The Latest Scams

Stop. Look. Think.

Don’t be Fooled!

March 2021

Scammers Use FINRA as Phish Bait

Earlier this month, cybercriminals impersonated the largest brokerage regulation company in the US: the Financial Industry Regulatory Authority (FINRA). Seeing such a vital organization be used as phish bait is chilling. Fortunately, if you know what to look for, this scam is easy to spot!

The phishing email starts with the vaguely-startling subject line “ATTN: FINRA COMPLIANCE AUDIT”. The email is sent from supports[at]finra-online. The email asks you to review an attached document and respond immediately. The short email message closes with, “If you’ve got more questions regarding this letter don’t hesistate to contact us.” Anyone who falls for this scam and downloads the attachment will find that the file is actually a nasty piece of malicious software.

Here’s how you can stay safe from similar attacks:

By asking for your immediate response regarding an audit, the bad guys create a sense of urgency. These scams rely on impulsive actions, so always think before you click.

Watch for poor spelling and grammar in supposedly-official messages. Did you catch the spelling error in the example above? The word “hesitate” is misspelled as “hesitate”.

Check who sent the email. In this case, while the email address included the name FINRA, it did not use the official FINRA.org domain.

Protect your network! Learn more about security awareness training for your team.

 

Shipping Scam Spoofs “Dhl Express”

Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags:

Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.

How many red flags did you see? Remember the following tips:

Look for poor grammar and capitalization. For example, the sender name “Dhl” should be “DHL”. Also, in the body of the email, the word “Please” is in the middle of a sentence, so this should be lowercase.

Check the file type. The email attachment is a .html file, but most legitimate documents are shared as PDFs, spreadsheets, or word documents. HTML files are designed to be opened in a web browser, much like a link to a website.

Watch out for anything out of the ordinary. An Adobe PDF login window blocking what appears to be a Microsoft Excel file is quite unusual.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

 

Instagram Influencer Scams

As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.

Instagram influencers often host special giveaways to raise brand awareness. Typically, followers are asked to comment on the post for their chance to win. Unfortunately, bad guys then use these comments to target their victims. You may receive a message from someone spoofing the influencer’s account or claiming that they work with the giveaway host. Then, you are told that you won the giveaway, but that you need to pay a shipping fee or provide some personal information. Any information provided goes straight to the cybercriminals. Don’t fall for it!

Here are some tips to stay safe from influencer scams:

  • The technique could easily be used on any social media platform. Be skeptical of anyone who contacts you that you don’t know personally. 
  • his attack exploits your excitement of winning a prize to get you to act impulsively. Don’t let the bad guys play with your emotions.
  • Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

February 2021

Exploiting the Coronavirus: Vaccine Invitation Scam
Access to the COVID-19 vaccine is limited, which leaves many people anxiously waiting for a way to further protect themselves from the virus. Cybercriminals are taking advantage of this anxiety with vaccine-themed phishing emails.

A recent phishing attack in the UK spoofs the National Health Service (NHS). The phishing email claims that you have the opportunity to get vaccinated and it includes a link to accept the invitation. If you click on the link, a convincing NHS look-alike page opens. The phony site asks for personal information such as your name, address, and phone number, along with your credit card and banking details. Unfortunately, any information that you provide here goes straight to the cybercriminals and you are not in line for vaccination.

Follow these tips to stay safe from similar scams:
• We all want the pandemic to be over and this attack tries to exploit those feelings. Don’t let the bad guys toy with your emotions. Think before you click!
• Don’t trust an email. Visit an official government website or a trusted news source for information on vaccine availability.
• Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.

Stop, Look, and Think. Don’t be fooled.

 

Phishing with Phony Loans
A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.

The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection”. The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.

Here’s how you can stay safe from scams like this:
• Think before you click! Desperate times call for diligent measures.
• If you or your organization need financial help, reach out to legitimate and well-known programs—don’t trust an unexpected email.
• Stay up-to-date on your country’s relief efforts by following local news and other trusted sources.

Stop, Look, and Think. Don’t be fooled.

 

Smishing with PayPal
A new Smishing (SMS Phishing) attack uses an urgent text message to trick you into clicking a malicious link. The message states “PayPal: We’ve permanently limited your account, please click link below to verify.” If you click on the link provided, you are taken to a PayPal look-alike page and asked to log in.

Bad actors take this scam one step further. If you enter your login credentials on their phony page, you’ll be taken to a second page that asks for your name, address, and bank account details. Everything entered on these pages will be sent directly to the bad guys.

While this is an advanced attack, you can still stay safe by practicing the tips below:

• Check for poor grammar in supposedly-official messages. Did you catch the grammatical error in the example above? It asks you to “click link below” instead of “click the link below”.
• Question the situation. For example, did you give PayPal your mobile number? And did you ever sign up to receive text notifications?
• Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, navigate to the official website and log in there.

Stop, Look, and Think. Don’t be fooled.

 

Advanced Look-alike Login Pages
Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.

Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.

While this is an advanced attack, you can still stay safe by practicing the tips below:
• Never click a link in an email that you were not expecting.
• Remember that any site, brand, or service can be spoofed.
• When you’re asked to log in to an account, or online service, navigate to the official website and log in. That way you can ensure you’re logging in to the real site and not a phony look-a-like.

Stop, Look, and Think. Don’t be fooled.

KnowBe4: Get More Info

We’d love to show you how utilizing KnowBe4’s platform can be an effective human firewall for your network. Please fill out the short form here and we will be in touch.