The Latest Scams

Stop. Look. Think.

Don’t be Fooled!

January 2022

Google Voice Authentication Scams

Google Voice is a service that provides virtual phone numbers to make and receive calls and text messages. Each Google Voice number must be linked to a real phone number so that any activity can be traced back to the user. In a new scam, cybercriminals use your name and phone number to create a Google Voice number. Once created, cybercriminals can use the Google Voice number for other phone-based scams. Worse still, they can also use the linked Google Voice number to gain access to your Google account.

Here’s how the scam works: Cybercriminals target anyone that shares their phone number in a public space. For example, let’s say you post an ad for an old couch on a resale website and include your phone number. A cybercriminal could contact you pretending to be interested in the couch. Then, they could send you a Google authentication code and ask you to send them the code to prove that you are a legitimate seller. Unfortunately, the code actually allows them to link their Google Voice number to your real phone number.

Remember the following tips to stay safe from similar scams:

  • If someone wants to confirm that you are a real person, suggest a safe option, such as making a phone call or meeting in a busy, public place.
  • Resale sites are just one example of where cybercriminals could find your phone number. They could also reference social media posts or even your resume. Always be cautious when you’re contacted by someone you don’t know.

Never share a confirmation or authentication code with another person. Keep these codes between you and the service that you need the code for, such as logging in to your bank account.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Selling Phishy Stress Relief

For many people, the past two years have been some of the most stressful years of their lives. Unfortunately, cybercriminals are trying to use this stress to their advantage by creating fake promotions for CBD products.

CBD, short for cannabidiol, is a popular natural remedy that some people believe can reduce stress and help you relax. Cybercriminals are sending a variety of phishing emails that advertise unbelievable deals on CBD products. These emails include tactics that evade email filters, such as safe links that redirect you to a malicious website. Falling for one of these CBD scams could result in stolen money, a breach of sensitive information, or even malware installed onto your system.

Follow these tips to stay safe from similar scams:

  • Cybercriminals target your emotions and mental state in hopes of tricking you into acting impulsively. Always think before you click.
  • Be cautious of advertisements that promise outrageous deals on CBD or other high-demand products. Remember that if something seems too good to be true, it probably is!

Regardless of what you are buying, always shop from well-known and trusted retailers. If you haven’t shopped from a retailer before, look up reviews and customer feedback before you buy their product.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Fake Amazon Token Presales

Rumors are circulating that Amazon may create its own cryptocurrency. There hasn’t been any confirmation from official sources that these rumors are true. However, the truth hasn’t stopped cybercriminals from taking advantage of these rumors.

Cybercriminals are running social media ads that spoof well-known news sites such as CNBC and Yahoo! Finance. The ads claim that Amazon has opened presales for their “Amazon Token” and link to a fake Amazon website. The convincing website includes a roadmap outlining the release of the token, details about Amazon Prime integration, and a countdown to when the presale will end. If you try to buy an Amazon Token, you’ll be sending your money straight to the cybercriminals and receive nothing in return.

Follow these tips to stay safe from similar scams:

  • Before clicking on an ad, hover over the link to preview where the link will take you. For example, one Amazon Token ad led to amz-token[dot]presale-tokens[dot]cc. This address is not a legitimate website, because it is not using the official Amazon[dot]com domain.
  • Watch for poor grammar and misspellings. While the fake Amazon Token website looked great, it had a number of errors, such as “TOKENS AVAILABLEN” and “You can contribute AMZ token go through Buy Token page.”

Cryptocurrencies have a range of different origins, structures, and intended uses. Before investing in a coin, do your research about that coin by reviewing multiple well-known and trusted sources.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

December 2021

Watch Out For Omicron Variant Scams

Omicron, a new variant of the COVID-19 virus, is quickly spreading across the globe. This unfortunate news is only made worse by cybercriminals who are creating Omicrom-themed phishing scams.

In a recent phishing email, cybercriminals impersonate the United Kingdom’s National Health Service (NHS). The email appears to be an offer for a new COVID-19 Omicron PCR test. If you click the link within the email, you’re sent to an NHS look-alike website where you are asked to provide your personal details and payment information. Any information you enter on this fake webpage is delivered straight to the cybercriminals.

Follow these tips to avoid similar phishing attacks:

  • Although the scam is to impersonate the NHS, you may also see hackers from other countries using a similar scam. Watch out for suspicious emails from both local and global health organizations.
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from an organization you recognize.

Stay informed about the Omicron variant by following local news and other trusted sources.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Netflix Scam Double Feature
Netflix is both the world’s largest streaming platform and one of the most impersonated brands among cybercriminals. There have been many Netflix-themed scams over the years, but most of these scams target one of two groups: current Netflix subscribers or potential Netflix subscribers. To target current Netflix subscribers, cybercriminals send phony email notifications claiming there is a problem with your billing information. To target potential Netflix subscribers, cybercriminals send emails that advertise a deal for new accounts. Both phishing emails include links that lead to Netflix look-alike webpages where you’re asked to provide your personal and payment information. Any information you enter on these fake webpages is delivered straight to the cybercriminals. Remember the tips below to stay safe from streaming scams:
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from a company or service you recognize.
  • These types of scams aren’t limited to Netflix. Cybercriminals also spoof other streaming services, such as Disney+ and Spotify. Remember that if a deal seems too good to be true, it probably is.
If you receive an unexpected notification, open your browser and navigate to the platform’s website. Then, you can log in to your account knowing that you’re on the platform’s real website and not a phony look-alike website. Stop, Look, and Think. Don’t be fooled. Protect your network! Learn more about security awareness training for your team.
Share on facebook
Share on twitter
Share on linkedin
Share on email
A New Spam Scam

In a new scam, cybercriminals spoof Microsoft Office 365 by using the email address quarantine[at]messaging[dot]microsoft[dot]com to send you a spam notification. The fake notification claims that a seemingly important email with the subject line “[Your Organization’s Domain] Adjustment: Transaction Expenses Q3 UPDATE” has been quarantined. You are asked to review the email to confirm whether or not it should be marked as spam.

If you click on the Review button in the email, you will be taken to a phony Microsoft Office 365 login page. On this page, you are asked to provide your Microsoft credentials to access the supposedly quarantined email. Any information that you enter on this page will be delivered directly to the cybercriminals.

Remember the following tips to stay safe:

  • Never click on a link within an email that you were not expecting.
  • This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.

If you get a notification that you are unfamiliar with, reach out to your administrator or IT department. They can check to make sure the notification is legitimate.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
#Bitcoin-Hostage-Videos
An elaborate new Bitcoin scam targets Instagram influencers and their followers. In this scam, cybercriminals send an influencer a phishing link that takes them to a fake Instagram login page. If the influencer tries to log in to their account, their login credentials are sent directly to the cybercriminals. Once the cybercriminals have access to the account, they can change the password and prevent the influencer from logging in. Then, the cybercriminals offer to release control of the influencer’s account if the influencer creates a very specific video. In the video, the influencer must say they invested a small amount of money into Bitcoin and gained a huge payout. They must also tag and thank the Instagram account that belongs to their “friend” who helped them invest. Of course, this “friend” is actually the cybercriminal holding their account hostage. Once the video is created, the cybercriminals post it to the influencer’s Instagram page for all their followers to see. The end goal is for these loyal followers to send bitcoins to the cybercriminals under the assumption that they will be making an investment, just like the influencer did. Here are some tips to stay safe from similar influencer scams:
  • Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.
  • To the general public, Bitcoin and other cryptocurrencies are still very new and complex. Before you buy coins, learn more about cryptocurrency from well-known and trusted sources.
Never trust a get-rich-quick scheme. If something seems too good to be true, it probably is. Stop, Look, and Think. Don’t be fooled. Protect your network! Learn more about security awareness training for your team.
Share on facebook
Share on twitter
Share on linkedin
Share on email

November 2021

Order Confirmation Imitation

If you’ve started your holiday shopping, you may have received purchase confirmation emails from Amazon, one of the world’s most popular retailers. Unfortunately, cybercriminals have also been sending their own version of these emails. In a new scam, cybercriminals impersonate Amazon to send fake purchase confirmation emails in hopes of receiving a special holiday gift: your credit card information.

In this scam, cybercriminals send you a fake purchase confirmation email that appears to come from Amazon. In the email, you can review details about the phony purchase, such as the payment amount and your mailing address. To review the purchase further, you can click a “View or manage order” button in the email. If you click this button, you’ll be taken to Amazon’s real website, but you won’t be able to find information about the purchase. As a last resort, you can call the customer service phone number in the email. If you call, you’ll be asked to provide your credit card number and CVV number to cancel the purchase. Instead of canceling the purchase, you’ll grant cybercriminals access to your credit card.

Don’t fall for this scam! Follow the tips below to stay safe:

  • Watch out for fake customer service phone numbers. If you need assistance, check the vendor’s website to find their customer service phone number or email address.
  • Don’t click links in emails you weren’t expecting. If you click a malicious link, malware or other malicious software may be downloaded onto your device.

Don’t share sensitive information, such as credit card numbers or social security numbers, over the phone.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Online Shopping Steals

It’s Thanksgiving week in the United States, which means Black Friday and Cyber Monday are finally here! To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers.

Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you’ll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals.

Follow the tips below to avoid these malicious online stores:

  • Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as “Squishmellows” or “Squashmallows.”
  • Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!

Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
When Cybercriminals Ask for a Manager

Customer retention and satisfaction are vital to most organizations’ success. Knowing how important this is, cybercriminals send fake customer complaints in hopes of catching you off guard.

In a new phishing email, cybercriminals impersonate a member of your organization’s human resources or management team. The email addresses you by name, states “It is urgent request,” and tells you to call the sender immediately in regards to a customer complaint. Additionally, a PDF of the complaint appears to be linked within the email. If you click on the link, a webpage opens where you can download the customer complaint. Unfortunately, the file isn’t actually a PDF. Instead, it’s a dangerous piece of malware.

Here’s how you can stay safe from similar scams:

  • Think before you click. Cybercriminals exploit emotions, such as the fear or guilt of upsetting a customer, to trick you into clicking on malicious links.
  • Watch for poor grammar and unusual phrasing in emails, such as “It is urgent request.” Emails from legitimate sources are more likely to use correct and natural language, such as “This is urgent” or “This is an urgent request.”

Never click a link in an email that you weren’t expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Phishing Starts Earlier and Earlier

It’s only early November, but you have probably already seen Christmas trees sold in stores. This is a trend known as “seasonal creep” in which retailers start selling seasonal items in advance of the actual season. Did you know that cybercriminals also follow this trend?

For example, Black Friday and Cyber Monday traditionally fell after Thanksgiving in the United States. However, these international shopping events now start as early as November 1. Cybercriminals take advantage of this trend by sending phishing emails disguised as advertisements and phony purchase receipts long before the holiday season begins.

Follow the tips below to shop safely this holiday season:

  • Never click a link from an email or text message that you weren’t expecting, even if the link appears to be for a store you recognize. Instead, use your browser to navigate directly to the retailer’s official website.
  • Watch out for malvertising. Malvertising is when cybercriminals try to phish shoppers through ads on social media and other websites. Always think before you click!

Be cautious of advertisements that promise outrageous deals. Remember that if something seems too good to be true, it probably is!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Real People in Fake Call Centers

The newest trend in cybercrime is the use of cybercriminal-controlled call centers to trick you into providing your bank or credit card information. Cybercriminals try to use real people in fake call centers to convince you that a scam is legitimate.

A recent call center scam starts with an email that appears to be an invoice for a very large purchase. It is not clear what company this invoice is from or what was purchased, but the payment amount is listed six times. The email also starts and ends with a line directing you to call their number if you did not authorize the transaction. If you call the number provided, a representative happily offers to refund you. But first, they’ll need your bank or credit card information. Unfortunately, the representative is actually a cybercriminal who plans to use your payment information for their own devious purposes.

Follow these tips to stay safe from this social engineering attack:

  • The invoice in this attack is specifically designed to cause alarm and frustration. Cybercriminals target your emotions in hopes of tricking you into acting impulsively. Always think before you click.
  • A valid phone number doesn’t mean that an email is legitimate. Cybercriminals are real people who can lie over the phone, just as they lie in phishing emails.

Instead of calling the provided number, reach out to your bank or credit card company to verify the details of the transaction. If by chance there has been unauthorized usage, your bank or credit card company can help correct the issue.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

October 2021

Advanced Attacks from APT35

A cybercriminal group known as APT35 has been targeting high-profile organizations in government, journalism, higher education, and more. For a more convincing attack, APT35 compromises legitimate websites that work with these high-profile organizations.

Once they’ve compromised a website, APT35 uses the website to send phishing emails to their targets. For example, in one attack APT35 sent emails with phony invitations to an upcoming webinar. These invitations included a link to the compromised website. If you clicked on the link, you were brought to a registration page. On this page, you would be asked to sign up using your email credentials. APT35 wants you to hand over your credentials so that they can gain access to your account, personal information, and eventually your organization. 

Use the tips below to recognize similar advanced attacks:

  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
  • Never click a link in an email that you weren’t expecting. Even if you recognize the email sender, consider what the link is for and why it was included in the email. 

When in doubt, contact the sender by phone or in person to confirm the legitimacy of the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Find the Square Root of Verizon

In a recent scam, cybercriminals impersonated the telecommunications provider, Verizon. The logo for Verizon is the company name, followed by a red asymmetrical “V” that resembles a check mark. Cybercriminals imitated this logo by using mathematical symbols, such as the square root symbol (√).

Using their fake logo, cybercriminals sent a phishing email that was disguised as a Verizon voicemail notification. The email directs you to click the “Play” button to listen to the voicemail. If you click the button, you are taken to a phony look-alike Verizon webpage. Before you can listen to the voicemail, you are directed to log in to your Microsoft Office 365 account for authentication. Unfortunately, if you enter your credentials, you’ll give the cybercriminals full access to your Microsoft Office 365 account.

Use the tips below to stay safe from similar scams:

  • This type of attack isn’t exclusive to Verizon. Cybercriminals could easily use this technique for other brands. Always think before you click.
  • Watch out for anything out of the ordinary. A Verizon webpage asking you to log in using your Microsoft Office 365 account is quite unusual.

If you receive an unexpected notification, open your browser and navigate to the provider’s website. Then, you can log in to your account knowing that you are on the real website and not a phony look-alike website.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
The Ultimate Data Breach Database

With a year full of high-profile data breaches, one cybercriminal has created the ultimate database. The cybercriminal claims that the database contains over 3.8 billion records and is attempting to sell the information on the dark web.

Allegedly, the database is made up of scraped phone numbers that were then linked to Facebook profiles, Clubhouse accounts, and other sensitive information. Due to the nature of this data, we expect to see an increase in smishing attacks, hijacked accounts, and other social media scams.

Use the tips below to stay safe from these types of scams:

  • Smishing, or text message phishing, is difficult to spot. When you receive a suspicious text message, ask yourself these questions: Were you expecting this message? When did you give the sender your phone number? Did you sign up for text notifications?
  • Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.

For a high level of security, keep your social media accounts private. Only accept friend requests or follow requests from people that you know and trust.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
No Time to Phish

James Bond is one of the longest-running film series in history. Since fans have been waiting since 2015 for another installment, the new film, No Time to Die, is making headlines. Cybercriminals have wasted no time and are using the film’s release as phish bait in a new scam.

The scam starts with an ad or pop-up window that claims you can stream No Time to Die for free. If you click on the ad, you are taken to a malicious website that plays the first few minutes of the film. Then, the stream is interrupted and you are asked to create an account to continue watching. Of course, creating an account includes providing personal information and a payment method. Unfortunately, if you complete this process the cybercriminals can charge your debit or credit card for as much money as they’d like. Plus, you won’t actually get to watch the film.

Here are some tips to avoid scams like this:

  • Be suspicious of ads, emails, and social media posts that offer free services for something you would typically have to pay for.
  • Only use well-known, trusted websites to stream movies, shows, and music.

Never trust an online ad. Use a search engine to look up reviews, articles, and the official website for any product or service that catches your eye.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

September 2021

Shortened URLs Are a Sneaky Shortcut

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it’s longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage.

Don’t fall for this trick! Remember the following tips:

  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.

This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Shortened URLs Are a Sneaky Shortcut

Most email clients have filters in place to flag suspicious-looking emails. Unfortunately, cybercriminals always find new ways to bypass these filters. In a new scam, cybercriminals use shortened LinkedIn URLs to sneak into your inbox.

When someone makes a LinkedIn post that contains a URL, the URL will be automatically shortened if it’s longer than 26 characters. A shortened LinkedIn URL starts with “lnkd.in” followed by a random string of characters. This feature allows cybercriminals to convert a malicious URL to a shortened LinkedIn URL. Once they have the shortened URL, cybercriminals add it to a phishing email as a link. If you click on the link, you are redirected through multiple websites until you land on the cybercriminals’ malicious, credentials-stealing webpage.

Don’t fall for this trick! Remember the following tips:

  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you think the email could be legitimate, contact the sender by phone call or text message to confirm that the link is safe.

This type of attack isn’t exclusive to LinkedIn URLs. Other social media platforms, such as Twitter, also have URL shortening features. Always think before you click!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Friendly Spear Phishing

Spear phishing is a phishing attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media. Spear phishing attacks on social media often come from fake accounts, but in a recent scam, cybercriminals used real, compromised accounts. After hijacking an account, cybercriminals impersonated that person and targeted their friends and followers.

In this scam, cybercriminals use the hijacked account to engage in friendly conversations with you in an attempt to lower your guard. Since you don’t know that the account has been hijacked, you are more likely to trust information that they send to you. Once they think they have your trust, the cybercriminals will send you a Microsoft Word document asking for you to review it and give them advice. Once you open the document, the program will ask you to enable macros. If you do enable macros, your system will automatically download and install a dangerous piece of malware.

Follow the steps below to stay safe from this scam:

  • Think about how a conversation with this person typically looks and feels. Do they usually ask you to download files? Are they typing with the same pace, grammar, and language as usual? Be suspicious of anything out of the ordinary.
  • Before you enable macros for a file, contact the sender by phone call or text message. Verify who created the file, what information the file contains, and why enabling macros is necessary.

Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website.

Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.

Follow the tips below to stay safe from this unique threat:

  • Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
  • Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information.

If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
Watch Out for Windows 11 Scams

Microsoft Windows is the most widely used operating system in the world. This October, it is getting an upgrade. Microsoft has announced that starting October 5, compatible systems that run the current version of Windows 10 will be offered a free upgrade to Windows 11.

Cybercriminals are sure to use this announcement in several ways. In the coming weeks, we expect to see update-related phishing emails, fake Windows 11 webpages, and pop-up ads designed to look like a Windows update.

Don’t fall for these scams. Follow the tips below to stay safe:

  • Always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively.
  • Only trust information from the source. If you want to learn more about the Windows 11 update, go directly to Microsoft’s official website or follow their official social media pages.

If you are prompted to update your work computer, reach out to your administrator or IT department. They can check to make sure the update is legitimate and safe.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email
COVID-19 Is the Never-ending Phish Bait

Cybercriminals have used COVID-19 as phish bait since the start of the pandemic, and they’re not stopping any time soon. In a recent attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form “could carry significant fines”.

If you click the link in the email, you are directed to a realistic but fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a real vaccination form from your local government. The good news is that this form isn’t actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.

Remember these tips to avoid similar phishing attacks:

  • Watch out for a sense of urgency, especially when there is a threat of a fine or a penalty. These scams rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting.

If you receive an unexpected email from someone within your organization, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Share on facebook
Share on twitter
Share on linkedin
Share on email

KnowBe4: Get More Info

We’d love to show you how utilizing KnowBe4’s platform can be an effective human firewall for your network. Please fill out the short form here and we will be in touch.