Lauren Morley - Feb 26, 2020

New Cybersecurity Threats and How to Protect Yourself: February 2020

New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.

 

AMEX AND CHASE FRAUD PROTECTION PHISHING EMAILS

Amex Fraud Email

Email example image from Bleeping Computer

These fake fraud protection emails appear to come from either American Express or Chase Bank. The emails will alert the recipient that there has been unusual activity on their account, and to confirm or deny recent charges. The phony charges seem to be from Best Buy, TOP UP B.V., and SQC*CASH APP.

Clicking the "No, I don't recognize one or more of these transactions" button directs you to a duped Chase or Amex login page and verification process. The "verification" will let the attacker steal lots of valuable information from you, like your login information, address, date of birth, social security number, and debit/credit card information.

While there are some giveaways in the email, they are subtle, and a panicked user may not notice these in their rush to reconcile fraudulent activity.

What to do: Always think for a moment before clicking links in an unexpected email. Even in a situation that you'd consider urgent such as this, nothing will happen if you wait another minute to examine the email. Check for misspellings and grammar issues, urgent requests, email addresses that don't come from/lead to the company's official website, and other phishing email giveaways.

 

CHROME EXTENSION MALWARE

Google Chrome

Cisco's Duo Security team discovered around 70 Chrome extensions guilty of planting malware. Around 1.7 million people had these extensions installed at the time of discovery, so check your browser and remove any that appear on this list right away!

  • Ad offers by Froovr
  • Ads by MapsVoyage
  • Advertisement Offers by QuizKicks
  • Advertisements by ArcadeYum
  • Advertisements by MapsScout
  • Advertisements by QuizDiamond
  • Advertising by MapsFrontier
  • Advertising by MapsPilot
  • Advertising Offers by FreeWeatherApp
  • Advertising Offers by MapsPilot
  • Advertising Offers by MapsVoyage
  • Advertisment Offers by GameDaddio
  • ArcadeCookie Offers
  • ArcadeFrontier Ads
  • ClassifiedsNearMe Promos
  • ClassifiedsNearMe Promos
  • CouponRockstar Offers
  • CrushArcade Ads
  • DearQuiz Advertising
  • DeluxeQuiz Advertising
  • EarthViewDirections Promotions
  • EasyToolOnline Promos
  • EasyToolOnline Promos
  • ExpressDirections Ads
  • ExpressDirections Promos
  • ExpressDirections Promos
  • FreeWeatherApp Advertisement Offers
  • FreeWeatherApp Promos
  • FreeWeatherApp Promotions
  • GameDaddio Marketing
  • GamesChill Ads
  • GameZooks Advertisements
  • GoFreeRadio Promos
  • GreatArcadeHits Ads
  • JumboQuiz Advertising
  • LoveTestPro Ad Offers
  • MapsFrontier Advertisement Offers
  • MapsFrontier Advertisements
  • MapsFrontier Advertising
  • MapsFrontier Advertising Offers
  • MapsFrontier Promos
  • MapsPilot Ad Offers
  • MapsScout Advertising Offers
  • MapsTrek Offers
  • MapsTrek Promos
  • MapsTrek Promos
  • MapsTrek Promotions
  • MapsVoyage Ads
  • MapsVoyage Advertising
  • MapsVoyage Promotions
  • Offers by MapsFrontier
  • Offers by MapsScout
  • PackageTrak Promos
  • PackageTrak Promos
  • PackageTrak Promos
  • PackTrackPlus Promos
  • PackTrackPlus Promotions
  • PackTrackPlus Promotions
  • PackTrackPlus Promotions
  • PlayPopGames Ads
  • PlayThunder Offers
  • PlayZiz Advertisements
  • ProMediaConverter Promotions
  • QuickNewsPlus Promos
  • QuizFlavor Advertising
  • QuizPremium Advertisements
  • RecipeAlly Promos
  • SuperSimpleTools Promos
  • SuperSimpleTools Promos
  • YoYoQuiz Advertisements
  • YoYoQuiz Promotions

What to do: Never install sketchy extensions! Promotional, advertising, news, quiz, weather, and other convenience apps are known for frequently being made by malware creators. To remove an extension, right click its icon in your browser and click "Remove from Chrome".

 

FAKE CORONAVIRUS EMAILS SPREADING MALWARE

ncov-phish-640

Email example image from Sophos

These emails are duped as coming from the World Health Organization to lend credibility to the scam. Some talk about a conspiracy related to the coronavirus outbreak, and how unreleased cures are being held from the public. The email tells the recipient to click a link to find out more about the "cure". This leads them to a fake DocuSign page where they're asked to give personal and credential information to view the information.

Some of the emails tell the user to click the contained link to view safety measures. This will lead to a form that also hopes to steal your information.

What to do: If an email preys on fears, especially about trending issues, it's worth being suspicious of. Conspiratorial emails are highly suspect. Most of these emails are rife with spelling and grammatical errors, which is luckily an easy giveaway.

 

LOKIBOT MALWARE SPREAD THROUGH FAKE EPIC GAMES LAUNCHER

Epic Games LokiBot Installer

Epic Games is the company behind the extremely popular video game Fortnite. Being one of the most downloaded games, it's also a big target for cybercriminals. Researchers believe the fake installer is spread through spam phishing emails. Code throughout the installation helps prevent antivirus programs from detecting it.

LokiBot is a newly-popular malware strain that targets banking information. It usually spreads through malicous email attachments such as this one.

What to do: This scam should be shared with your young children and teens if they play video games, as Fortnite has a primarily younger player base. They may not be as aware of attacks like this and install the malware from the email. And of course, be on the lookout yourself! Never install anything from an email, instead go to the official website.

 

Check mark If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!

How to Protect and Control Your Online Identity