If someone offers you free DNSSEC, just know, it’s a scam. This according to Bleeping Computer. “A very clever phishing campaign targets bloggers and website owners with emails pretending to be from their hosting provider who wants to upgrade their domain to use secure DNS (DNSSEC).”
“As it’s possible to determine who is hosting a domain for a website via the WHOIS records, IP addresses, and HTTP headers, the email scam is highly targeted and impersonates the specific hosting company used by a website.” If it seems too good to be true… (more…)
Everyone uses Gmail. After all, it’s free. And what’s even better is that it comes with free spam filtering. Of course, the old adage you get what you pay for still applies, and that was never more apparent than this week when Gmail’s spam filtering broke down and stopped working.
It was apparent almost instantly. From Newsgram, “Gmail users around the world were complaining about spam messages flooding their inbox over the weekend as the Google service was apparently suffering from a widespread problem with its email filters. Several Gmail users took to Twitter and other social media platforms like reddit to convey they were being bombarded with spam messages.”
The FTC is coming down hard this week on those who didn’t protect victims but should have. The first case is the claim against Kohl’s for failure to provide information to identify theft victims fast enough so they could limit the damage.
From Scamicide, “Kohl’s Department Stores failed to provide information to victims of identity theft at Kohl’s when requested by many people. In response, the Federal Trade Commission brought legal action against Kohl’s. Kohl’s agreed to pay a $220,000 penalty to the FTC.” Way to go FTC. (more…)
For the longest time, the number one delivery mechanism for ransomware was a phishing email. As much as 91% of ransomware was delivered that way. And then things changed.
According to an article on ZDNet, “in recent years, attackers have successfully pivoted to using remote ports, insecure public-facing servers and other vulnerabilities in enterprise networks to encrypt entire networks – often demanding hundreds of thousands of dollars in payment to release the data again.”
It’s difficult to try and quantify how COVID-19 has impacted business. New ways of doing business, like work from home (WFH), have emerged to affect every aspect of daily business life. COVID-19 and WFH combined have had a ripple effect on other aspects of business like bring-you-own-device (BYOD) and the adoption of cloud services as a standard part of business. And through all these recent changes, one thing is clear: people still use email predominantly to communicate with each other.
This week’s scam target? Sneakers. The trap? Free sneakers.
From Hype Beast, “According to welivesecurity, messages are being sent that claim adidas is giving away 2,500 pairs of sneakers to honor its 69th anniversary. The process begins from a suspicious link on WhatsApp to a site that gathers your geolocation and IP address, that eventually leads to an archaic four-question survey that qualifies the individual for the free shoes. Of course, no shoes will ever be delivered to round out the scheme.” If it sounds too good to be true…
What’s more dangerous than a phishing attack that uses a social engineering tactic to get you to click? How about a phishing attack that uses a combination of TWO social engineering tactics to get you to click? And that’s exactly what was detected this week according to InfoSecurity Magazine.
In this case, the two social engineering tactics are phishers hiding COVID-19 malware in both CVs (curriculum vitae or resumes) AND medical leave forms. According to the article, “Cyber-criminals are taking advantage of the evolving jobs market and employee health situation under COVID-19 to disguise malware in various emailed documents. The phishing campaigns spotted center around spoofed CVs and medical leave forms.”
Not as many people use Discover credit card as those who use Visa and MasterCard. Maybe that’s why it makes our scam of the week.
From Scamicide, “a new phishing email presently being sent to unsuspecting people that appears to come from Discover. A telltale sign that this is a phishing email is that the email address of the sender was one that has nothing to do with Discover and was most likely part of a botnet of computers infected by scammers and then used to send out the phishing email in a way that is not readily traceable back to the scammer.” Those clever little scammers.
Everyone will acknowledge that spam emails are a constant nuisance. Spam remains a regular interruption in our daily lives, where we have to spend time to open and delete those emails. Though not always, they also pose severe threats to our systems and can cripple our networks. Spamming in today’s digital era is a billion-dollar industry where companies even go so far as to use this as a professional technique to promote their services.
You know it’s a bad week when the two people running for President of the United States are as likely to get phished as anyone else. From SC Magazine, “according to the Google Threat Analysis Group (TAG), both are the targets of phishing campaigns by nation-states like China and Iran. Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing.” Stay safe out there. (more…)
