The Latest Scams

Stop. Look. Think.

Don’t be Fooled!

June 2022

Watch Out for Phishy Facebook Messages

In a new scam, cybercriminals have been using compromised Facebook accounts to send links to fake login pages. This scam is gaining popularity, with over eight million people viewing just one of the phishing pages so far this year.

In this scam, cybercriminals hack users’ Facebook accounts and then use these accounts to send messages to the users’ Facebook friends. When a user clicks on a link from one of these messages, they are directed to a fake Facebook login page. On this page, the user is asked to enter their email and password to verify their credentials. 

If you fall for this scam, any credentials that you share will be delivered directly to the cybercriminals. The cybercriminals could then log in to your Facebook account and send similar links to your Facebook friends. It’s important to remember that cybercriminals can also use ad tracking tools to receive money from visits to these pages. They profit from every click!

Follow these tips to stay safe from phishy messages:

  • Hover your mouse over links before you click. Watch out for links that are suspiciously long or show a domain for a different website than the website you want to visit.
  • If you receive a suspicious Facebook message, reach out to your Facebook friend by email, text message, phone call, or another app. If they didn’t send you the message, let them know that their account has been hacked and they should change their password immediately. Do not reply to the suspicious message.

Stay informed about the latest scams and how you can stay safe. Information is one of our most powerful tools against cybercriminals.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Your Next Notification Could Be a “Smishal” Delivery!

UK residents are targets of a recent smishing (SMS Phishing) scam. In this scam, cybercriminals impersonate the home delivery company, Evri through fake failed delivery text messages that include a link to reschedule the delivery.

The link included in these fake delivery notifications leads to a phony look-alike website. On the website, you’re asked to provide your personal and financial information to reschedule the delivery. Unfortunately, if you fill out and submit this form, you won’t be receiving any packages. Instead, you’ll be delivering your sensitive information right to the cybercriminals.

Follow these tips to protect yourself from similar smishing attacks:

  • Think before you tap. Are you expecting a package? Have you signed up for text notifications? Is this like notifications you’ve received before from this company?
  • Never tap on a link in an email or text message that you were not expecting. Instead, open your browser and enter the official URL for the website you wish to visit.

To verify the legitimacy of a delivery notification, contact the company by phone, email, or their official mobile app. Do not use the phone number or link sent in the text to contact the company.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

The $44 Million Smishing Problem and How to Not Be a Victim

Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it’s about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were targeted by these schemes in 2021, resulting in $44 million in losses. Consumers on average get an average of 19.5 spam texts per month, over double the rate it was three years ago.

These scams often start with a message that includes a link so a supposed survey, prize winnings, or an urgent notification about a bank account or credit card. Victims are then asked to either go to a website, call a phone number, or enter information that is all controlled by the attackers.

Who Is Being Targeted?

In a nutshell, nobody is immune. Scammers target organizations of all types and sizes, as well as their employees. Ian Matthews, President and CEO of WMC Global, says there’s a simple reason these types of scams are on the rise. “Ninety-seven percent of Americans own some form of a smartphone, with over a quarter of younger Americans and those with income under $30K relying on smartphones for online access.”

One of the favorite tactics used by cybercriminals is finding the names of company employees, and sending a message while pretending to be a fellow employee. Another popular scheme involves using a domain name that only looks legitimate.  Smishers know that mobile browsers often don’t display the full URL of a link, so they’ll create one that has just enough of the primary domain name in it to trick their victims into thinking that the link can be trusted.

SIM Swapping

SIM Swapping – the act of transferring a mobile phones’ actual SIM card to one controlled by threat actors – has been around for a number of years. Hackers gather publicly available information about their victims, and use it to contact their target’s mobile carriers and pretend to be them. They claim they need to move their phone number or they lost a device. If the carrier believes them, they will transfer the information from the victim’s SIM card to the one controlled by the attacker.

If the attacker is successful, they can now use the SIM in a phone in their possession to get all their victims’ calls and texts, including any two-factor authentication texts and one-time PINs used for security. With that information, the attacker can now access the victim’s various social media and financial accounts.

This is likely the next big mobile threat. Recently, the FBI warned that SIM swapping attacks had over a 500% increase in the number of attacks and monetary losses

How Not To Fall Victim

Industry experts agree on the age-old advice, if something is too good to be true, it probably is. That said, here are some common signs to watch out for when receiving an unexpected text:

  • Misspellings and grammar mistakes
  • Unexpected prizes, gift cards, or even loans
  • Anyone asking to confirm sensitive information. The government will never ask you to do this on unsecure channels!
  • Be careful with links in SMS messages, just like you would in emails. When in doubt go directly to the website yourself rather than clicking a link
  • If something just doesn’t feel right, do not engage with the SMS

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Cybercriminals Use SEO to Target Your Online Search Results

Search Engine Optimization (SEO) is a technique that helps websites appear more often in search engine results, and rank higher than other websites. Legitimate websites use SEO such as easy-to-remember URLs and relevant keywords. Unfortunately, cybercriminals can also use SEO for their malicious websites.

Some of the ways cybercriminals use SEO is by adding tons of popular keywords to their website and creating multiple links that redirect you to their website. Cybercriminals can also pay third parties to visit their website, which makes the website appear more reputable and popular to search engines. If you visit one of these malicious websites, you may be tricked into downloading a malicious file or providing your personal information.

Follow these tips to keep yourself safe from malicious search results:

  • Always hover your cursor over a link before you click, even when using a search engine. Look for spelling mistakes and overly long URLs that can hide a website’s true domain.
  • Avoid search results that include a long list of random or repeated words and phrases. That website could be using excessive keywords to draw in traffic.

Visit trusted websites directly by entering the URL in your browser’s address bar, instead of using a search engine to find the website.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

May 2022

Sophisticated Spear Phishing

Last month, researchers at Fortinet observed a sophisticated phishing email sent to a Hungarian diplomat. In the email, cybercriminals disguised themselves by using the first and last name of an employee in the diplomat’s IT department. In this case, the diplomat believed that the email was suspicious and forwarded it to the actual employee in the IT department for investigation.

This case is a perfect example of a popular attack called spear phishing. Spear phishing attacks are targeted at a single person or department that has information that cybercriminals want. In these attacks, cybercriminals conduct research on the specific person or department and figure out who they talk to frequently. Then, the cybercriminals send a message to the person or department, pretending to be someone they know and trust. It’s important to watch out for these attacks because they can happen to anyone, not just diplomats or executives.

Follow these tips to stay safe from spear phishing attacks:

  • Don’t open attachments or click on links in emails that you were not expecting.
  • Check email headers to make sure you recognize the sender and any other recipients.

Reach out to the person who allegedly sent the email by phone or in person. By reaching out to the alleged sender directly, you could save yourself and your organization from a potential spear phishing attack!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Cybercriminals and Credit Unions

Recently in the United States, the National Credit Union Administration (NCUA) warned of an increase in cyber attacks targeting credit unions. Credit unions are typically small non-profit institutions with very loyal customers, which makes them the perfect target for cybercriminals.

In most credit union scams, cybercriminals send fake emails that appear to be from your credit union. The phishing emails vary from signature requests to incoming payment notifications, but each email directs you to click a link for more information. The link leads to a fake login page for your credit union. If you try to log in on this page, your username and password will be sent to the cybercriminals. Once they have access to your account, they can make unauthorized charges, empty your account, or send and receive illegal wire transfers.

Follow the tips below to stay safe from similar scams:

  • Never click on a link in an email that you were not expecting.
  • Any time you receive a notification email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past? 

When you’re asked to log in to your credit union, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Spoofed SMTP Relay Services

Simple Mail Transfer Protocol (SMTP) is the standard method that mail servers use to send emails. Organizations typically use an SMTP relay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service. 

Using this vulnerability, cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let’s say that a legitimate organization owns the domain sign-doc[dot]com and uses Gmail to relay its marketing emails. Cybercriminals could send phishing emails from a malicious domain, such as wishyoudidntclickthis[dot]com, and disguise the emails by spoofing the legitimate domain, sign-doc[dot]com. Since the spoofed domain is being relayed through Gmail, most email clients will consider the malicious email safe and allow it to pass through security filters.

Follow the tips below to stay safe from similar scams:

  • This type of attack isn’t limited to Gmail. Other SMTP relay services could have similar vulnerabilities. Even if an email seems to come from a legitimate sender, remain cautious. 
  • Never click on a link or download an attachment in an email that you were not expecting.

If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

The Keep-It-Simple Scam

In a new scam, cybercriminals use short, simple phishing emails to try to sneak past security-aware employees. The scam itself is a typical credential-stealing phishing attack: You receive an email notification stating that some of your emails could not be delivered. To review these emails, you are directed to click a link. If you click the link, you are taken to a fake login page and any credentials that you enter on the page will go straight to the cybercriminals.

What makes this scam unique is the simple phishing email. The email looks like a plain text alert with only a few lines of information and no images or logos. With so few details to look at, it could be difficult to determine if the email is legitimate. To match the plain text design, the link in the email is a long URL instead of the usual “Click Here” type of link. Cybercriminals want you to trust the URL, but if you hover your mouse over the link, you’ll find that the link does not lead to the URL shown in the email.

Follow the tips below to help you stay safe from similar, simple scams:

  • Never click on a link in an email that you were not expecting, even if it appears to come from a program or application that you use. 
  • When you receive an alert email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?

If you think the notification could be real, log in to the program or application directly instead of clicking the link in the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

April 2022

Expect a Surplus of Supply Chain Scams

Throughout April, Shanghai and other major cities in China have been on lockdown due to recent COVID-19 outbreaks. Along with the ongoing war in Ukraine, these lockdowns have drastically impacted supply chains for industries around the world. 

We expect to see another wave of supply chain-related phishing and social engineering attacks. Cybercriminals could use this news to spoof shipping delay notifications, create fake advertisements for hard-to-find products, or write misleading articles about well-known organizations that could be impacted by the shortages.

Use the tips below to help you spot supply chain scams:

  • Never click on a link or download an attachment in an email that you were not expecting.
  • Watch out for sensational or shocking headlines about the world’s supply chains. These headlines could lead to articles that contain disinformation, or false information that is intentionally designed to mislead you.

If you are expecting a shipment and receive a related email, confirm that the email is legitimate before clicking any links in the email. Look for details such as the order number, the purchase date, and the payment method used for the purchase.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Persistent MFA Prompts

Multi-factor authentication (MFA) can help you protect your online accounts by requiring that you approve login attempts before you can access the accounts. However, if you accidentally approve an MFA notification that you didn’t request, cybercriminals may be able to access your accounts and personal information. 

In a new scam, cybercriminals are annoying you into approving an MFA notification. If cybercriminals figure out your login credentials for an account, they can send you repeated MFA notifications. The cybercriminals hope that you will eventually approve a notification to stop the notifications from sending. Then, the cybercriminals can update the MFA settings in your account to send notifications to their device instead of your own. As a result, the cybercriminals can gain permanent access to your account and any personal information that’s in the account. 

Follow these tips to stay safe from MFA scams:

  • Never approve an MFA notification that you didn’t request. 
  • Create unique, strong passwords for each of your online accounts. If the cybercriminals can’t figure out your password, they won’t be able to scam you with MFA notifications.

If you receive an MFA notification for an account that you aren’t trying to log in to, immediately change your password for the account.  

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Europol Vishing Scam

Voice phishing, or “vishing”, is a phishing attack conducted by phone. Vishing is a classic tactic that cybercriminals continue to use today. Recently, cybercriminals launched a vishing attack that impersonates Europol, the law enforcement agency of the European Union (EU). Using advanced techniques, cybercriminals disguise their phone numbers to display as an official Europol number on your caller ID. 

The call starts as an automated message, stating that your personal data has been compromised and to press the 1 key to continue. If you press 1, you’re greeted by a real person who sounds polite and professional. The caller offers to help, as long as you give them information such as your name, address, and identification number. Any information you provide will be delivered straight to the cybercriminals.

Follow these tips to stay safe from similar scams: 

  • Never trust your caller ID. Cybercriminals can spoof phone numbers to look like a familiar or safe caller.
  • If you did not initiate the call, do not provide personal information over the phone.

If you’re not sure if a call is coming from a legitimate organization, hang up. Then, find the official phone number for the real organization and call them directly. Don’t call the suspicious phone number again.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Watch Out for Apple and Meta EDR Scams

In the United States, law enforcement agencies must obtain a court-ordered warrant or subpoena before requesting user data from a tech company. However, in extreme scenarios, law enforcement agencies can bypass this process by issuing an Emergency Data Request (EDR). Since the request is urgent, tech companies must act quickly and trust the agency that issued the request. Unfortunately, cybercriminals have begun hijacking law enforcement agency email systems in order to send fake EDRs and gather sensitive user data.

Recent news has revealed that in 2021, Apple, Meta, and other tech companies responded to fake EDRs and provided user data to cybercriminals. This data included users’ addresses, phone numbers, and IP addresses. Now that this data breach is making headlines, we expect cybercriminals to use EDR-related data leaks as a topic in phishing attacks and social media disinformation campaigns.

Here are some tips to stay safe:

  • Be cautious of emails or phone calls that claim you or your organization have been affected by these data leaks. Typically, this sort of information is communicated through regular mail.
  • Watch out for sensational or shocking headlines about Apple, Meta, or other tech companies that have experienced EDR-related data leaks. These headlines could lead to articles that contain disinformation, or false information designed to intentionally mislead you.

Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you share with social media platforms and online services.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

March 2022

You’ve Got Mail and Malware: New QakBot Email Scam

You may have seen a suspicious email that appears to come from a trusted source, such as a friend or a popular brand. But have you ever seen a suspicious email that appears to come from you? In a new scam, cybercriminals use your own email address to send phishing links to other users.

The scam works by using the newest version of malware called QakBot. To begin the scam, cybercriminals send you an email that contains a phishing link. If you click on the link, QakBot will be installed on your computer. The newest version of QakBot can record your keystrokes, steal your login credentials, and even access your email accounts.

If QakBot is installed on your computer, cybercriminals can use your email account to send phishing emails to users in your email threads. Using the “Reply to All” functionality, QakBot will send the phishing emails to users you have already interacted with. Since the phishing emails will look like they came from your email address, they will appear more trustworthy and will be difficult to spot.

Follow the tips below to stay safe from these types of scams:

  • Watch out for a sense of urgency in emails or messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting, even if the email seems to come from someone you know.

Watch out for emails that contain only a short message and a link. If you’re unsure if the link is safe, reach out to the sender by phone to confirm the email is legitimate.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Malicious MFA Bypassing Method

Multi-factor authentication (MFA) is a great way to add an extra layer of security to your login portals. However, clever cybercriminals may use a new method to bypass MFA and compromise your accounts. While cybercriminals haven’t used this method in a real-world scam yet, researchers believe this scam could occur in the future.

In this scam, the cybercriminals use software called noVNC and a simple phishing link to bypass your MFA. The cybercriminals send you a phishing email that tells you to take urgent action and log in to your social media account or a similar website. If you click the link, you’ll be redirected to a fake login page that looks similar to the targeted website. However, this fake login page is actually on the cybercriminals’ server.

If you enter your credentials and MFA passcode on this page, the cybercriminals will be able to log in to your account from their own devices. Then, the cybercriminals can store your credentials for future access to your account.

Follow the tips below to stay safe from these types of scams:

  • Watch out for a sense of urgency in emails or messages that you receive. These types of scams rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting.

Remain cautious, even when you’re using additional safety precautions such as MFA. While these precautions are helpful, it’s important to stay alert and look out for red flags.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Contact Form Fraud

Cybercriminals are always devising new ways to steal your information and attack your network. In a recent scam, cybercriminals use contact forms to bypass email filters and install malware.

In this scam, a cybercriminal pretends to be a potential client who wants to request a quote. To request a quote, the cybercriminal submits a contact form on an organization’s website. In the form, the cybercriminal may spoof a legitimate domain to appear more reputable.

Inevitably, an employee from the organization will reply back to the quote request. Since the employee seems to be initiating contact with a potential client, most email filters won’t flag the reply. The cybercriminal will then use a file-sharing service to send a malware-infected file back to the employee. If the employee opens the file, the malware can infect their computer and allow the cybercriminal to access their organization’s entire network.

Don’t fall for this type of scam! Follow the tips below to stay safe:

  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
  • Watch out for fake attachments shared using a file-sharing service. Cybercriminals can use file-sharing services to bypass antivirus software.

Even if an email seems to come from a legitimate sender, remain cautious. Remember, cybercriminals can spoof domains. If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Microsoft 365 Users Targeted with Fake Voicemails

Cybercriminals continue to find new ways to trick users and steal their credentials. Sometimes, they even recycle decades-old tools that were never intended to be malicious.

For example, in a new scam, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails. The scam works by sending an email with a voicemail file attached. The filename ends in “mth.mp3”, appearing to be a legitimate MP3 file. However, the file is actually a malicious HTML file that has been disguised using right-to-left override (RLO) functionality.

RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, in this scam, cybercriminals use RLO to display “mp3.htm” as “mth.mp3”. If you open the file, you will be taken to a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.

Follow these tips to stay safe from similar scams:

  • Never click links or download attachments in an email that you were not expecting.
  • Before you share any sensitive information online, make sure that the website is legitimate. For example, an MP3 file should never take you to a login page. If you’re uncertain, navigate to the website directly.
  • Before you share any sensitive information online, make sure that the website is legitimate. If you’re uncertain, navigate to the website directly before sharing any information.

Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Watch Out for Scams Related to Ukraine

The recent war in Ukraine has gathered a lot of attention. Unfortunately, cybercriminals often take advantage of world events to prey on your emotions. Now more than ever, it’s important to watch out for phishing attacks and disinformation campaigns.

Cybercriminals may use several different tactics to scam you. For example, cybercriminals may try to trick you into sending money using cryptocurrency. The cybercriminals may take advantage of your sympathy by pretending to be Ukrainians in need of financial assistance.

Cybercriminals may also try to catch your attention and manipulate your emotions by spreading disinformation. Disinformation is false information designed to intentionally mislead you. Cybercriminals may spread disinformation in the form of emails, text messages, or social media posts.

Don’t fall for these scams. Follow the tips below to stay safe:

  • Avoid making donations to unknown users. If you would like to donate to support a cause, donate directly through a trusted organization’s website.
  • Watch out for social media usernames that only consist of random letters and numbers. These accounts may be run by bots instead of legitimate users.

Stay informed by following trusted news sources. If you see a sensational headline, be sure to do research to verify that the news story is legitimate.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

February 2022

Fake QR Codes

QR codes have become increasingly popular in recent years, especially due to social distancing efforts and a need for contactless services. They are commonly used to access restaurant menus, discount codes, and to make payments. Unfortunately, cybercriminals have taken advantage of this tool, creating fake QR codes that trick you into providing your personal information.

Since custom QR codes are easy to generate, cybercriminals can easily create fake codes for various malicious purposes. For example, cybercriminals could place a fake code in a coffee shop, encouraging you to connect to free Wi-Fi. Or, they could place the fake code on a parking meter, enticing you to make a quick and easy payment. However, if you scan these fake QR codes, the cybercriminals may steal your payment information or redirect you to a malicious website.

Follow these tips to stay safe from QR code scams:

  • Cybercriminals use the convenience of QR codes to trick you into acting impulsively. Always think before you scan.
  • Be cautious of QR codes without labels, or codes that promise outrageous deals. Remember that if an offer seems too good to be true, it probably is!

Don’t share payment information or personal details via QR codes. Instead, navigate directly to a safe website to make the payment or share the details.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Cybercriminals Are Hiring!

Recruitment websites are a great way to find new job opportunities. Unfortunately, very few of these recruitment websites properly validate the people posting jobs, which makes it surprisingly easy to create fake job posts.

Cybercriminals have been creating fake job posts that appear to be listed by a legitimate organization. These fake posts direct you to contact a malicious email address, phone number, or website that appears to belong to the spoofed organization. Cybercriminals use this scam to try to steal your personally identifiable information. This type of information is often provided when applying for a job, which makes this scam simple, yet effective.

Follow the tips below to stay safe from these types of scams:

  • Watch out for grammatical errors, unusual language, and style inconsistencies in job posts. Be suspicious of job posts that look different compared to other job posts from the same organization.
  • Avoid applying for a job within a recruitment website’s platform. Instead, look up the organization’s official website and find their careers page.

Cybercriminals could also use this scam to target people within a specific organization. Be sure to follow your organization’s specific guidelines when applying for internal positions.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Cybercriminals Go for the Gold

Last week, the opening ceremony of the 2022 Olympic Winter Games took place in Beijing. With representatives from 91 countries, the Olympics are watched by billions of spectators from all over the world.

Unfortunately, cybercriminals often use worldwide events like the Olympics to catch your attention and manipulate your emotions. As the games continue, be extra cautious of any emails, text messages, and social media posts that mention the Olympics.

Remember these tips to help you stay safe:

  • Watch out for sensational or shocking headlines about participating countries and athletes. These headlines could lead to articles that contain disinformation, or false information designed to intentionally mislead you.
  • No matter how exciting or disappointing the news is, always think before you click. Cybercriminals target your emotions in hopes of tricking you into acting impulsively.

Stay informed by watching official Olympic broadcasts and checking trusted news sources.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Cybercriminals Ship Out Another Scam

The COVID-19 pandemic continues to impact supply chains for countless industries around the world. Cybercriminals often use wide-reaching problems like shipping delays to their advantage. In a recent scam, cybercriminals use the possibility of a delayed or missed shipment as phish bait.

The scam starts with an email that appears to come from a reputable shipping company. The email urges you to click on a link to download an important shipping confirmation document. If you click the link, you’ll be taken to a login webpage that asks for your email and password. Unfortunately, the email was actually sent by cybercriminals and the link leads to a well-designed phishing webpage. Any information that you enter on the webpage will be sent straight to the cybercriminals.

To stay safe from similar scams, remember the following tips:

  • Watch out for a sense of urgency. These types of scams rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting.

If you are expecting a shipment and receive a related email, confirm that the email is legitimate before clicking any links in the email. Look for details such as the order number, the purchase date, and the payment method.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

January 2022

Google Docs Comment Con

Google Docs is one of the world’s most popular document sharing and editing applications. Along with the ability to create and share documents, Google Docs allows users to add comments to these documents. In a new scam, cybercriminals have taken advantage of this feature by inserting phishing links into comments.

In this scam, cybercriminals use a real Google account to create a document in Google Docs and then tag you in a comment. You will then receive a legitimate email from Google, notifying you that you’ve been tagged in a comment. The comment will include an embedded phishing link and may appear to come from someone you trust, such as a co-worker. Unfortunately, if you click the phishing link, malware may be installed on your device. 

Don’t fall for this trick! Follow the tips below to stay safe from similar scams:

  • Beware of suspicious links. Always hover your cursor over links before you click, and check the commenter’s email address to verify their identity.
  • Check the comment for grammatical errors, such as misspelled words or unusual phrases. Grammatical errors may be a sign that the comment is suspicious. 

Don’t open documents or files that you weren’t expecting to receive. If you receive a document that you weren’t expecting, make sure you verify that the sender is legitimate before you open it.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Google Voice Authentication Scams

Google Voice is a service that provides virtual phone numbers to make and receive calls and text messages. Each Google Voice number must be linked to a real phone number so that any activity can be traced back to the user. In a new scam, cybercriminals use your name and phone number to create a Google Voice number. Once created, cybercriminals can use the Google Voice number for other phone-based scams. Worse still, they can also use the linked Google Voice number to gain access to your Google account.

Here’s how the scam works: Cybercriminals target anyone that shares their phone number in a public space. For example, let’s say you post an ad for an old couch on a resale website and include your phone number. A cybercriminal could contact you pretending to be interested in the couch. Then, they could send you a Google authentication code and ask you to send them the code to prove that you are a legitimate seller. Unfortunately, the code actually allows them to link their Google Voice number to your real phone number.

Remember the following tips to stay safe from similar scams:

  • If someone wants to confirm that you are a real person, suggest a safe option, such as making a phone call or meeting in a busy, public place.
  • Resale sites are just one example of where cybercriminals could find your phone number. They could also reference social media posts or even your resume. Always be cautious when you’re contacted by someone you don’t know.

Never share a confirmation or authentication code with another person. Keep these codes between you and the service that you need the code for, such as logging in to your bank account.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Selling Phishy Stress Relief

For many people, the past two years have been some of the most stressful years of their lives. Unfortunately, cybercriminals are trying to use this stress to their advantage by creating fake promotions for CBD products.

CBD, short for cannabidiol, is a popular natural remedy that some people believe can reduce stress and help you relax. Cybercriminals are sending a variety of phishing emails that advertise unbelievable deals on CBD products. These emails include tactics that evade email filters, such as safe links that redirect you to a malicious website. Falling for one of these CBD scams could result in stolen money, a breach of sensitive information, or even malware installed onto your system.

Follow these tips to stay safe from similar scams:

  • Cybercriminals target your emotions and mental state in hopes of tricking you into acting impulsively. Always think before you click.
  • Be cautious of advertisements that promise outrageous deals on CBD or other high-demand products. Remember that if something seems too good to be true, it probably is!

Regardless of what you are buying, always shop from well-known and trusted retailers. If you haven’t shopped from a retailer before, look up reviews and customer feedback before you buy their product.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Fake Amazon Token Presales

Rumors are circulating that Amazon may create its own cryptocurrency. There hasn’t been any confirmation from official sources that these rumors are true. However, the truth hasn’t stopped cybercriminals from taking advantage of these rumors.

Cybercriminals are running social media ads that spoof well-known news sites such as CNBC and Yahoo! Finance. The ads claim that Amazon has opened presales for their “Amazon Token” and link to a fake Amazon website. The convincing website includes a roadmap outlining the release of the token, details about Amazon Prime integration, and a countdown to when the presale will end. If you try to buy an Amazon Token, you’ll be sending your money straight to the cybercriminals and receive nothing in return.

Follow these tips to stay safe from similar scams:

  • Before clicking on an ad, hover over the link to preview where the link will take you. For example, one Amazon Token ad led to amz-token[dot]presale-tokens[dot]cc. This address is not a legitimate website, because it is not using the official Amazon[dot]com domain.
  • Watch for poor grammar and misspellings. While the fake Amazon Token website looked great, it had a number of errors, such as “TOKENS AVAILABLEN” and “You can contribute AMZ token go through Buy Token page.”

Cryptocurrencies have a range of different origins, structures, and intended uses. Before investing in a coin, do your research about that coin by reviewing multiple well-known and trusted sources.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

December 2021

Watch Out For Omicron Variant Scams

Omicron, a new variant of the COVID-19 virus, is quickly spreading across the globe. This unfortunate news is only made worse by cybercriminals who are creating Omicrom-themed phishing scams.

In a recent phishing email, cybercriminals impersonate the United Kingdom’s National Health Service (NHS). The email appears to be an offer for a new COVID-19 Omicron PCR test. If you click the link within the email, you’re sent to an NHS look-alike website where you are asked to provide your personal details and payment information. Any information you enter on this fake webpage is delivered straight to the cybercriminals.

Follow these tips to avoid similar phishing attacks:

  • Although the scam is to impersonate the NHS, you may also see hackers from other countries using a similar scam. Watch out for suspicious emails from both local and global health organizations.
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from an organization you recognize.

Stay informed about the Omicron variant by following local news and other trusted sources.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Netflix Scam Double Feature
Netflix is both the world’s largest streaming platform and one of the most impersonated brands among cybercriminals. There have been many Netflix-themed scams over the years, but most of these scams target one of two groups: current Netflix subscribers or potential Netflix subscribers. To target current Netflix subscribers, cybercriminals send phony email notifications claiming there is a problem with your billing information. To target potential Netflix subscribers, cybercriminals send emails that advertise a deal for new accounts. Both phishing emails include links that lead to Netflix look-alike webpages where you’re asked to provide your personal and payment information. Any information you enter on these fake webpages is delivered straight to the cybercriminals. Remember the tips below to stay safe from streaming scams:
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from a company or service you recognize.
  • These types of scams aren’t limited to Netflix. Cybercriminals also spoof other streaming services, such as Disney+ and Spotify. Remember that if a deal seems too good to be true, it probably is.
If you receive an unexpected notification, open your browser and navigate to the platform’s website. Then, you can log in to your account knowing that you’re on the platform’s real website and not a phony look-alike website. Stop, Look, and Think. Don’t be fooled. Protect your network! Learn more about security awareness training for your team.
A New Spam Scam

In a new scam, cybercriminals spoof Microsoft Office 365 by using the email address quarantine[at]messaging[dot]microsoft[dot]com to send you a spam notification. The fake notification claims that a seemingly important email with the subject line “[Your Organization’s Domain] Adjustment: Transaction Expenses Q3 UPDATE” has been quarantined. You are asked to review the email to confirm whether or not it should be marked as spam.

If you click on the Review button in the email, you will be taken to a phony Microsoft Office 365 login page. On this page, you are asked to provide your Microsoft credentials to access the supposedly quarantined email. Any information that you enter on this page will be delivered directly to the cybercriminals.

Remember the following tips to stay safe:

  • Never click on a link within an email that you were not expecting.
  • This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.

If you get a notification that you are unfamiliar with, reach out to your administrator or IT department. They can check to make sure the notification is legitimate.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

#Bitcoin-Hostage-Videos
An elaborate new Bitcoin scam targets Instagram influencers and their followers. In this scam, cybercriminals send an influencer a phishing link that takes them to a fake Instagram login page. If the influencer tries to log in to their account, their login credentials are sent directly to the cybercriminals. Once the cybercriminals have access to the account, they can change the password and prevent the influencer from logging in. Then, the cybercriminals offer to release control of the influencer’s account if the influencer creates a very specific video. In the video, the influencer must say they invested a small amount of money into Bitcoin and gained a huge payout. They must also tag and thank the Instagram account that belongs to their “friend” who helped them invest. Of course, this “friend” is actually the cybercriminal holding their account hostage. Once the video is created, the cybercriminals post it to the influencer’s Instagram page for all their followers to see. The end goal is for these loyal followers to send bitcoins to the cybercriminals under the assumption that they will be making an investment, just like the influencer did. Here are some tips to stay safe from similar influencer scams:
  • Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.
  • To the general public, Bitcoin and other cryptocurrencies are still very new and complex. Before you buy coins, learn more about cryptocurrency from well-known and trusted sources.
Never trust a get-rich-quick scheme. If something seems too good to be true, it probably is. Stop, Look, and Think. Don’t be fooled. Protect your network! Learn more about security awareness training for your team.

November 2021

Order Confirmation Imitation

If you’ve started your holiday shopping, you may have received purchase confirmation emails from Amazon, one of the world’s most popular retailers. Unfortunately, cybercriminals have also been sending their own version of these emails. In a new scam, cybercriminals impersonate Amazon to send fake purchase confirmation emails in hopes of receiving a special holiday gift: your credit card information.

In this scam, cybercriminals send you a fake purchase confirmation email that appears to come from Amazon. In the email, you can review details about the phony purchase, such as the payment amount and your mailing address. To review the purchase further, you can click a “View or manage order” button in the email. If you click this button, you’ll be taken to Amazon’s real website, but you won’t be able to find information about the purchase. As a last resort, you can call the customer service phone number in the email. If you call, you’ll be asked to provide your credit card number and CVV number to cancel the purchase. Instead of canceling the purchase, you’ll grant cybercriminals access to your credit card.

Don’t fall for this scam! Follow the tips below to stay safe:

  • Watch out for fake customer service phone numbers. If you need assistance, check the vendor’s website to find their customer service phone number or email address.
  • Don’t click links in emails you weren’t expecting. If you click a malicious link, malware or other malicious software may be downloaded onto your device.

Don’t share sensitive information, such as credit card numbers or social security numbers, over the phone.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Online Shopping Steals

It’s Thanksgiving week in the United States, which means Black Friday and Cyber Monday are finally here! To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers.

Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you’ll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals.

Follow the tips below to avoid these malicious online stores:

  • Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as “Squishmellows” or “Squashmallows.”
  • Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!

Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

When Cybercriminals Ask for a Manager

Customer retention and satisfaction are vital to most organizations’ success. Knowing how important this is, cybercriminals send fake customer complaints in hopes of catching you off guard.

In a new phishing email, cybercriminals impersonate a member of your organization’s human resources or management team. The email addresses you by name, states “It is urgent request,” and tells you to call the sender immediately in regards to a customer complaint. Additionally, a PDF of the complaint appears to be linked within the email. If you click on the link, a webpage opens where you can download the customer complaint. Unfortunately, the file isn’t actually a PDF. Instead, it’s a dangerous piece of malware.

Here’s how you can stay safe from similar scams:

  • Think before you click. Cybercriminals exploit emotions, such as the fear or guilt of upsetting a customer, to trick you into clicking on malicious links.
  • Watch for poor grammar and unusual phrasing in emails, such as “It is urgent request.” Emails from legitimate sources are more likely to use correct and natural language, such as “This is urgent” or “This is an urgent request.”

Never click a link in an email that you weren’t expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Phishing Starts Earlier and Earlier

It’s only early November, but you have probably already seen Christmas trees sold in stores. This is a trend known as “seasonal creep” in which retailers start selling seasonal items in advance of the actual season. Did you know that cybercriminals also follow this trend?

For example, Black Friday and Cyber Monday traditionally fell after Thanksgiving in the United States. However, these international shopping events now start as early as November 1. Cybercriminals take advantage of this trend by sending phishing emails disguised as advertisements and phony purchase receipts long before the holiday season begins.

Follow the tips below to shop safely this holiday season:

  • Never click a link from an email or text message that you weren’t expecting, even if the link appears to be for a store you recognize. Instead, use your browser to navigate directly to the retailer’s official website.
  • Watch out for malvertising. Malvertising is when cybercriminals try to phish shoppers through ads on social media and other websites. Always think before you click!

Be cautious of advertisements that promise outrageous deals. Remember that if something seems too good to be true, it probably is!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Real People in Fake Call Centers

The newest trend in cybercrime is the use of cybercriminal-controlled call centers to trick you into providing your bank or credit card information. Cybercriminals try to use real people in fake call centers to convince you that a scam is legitimate.

A recent call center scam starts with an email that appears to be an invoice for a very large purchase. It is not clear what company this invoice is from or what was purchased, but the payment amount is listed six times. The email also starts and ends with a line directing you to call their number if you did not authorize the transaction. If you call the number provided, a representative happily offers to refund you. But first, they’ll need your bank or credit card information. Unfortunately, the representative is actually a cybercriminal who plans to use your payment information for their own devious purposes.

Follow these tips to stay safe from this social engineering attack:

  • The invoice in this attack is specifically designed to cause alarm and frustration. Cybercriminals target your emotions in hopes of tricking you into acting impulsively. Always think before you click.
  • A valid phone number doesn’t mean that an email is legitimate. Cybercriminals are real people who can lie over the phone, just as they lie in phishing emails.

Instead of calling the provided number, reach out to your bank or credit card company to verify the details of the transaction. If by chance there has been unauthorized usage, your bank or credit card company can help correct the issue.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

October 2021

Advanced Attacks from APT35

A cybercriminal group known as APT35 has been targeting high-profile organizations in government, journalism, higher education, and more. For a more convincing attack, APT35 compromises legitimate websites that work with these high-profile organizations.

Once they’ve compromised a website, APT35 uses the website to send phishing emails to their targets. For example, in one attack APT35 sent emails with phony invitations to an upcoming webinar. These invitations included a link to the compromised website. If you clicked on the link, you were brought to a registration page. On this page, you would be asked to sign up using your email credentials. APT35 wants you to hand over your credentials so that they can gain access to your account, personal information, and eventually your organization. 

Use the tips below to recognize similar advanced attacks:

  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
  • Never click a link in an email that you weren’t expecting. Even if you recognize the email sender, consider what the link is for and why it was included in the email. 

When in doubt, contact the sender by phone or in person to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Find the Square Root of Verizon

In a recent scam, cybercriminals impersonated the telecommunications provider, Verizon. The logo for Verizon is the company name, followed by a red asymmetrical “V” that resembles a check mark. Cybercriminals imitated this logo by using mathematical symbols, such as the square root symbol (√).

Using their fake logo, cybercriminals sent a phishing email that was disguised as a Verizon voicemail notification. The email directs you to click the “Play” button to listen to the voicemail. If you click the button, you are taken to a phony look-alike Verizon webpage. Before you can listen to the voicemail, you are directed to log in to your Microsoft Office 365 account for authentication. Unfortunately, if you enter your credentials, you’ll give the cybercriminals full access to your Microsoft Office 365 account.

Use the tips below to stay safe from similar scams:

  • This type of attack isn’t exclusive to Verizon. Cybercriminals could easily use this technique for other brands. Always think before you click.
  • Watch out for anything out of the ordinary. A Verizon webpage asking you to log in using your Microsoft Office 365 account is quite unusual.

If you receive an unexpected notification, open your browser and navigate to the provider’s website. Then, you can log in to your account knowing that you are on the real website and not a phony look-alike website.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

The Ultimate Data Breach Database

With a year full of high-profile data breaches, one cybercriminal has created the ultimate database. The cybercriminal claims that the database contains over 3.8 billion records and is attempting to sell the information on the dark web.

Allegedly, the database is made up of scraped phone numbers that were then linked to Facebook profiles, Clubhouse accounts, and other sensitive information. Due to the nature of this data, we expect to see an increase in smishing attacks, hijacked accounts, and other social media scams.

Use the tips below to stay safe from these types of scams:

  • Smishing, or text message phishing, is difficult to spot. When you receive a suspicious text message, ask yourself these questions: Were you expecting this message? When did you give the sender your phone number? Did you sign up for text notifications?
  • Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.

For a high level of security, keep your social media accounts private. Only accept friend requests or follow requests from people that you know and trust.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

No Time to Phish

James Bond is one of the longest-running film series in history. Since fans have been waiting since 2015 for another installment, the new film, No Time to Die, is making headlines. Cybercriminals have wasted no time and are using the film’s release as phish bait in a new scam.

The scam starts with an ad or pop-up window that claims you can stream No Time to Die for free. If you click on the ad, you are taken to a malicious website that plays the first few minutes of the film. Then, the stream is interrupted and you are asked to create an account to continue watching. Of course, creating an account includes providing personal information and a payment method. Unfortunately, if you complete this process the cybercriminals can charge your debit or credit card for as much money as they’d like. Plus, you won’t actually get to watch the film.

Here are some tips to avoid scams like this:

  • Be suspicious of ads, emails, and social media posts that offer free services for something you would typically have to pay for.
  • Only use well-known, trusted websites to stream movies, shows, and music.

Never trust an online ad. Use a search engine to look up reviews, articles, and the official website for any product or service that catches your eye.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

KnowBe4: Get More Info

We’d love to show you how utilizing KnowBe4’s platform can be an effective human firewall for your network. Please fill out the short form here and we will be in touch.