The Latest Scams

Stop. Look. Think.

Don’t be Fooled!

July 2021

Sp0t thę HomogIyph

Microsoft recently announced legal action against domains that impersonate the brand using homoglyphs. A homoglyph is a letter or character that closely resembles another letter or character. Cybercriminals use homoglyphs to trick you into thinking a domain belongs to a trusted company.

Here’s an example: Scammers could use a zero (0) in place of a capital letter “O” or they could use a lowercase letter “L” in place of a capital letter “i”. Using these examples, the bad guys can impersonate MICROSOFT[dot]COM as MlCR0S0FT[dot]COM. Some cybercriminals take this method one step further by using characters from other languages. For example, the Russian character “Ь” could be used in place of an English letter “b”.

Don’t fall for this trick! Remember the tips below:

  • Be cautious when you receive an email that you were not expecting. This trick can be used to impersonate any company, brand, or even a person’s name.
  • Before you click, always hover over a link to preview the destination, even if you think the email is legitimate. Pay close attention to the characters in the URL.

If you’re asked to log in to an account or an online service, navigate to the official website and log in there. That way, you can ensure you’re logging in to the real website and not a phony look-alike website.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Macros on Macros

Cybercriminals are always finding new ways to bypass your security filters. In this scam, the bad guys start by sending a Microsoft Word document that has no malicious code or links within it. Once opened in Microsoft Word, the innocent-looking document includes a pop-up that asks you to enable macros. A macro, short for macroinstruction, is a set of commands that can be used to control Microsoft Word, Microsoft Excel, and other programs.

Here’s how the attack works: If you open the attached Microsoft Word document and enable macros, the document automatically downloads and opens an encrypted Microsoft Excel file. The Microsoft Excel file instructs Microsoft Word to write new commands into the same Microsoft Excel file. Once the new commands are added, the Microsoft Excel file automatically downloads and runs a dangerous piece of malware onto your device.

Use the tips below to avoid falling victim to an attack like this one:

  • Never click a link or download an attachment from an email that you were not expecting.
  • Before enabling macros for a file, contact the sender using an alternative line of communication, such as making a phone call or sending a text message. Verify who created the file, what the file contains, and why enabling macros is necessary.

This type of attack isn’t exclusive to Microsoft products. The technique could easily be used on a number of other programs. Always think before you click.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Kaseya Security Crisis Scams

Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.

Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.

Here are some tips to stay safe:

  • Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
  • Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
  • Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Hidden Google Drive

To help protect you against malicious links, most email clients have filters that flag suspicious-looking emails. To bypass these filters, cybercriminals often create malicious content using well-known platforms such as Google Drive, and then use the platform’s share feature to distribute their content. Since these platforms are so widely used, your built-in email filters typically do not recognize that this content is malicious.

In a recent phishing attack, scammers are using a phony notification from DocuSign (a popular electronic agreement service) that actually includes a link to a malicious Google Doc. The fake notification states that you have an invoice to review and sign. If you click on the included View Document button, you’ll be taken to what appears to be a DocuSign login page that asks for your password. In reality, the button leads you to a Google Doc disguised as a DocuSign page, and any information entered on the document is sent directly to the bad guys.

Don’t fall for this trick! Remember:

  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you think the email could be legitimate, be sure to hover over the link (or button) to preview the destination. Look for discrepancies, such as a DocuSign email using a Google Drive link.

When an email claims to include an invoice, try to find evidence of the transaction elsewhere, like on your bank or credit card statements.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

June 2021

Five-Star Fraud

Say the new browser extension that you want to download has a lot of positive reviews. These reviews may make the extension seem legitimate, but not necessarily. Cybercriminals often use fake reviews to trick users into downloading malicious browser extensions.

For example, a malicious Microsoft Authenticator extension with fake reviews was recently found in the Google Chrome Store. The extension had five reviews: three one-star reviews and two five-star reviews. The real one-star reviews warned others that the extension was malware, while the fake five-star reviews praised the extension. This is just one example of how bad guys use fake reviews to gain your trust.

So, how do you know if the cool new extension is safe to download? Follow these tips to stay safe:

  • Only download extensions from trusted publishers. Cybercriminals can easily publish extensions or apps to app stores, so make sure you know who developed the extension before you download it.
  • Be suspicious of extensions that ask you to enter sensitive information. Legitimate extension downloads may request special permissions from you, but they won’t ask you to give up sensitive information.
  • Look for negative reviews. Don’t just focus on the positive reviews. Negative or critical reviews are less likely to be fake.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Prime Day or Crime Day?

Amazon, the world’s largest online retailer, is hosting their huge Prime Day sales event on June 21st and 22nd this year. Subscribers around the world are ready to shop! But while you’re looking for good deals, the bad guys are looking for the opportunity to scam you any way they can. Expect to see all sorts of scams related to Amazon’s Prime day, from fake advertisements to phony shipping notifications.

One Amazon-themed scam uses a phishing email disguised as a security alert. The alert starts with “Hi Dear Customer,” and goes on to say that your account has been “blocked” due to an unauthorized login. The email explains that, “You can’t use your account at the movement, Please Verify And Secure your account by following link”. If you were to click the link in the email, you would be sent to a malicious website.

Shop safely by following these tips:

  • Look out for spelling and grammatical errors. This specific phishing email was full of errors, such as using the word “movement” instead of “moment”.
  • Always go directly to Amazon.com when you want to shop, review your order information, or check on the status of your account.

Never trust a link in an email that you were not expecting. Cybercriminals have created hundreds of fake domains with the words “Amazon” and “Prime” in order to trick you.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Thank You for Calling – Here’s Some Malware

A recent social engineering scam uses real people in a call center to trick you into downloading malware onto your computer.

Here’s how the scam works:

You receive an email claiming that your trial subscription to a publishing company will expire soon. The email states that you will be charged if the subscription is not canceled, and it directs you to call a phone number for assistance. If you call this number a representative happily walks you through how to unsubscribe. The representative directs you to a generic-sounding web address, asks you to enter the account number provided in the original email, and tells you to click a button labeled “Unsubscribe”. If you click, an Excel file is downloaded onto your computer. The representative tells you to open that file and enable macros so you can read a confirmation number to them. If you enable macros, a malicious file is installed that allows cybercriminals backdoor access to your system. The bad guys can use this access to install more dangerous malware, such as ransomware.

Follow these tips to stay safe from this social engineering attack:

  • This attack tries to spark feelings of alarm and frustration by claiming that you will be charged for something you didn’t sign up for. Don’t let the bad guys toy with your emotions.
  • Remember that cyber-attacks come from real people and real people can lie over the phone, just as they do in phishing emails.
  • If you’re concerned that a warning could be legitimate, look up the company and try contacting them another way—not by using the phone number that they provided in an email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

May 2021

QuickBooks Used as Bait for a Quick Scam

An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, you get a dangerous cybersecurity threat.

The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches.

Here’s how you can stay safe from scams like this:

  • Never click a link or download an attachment in an email that you were not expecting.
  • Remember that bad guys can disguise anything, even file types.
  • If you think the notification could be legitimate, navigate to the official QuickBooks website and log in to your account to confirm.

Protect your network! Learn more about security awareness training for your team.

KnowBe4: Get More Info

We’d love to show you how utilizing KnowBe4’s platform can be an effective human firewall for your network. Please fill out the short form here and we will be in touch.