how to track your delivery,’ which is the sort of message you might reasonably expect when you order something, or when someone orders something for you. They aren’t in it for the money up front – indeed, they never intend to bill you at all, because it’s your personal data that they’re after instead.” That can be just as bad.
Sometimes, phishing scams are so obvious you anticipate seeing them before you actually see them. And many of these are the direct result of the COVID-19 pandemic.
The first phishing scam to be on the lookout for is anything associated with a “contact-tracing” app. Contact tracing is a “method used by scientists to slow the spread of infectious outbreaks. During the pandemic, anyone sufferers might have been in prolonged contact with will be traced. Those contacts may then be asked to self-isolate.” The first country to produce an app to do this was the UK.
SMTP stands for Simple Mail Transfer Protocol. It is a protocol used for sending emails from one email account on one mail server to another email account on another mail server. The other protocol also used for the purpose is IMAP, which is the abbreviation for ‘Internet Message Access Protocol’. The recipient’s system then accesses the sent emails by using IMAP or POP3 (Post Office Protocol version 3).
Email marketing is essential for modern-day enterprises, and SMTP servers are necessary for conducting marketing campaigns. SMTP refers to the Simple Mail Transfer Protocol, a communication protocol that enables an email client to carry out effective message delivery. SMTP follows a specific path known as SMTP relay to send emails to the correct receiver who was targeted by your marketing campaign.
Do you use Adobe Cloud? Have you received an email saying you’ve been sent files via Adobe Cloud recently? If the answer to both is “yes.” you’ve probably been scammed.
According to Hoax-Slayer, “the email is a phishing scam designed to steal your email account password and has no connection to Adobe. If you click the link, you will be taken to a website that appears to host a business-related spreadsheet. However, the spreadsheet is greyed out and a pop-up box claims that you must enter your email password to gain full access. If you do enter your password, it will be collected by the scammers and used to hijack your email account and any online services that are linked to it.” Keep safe out there.
One of the ways the world has responded to the COVID-19 pandemic is to take a lot of the entertainment we used to enjoy live and in person and move it online into the world of virtual entertainment. The entertainment is still live, but now instead of watching musicians in a bar or theater, you get to watch them live streamed on your smart TV or mobile phone. The hackers know this, and they are aiming to do something about it.
First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans. From ABC7 in Chicago, “More help is on the way for small businesses struggling because of the pandemic. Nearly 500,000 loans, totalling $52 billion, have already been approved. It’s the second round of help for businesses, but along with waiting for money, owners are also facing scammers.” (more…)
The COVID-19 worldwide lockdown has had many side effects, not the least of which is that people are doing even more online shopping now. Weekly online purchases now include staples like food and cleaning products. Amazon’s sales since the pandemic arrived is up 35%. And what’s the one thing all these online sales have in common? A delivery service has to bring them to your door.
Invest your money with Schwab? Keep a look out for the latest phishing scam. According to Scamicide, “a new phishing email presently being sent to unsuspecting people that appears to come from Schwab. This particular one came with a Schwab logo. A telltale sign that this is a phishing email is that the email address of the sender was one that has nothing to do with Schwab and was most likely part of a botnet of computers infected by scammers and then used to send out the phishing email in a way that is not readily traceable back to the scammer.” Be careful out there.
Hackers are always trying to come up with ever more enticing lures to phish you. Sometimes the lure is the promise of riches, while other times it’s a job opportunity or tax refund. Hackers may have outdone themselves this time with separate phishing attacks centered around fast food and free beer as a direct result of the COVID-19 pandemic.
A phishing scam that uses what to scam you? Hand sanitizer? That according to WHNT News.
“A phishing email went out to businesses saying the BBB had antiviral, antibacterial hand sanitizer that was being offered exclusively to those receiving the email. It said with only a few weeks until the area opens back up, businesses needed to be stocked. The email then encouraged them to click a link in order to get their supply of hand sanitizer. The BBB says this email was not sent from them, and was a scam.” Keep your hands clean, but not like that.
Even when something as horrible as COVID-19 happens, there are some companies that benefit. One of the beneficiaries of the virus is Zoom Video, the video conferencing company that has seen a huge demand increase for their product. For those seeking an alternative to Zoom, other video conferencing tools offer varied features that may better meet specific needs.
Another, less obvious company, that has seen an increased demand for their service is Netflix. Recent stats display that as the COVID-19 crisis gripped nations throughout the world, Google searches for Netflix jumped to 142%. And sure enough, just as the demand goes up, so too do the number of phishing attacks targeting the company’s customers (and potential customers).
In what is rapidly becoming a theme of targeting remote workers, ITPro reports that “The Cofense Phishing Defense Center (PDC) has discovered a new phishing campaign that targets employees working from home during the coronavirus pandemic. PDC claims that hackers are attempting to harvest Cisco WebEx credentials using a security warning for the application and have successfully averted Cisco’s own Secure Email Gateway.”
You have to hand it to those hackers. If there’s a way to trick you with a phishing email, they’ll figure it out. One of the best ways hackers try to trick you with a phishing email is to take advantage of the way web pages are rendered.
Web pages use HTML (hypertext markup language) and CSS (cascading style sheets) to display web pages on your computer and your mobile phone. These technologies are well-understood and have been around for a long time. One of the things that makes these technologies so powerful is how flexible they are.
When a healthcare organization tells me they suffered a data breach, I tend to believe them. When they tell me social security numbers were unaffected, I have to look a little deeper. Such is the case with the network of Affordable Urgent Care Clinics based in Texas.
An article online “officially confirmed a combination data breach-ransomware attack that exposed sensitive information. The company is claiming that social security numbers were not impacted in the incident, despite security experts having demonstrated that the attackers have published stolen documents containing patients’ and employees’ SSNs.” Things that make you go hmmmm.
While the pandemic known as COVID-19 is causing a dramatic increase in coronavirus-themed phishing attacks, it’s strangely having the opposite effect on other phishing attacks.
When it comes to phishing attacks, hackers tend to “specialize” in a certain type of phishing attack. And as things turn out, some of these “specialists” are really feeling the pinch from COVID-19. A lot of people are struggling in this economy, and apparently some of them are bad guys.
If you’re like most people, you have a router in your home. It’s the little black box that gets internet connectivity from your ISP and distributes it throughout your home either via ethernet cable or via a wireless network. Did you know those routers are currently under attack by scammers looking to capitalize on the coronavirus pandemic? (more…)
Just the simple fact of working from home due to coronavirus leaves you more vulnerable to phishing attacks than if you were at work. Why is that? Because it’s almost certain that the cyber defenses on your home network are not as good as those on your company’s network.
Apparently there’s someone out there using the idea that a family member has been a car wreck as an opportunity to phish you in Bowling Green, KY. “According to the Warren County Sheriff’s Office, if a family member was involved in a ‘wreck’ they do not need you to immediately send them money. Also, do not give out your date of birth or social security number.”