There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.

Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into your network.

Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!

 

News broke that pop star George Michael was found dead in his home in Oxfordshire, England. He was 53.  Internet scum are going to exploit this celebrity death in a number of ways, so be careful with anything on anything related to George Michael’s death: emails, attachments, any social media (especially Facebook), texts on your phone, anything. There will be a number of scams related to this, so Think Before You Click! 

Over the weekend it became clear that 339 million names, addresses and phone numbers of registered users at the AdultFriendFinder site were hacked. All these records are now owned by cyber-criminals, exposing highly sensitive personal information.

These bad guys are going to exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with AdultFriendFinder,  delete them immediately, both in the office or at the house.”

Please forward this to friends, family, colleagues and peers

Here is one of the examples of Ashley Madison extortion that came out after that hack, and you can expect the bad guys to do the same thing with AdultFriendFinder:

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $625 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you
need help locating a place to purchase BTC, you can start here…..

 

A new celebrity death scam reared its ugly head. The bad guys claim that Brad Pitt has committed suicide because of the recent Angelina Jolie divorce.  The scam is currently on Facebook but you can expect emails with links for “more details” and/or attachments that claim it is a video of his last moments. There are several versions that claim he hanged himself, died in a shooting range or from a substance overdose.

You might even get text messages to your smartphone that try to trick you into going to a site with the exclusive pictures of his death. If you see any social media posts or get emails with links or attachments, do not click on anything, do not open attachments or reply, and if it is social media, do not touch and do not share or forward. These bad guys will use anything to shock and trick you into clicking. 

Do not fall for it and Think Before You Click!

There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.

Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.

If you do, two things may happen:

1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.

2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.

Remember, if you get any emails that either promise something too good to be true, OR looks like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.

If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont’ fall for it! http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3

There is a new Scam Of The Week where bad guys have taken an actual past scam that the Federal Trade Commission has resolved and is now refunding money on. Bad guys take these FTC cases by just go to the FTC website to get ideas and create a phishing attack out of them and start sending them to millions of people.

 

Here is the rule: If you receive any emails from an official-sounding organization that promises you a refund for any amount, be very careful and never click on any links or open any attachment you did not ask for. Delete the email.

 

When you are really expecting an FTC refund, go to their website yourself using your own shortcut, or by typing the address in your browser, or Cut & Paste this URL:  https://www.ftc.gov/enforcement/cases-proceedings/refunds (this link may be redirected, do not click on the link)

 

Remember: Think Before Your Click!

 

There is a new scam you need to watch out for if you log into your accounts and have to wait for a text message on your phone to enter and only then log in. This more secure system is called “2-factor authentication”. These two factors are:

  1. one thing you need to know — your password
  2. one thing you have to have — the text code on your phone

Now, criminal hackers are trying to get past this with a nasty trick you need to watch out for. Tens of millions of hacked user names and passwords have recently surfaced — yours may be one of them — and they are using these for this scam.  Read this.

They send you a fake (spoofed) text that looks like it’s from the company you have an account with, claiming that your account may be hacked or that there is suspicious activity happening.

In the same text they say they will send you your verification code and that you need to send that right back to them or your account gets closed. But if you text that verification code back, you have given the hacker just the thing they needed to hack into your account! The French would say: “Simple comme Bonjour“.

TIP TO STAY SAFE

If your accounts are protected by 2-factor authentication, the only time you will be sent the code is to verify an attempt to log into your account.  That means if you did not just try to log in and you suddenly receive a verification code through a text message to your smartphone, it is because a scammer who already has your user name and password is trying to hack into your account.

Never provide your verification code to anyone. Only use it to input the code into your smartphone or computer when you log into a 2-factor authentication protected account. And as a reminder, never give out personal information, such as your Social Security number or credit card numbers in response to a text message (or email) because you simply cannot know for sure who is really on the other end of that communication line.

Remember, Think Before You Click!

The Summer Olympics in Rio de Janeiro are going to be a major event, however, the bad guys are going to exploit this with a multitude of scams at the same time. Anything you receive in email, text, or even voice mail, you should look at with a healthy dose of skepticism, and ask yourself: “Could this be a scam?” Here are six examples but the possibilities for scams are endless:

  • Emails with DOC or PDF attachments related to tickets or other special offers related to Rio
  • Advertising banners on websites that are poisoned and infect your workstation
  • Scam phone calls trying to sell you Rio-related travel or even products
  • Links to controversial Rio-related videos
  • Claims that the whole event will be moved because of the Zika virus
  • Complete fake websites which claim they will sell you cheap tickets to the event

So remember, anything to do with the Olympics in Rio the coming months… Think Before You Click!

 

The original LinkedIn 2012 data-breach turns out to have been much larger than the estimated 6.5 million username and passwords that were stolen. There are really more than 100 million records compromised and LinkedIn is sending emails to these users that they need to change their password.

The bad guys however, are jumping on this as well and are sending phishing emails with a fake LinkedIn login page. If you fall for this scam and log in on their fake page, your credentials will be stolen and your LinkedIn account compromised and/or your computer infected with all kinds of malware.

If you receive an email that seems to come from LinkedIn, hover over the links and make sure they are legit before you click. Even better, do not click on anything and just go to LinkedIn using your browser and change your password. If you have used your LinkedIn password for other sites, it’s time to change those as well!

There is a recent wave of phishing attacks that try to trick you into opening “secure documents”. You receive an email that looks like it is a DocuSign or EchoSign or Secure Adobe PDF notification with an important document attached that needs to be looked at.

The bad guys try to trick you into opening and clicking the attachments, and “enable macros” or “enable editing” but when you do, your workstation gets infected with malware or ransomware.

When you receive this type of document, which you did not ask for, and it’s from someone you do not know, be very cautious and if you want to be sure, delete the email. If it looks like it comes from someone you do know, pick up the phone, use a phone number you know is valid (not a phone number from the suspicious email itself), and verify if this actually was sent by them and what the purpose was.

Here are some actual phishing attack examples. The bad guys use the “secure document” theme to trick users into clicking on dangerous links or attachments in three different ways:

 

1. Dangerous links in email bodies
The bad guys spoof legitimate secure document delivery services (such as those from Proofpoint, DocuSign, or Cisco) to trick users into clicking malicious links in the bodies of emails. In many cases what users encounter is a web page attempting to perform a login or email credentials phish.  Note the fake DocuSign branding around the web page borders.

fake-secure-doc-8

 

2. Dangerous links in PDFs
The bad guys also create elaborate PDFs designed to convince users that they are handling “secure” or PDF documents containing “protected” content that can only be accessed by clicking a particular button or word. In fact, what users are clicking on is a malicious link that will open in the browser.

fake-secure-doc5a

 

3. Malicious macros in Word Docs
The bad guys use a similar ruse to trick users into enabling macros after opening malicious Word Docs. Far from enabling allegedly “secure” content, what users are in fact doing is kicking off a download process that will likely result in the installation of Ransomware or a banker Trojan.

macro-warning-9