New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
FAKE 'FRAUDULENT CHARGE' BANK SCAM
This scam has been going on for months and seems to be targeting Wells Fargo customers. The scammer calls, claiming to be from Wells Fargo, and says that there was a recent suspected fraudulent charge on the account. The criminal then requests a user name reset on the victim's account. This triggers a six-digit verification code to be sent to the victim's cell phone. The victim is told this is to verify his identity for the "representative", when in fact the scammer will use it to reset his username. He then repeats this process to change the victim's password, install a money transfer application, and send $1000 from the victim's account to the scammer.
A Reddit user brought this phishing trick into the spotlight on February 21st: "[The scammer] spoofed Wells Fargo when calling me on my cell, requested a reset of my user name, password and approval for $1000 transfer. I stupidly read off the confirmation numbers I received via text to him, he entered them into Wells Fargo website to approve all these requests. Wells Fargo has known their customers have been getting scammed for 3 months and didn't bother to warn anyone. I now have to go into a branch, hang my head and tell my shameful story to a person and beg for access to my account because someone else has control of it all night tonight."
What to do: We recommend never giving out personal or sensitive information over the phone, or complying with requests like these, unless YOU initiated the call. Anyone can spoof a phone number these days to appear as though they are calling from your financial or other institution. If you receive a call like this, hang up and call back using the number printed on your credit or debit card. And if you must Google search a company's phone number, take extra care to make sure it's the official number and not a fake.
FAKE AMAZON CUSTOMER SERVICE
Speaking of fake phone numbers, scammers are gaming search engines to display phony phone numbers for Amazon customer service. Shoppers will frequently Google search a customer service phone number when they want to speak to someone. They'll call the fake number and be tricked into giving their information away to a criminal posing as an Amazon customer service rep.
What to do: Luckily, Google is working to combat these types of scams by prominently displaying the correct phone number for businesses in their search results. Always either get the number from the company's website directly or use the Google verified number. Never call customer support numbers from advertisements, as scammers can pay for these results.
Heather Aal from the Better Business Bureau recommends using this tactic if you're not sure: " 'Think about some identifying information for them. Rather than giving them your name, phone number, account number or whatever it is, ask them if they can look up your order. Well if you give them your address and they can't look up an order for you, there's a problem with that'
If they're asking for your entire credit card number or full account number, Aal says that's a red flag and credible businesses will not do that over the phone.
'They may ask for the last four digits. They may ask for a little piece of your personal information, but they're not going to ask for the... full credit card number, the full account number, the full social security number,' Aal explains." (KWTX)
EMAIL CONVERSATION HIJACKING AND MALWARE
These attacks begin with a widespread phishing campaign to trick users into giving up their email login credentials. Once the attackers have them, they can hijack existing email threads to easily distribute malware. By sending an infected attachment through an existing email thread, the attackers know that there is a much higher chance the recipient will not think twice about opening it. Once the infected attachment is opened, malware is installed that steals financial credentials from its victim.
"These attacks may be generic and widely targeted in spam blasts -- although some are more carefully crafted -- but if even a small number of people fall for the ruse, those behind the campaign have gained access to email login and password details they can use to extend their reach for the true aim of the campaign: distributing malware.
Rather than having to start brand new email threads in an effort to lure in victims, the attackers can use the trusted accounts to reply back to ongoing and previous legitimate conversations.
With control of the accounts, this stage of the campaign is relatively simple, as the attackers just send out replies with malicious attachments, which can easily be related to previous points in the discussion." (ZDNet)
What to do: Be extremely wary of emails that ask you to click a link, open an attachment, or take some sort of action directly from the email itself. If you don't recognize the sender and/or weren't expecting an email of this kind, DO NOT click anything within the email.
This new form of ransomware has its own set of quirks. "When the Thanatos Ransomware encrypts a computer it will generate a new encryption key for every file encrypted...unfortunately these encryption keys are not saved anywhere and thus according to researchers it would not be possible for the developers to decrypt the files even if a ransom payment is made." (Bleeping Computer) This means that even paying the ransom will not get you your files back.
Thanatos is also the first ransomware to accept Bitcoin Cash as payment (not that it will help you!)
What to do: Always maintain a current file backup as files can't easily be recovered with ransomware like this. Use a strong anti-virus and anti-malware program that incorporates behavioral detection. Do not open any email attachments from people you don't know, or that are unexpected. And keep your programs and operating system up-to-date.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!