By Lauren Morley on Jan 31, 2018, 11:39:29 AM
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
Netflix 'payment declined' phishing emails
Netflix is a popular company for cyber-criminals to imitate. They're back at it again with another fake Netflix email trying to steal your financial information. This one comes in the form of an email stating that your recent payment was declined, and asks you to update your credit card information - on a fake page, of course. The email and phony webpages are convincing, using the Netflix design and branding we're all familiar with. Once you "update" your payment information, you're redirected to the real Netflix page to ward off any suspicions.
What to do: Never, ever, EVER click a link or button in emails like this. If you receive this or a similar message from any company, go to their website directly by typing it in your browser. Log into your account manually and you'll easily see if there are any messages or problems with your account.
Fake FedEx package delivery emails
Fake delivery emails are nothing new, and you should always be wary of them. This recurring scam starts with a fake FedEx email saying that a package could not be delivered. It tells the recipient to click a link to print out a mailing label and take that label to a local FedEx office to pick up their package. The link provided in the email is malicious, and once clicked will install a piece of malware that will steal private data from the victim.
What makes this attack different and scarier than in the past is that the link doesn't give away the scam. The creator is using Google Drive for this campaign, so the link appears to be safe - leading to Google and even using HTTPS. So far more than 20 companies and several universities have been hit with this malware, so it appears the creator is going for professional-level targets.
What to do: Same as above - never click the links in emails like this! It is simple to check with the company itself to confirm or deny a package mishap.
W-2 phishing scams
As tax time comes, so do the tax scams. And they've gotten more advanced than calling people and claiming to be the IRS. This scam targets payroll employees in businesses, tricking them into sending sensitive company information to the fraudsters.
"The crooks figure out who the big bosses are and use business email to pose as those executives in emails sent to payroll employees, asking for copies of Forms W-2 for all employees. The forms, of course, include employee names, addresses, Social Security numbers, incomes and withholdings. The crooks use the information to file bogus tax returns — or sell it on the so-called Dark Net. In some cases, the fraudsters asked for a wire transfer after receiving the employees’ information." (AccountingWeb)
What to do: If you have access to employee W-2's, please be on the lookout for this scam! Confirm any employee information requests by phone or face-to-face with executives. If you do get hit, here is the proper procedure for reporting it to the IRS:
- Email firstname.lastname@example.org of a Form W-2 data loss and provide contact information, as listed below.
- In the subject line, type “W2 Data Loss” so that the email can be routed properly. Employers should not include any identifiable information data for employees.
- The email should include the business name, employer identification number connected to the data loss, contact name and phone number, description of how the data loss happened, and how many employees were affected.
Malware stealing WhatsApp messages, recording users, and controlling phones
A new form of Android malware dubbed 'Skygofree' allows its creator to have complete remote control and spying capabilities over victims' phones. One feature it's becoming known for is the ability to steal WhatsApp messages. It can also enable the phone's microphone and record; eavesdrop on surrounding activity when the device enters a certain location; take pictures and video; and steal call records, text messages, geolocation information, calendar events, and business-related information stored in memory.
What to do: Luckily, this malware is pretty easy to avoid. It is spread via fake mobile-service websites, usually under the guise of an offer to update your phone to speed up your internet connection. There are no updates that will speed up your internet connection, so never believe an offer like this. Only download programs from the official Google Play Store.
Fake cryptocurrency 'SpriteCoin' installing ransomware
As cryptocurrency surges in popularity, so do scams involving it. A group of hackers has been fooling people into downloading a fake cryptocurrency wallet for a non-existent currency called SpriteCoin. Once installed, the file executes on your computer and encrypts all files. The typical ransomware note pops up on the victim's screen, demanding a ransom of a set amount of Monero - a legitimate cryptocurrency. What's worse is the key you're given after paying the ransom, the one that's supposed to unencrypt your files and unlock your computer, just installs more malware!
What to do: Avoid anything related to SpriteCoin, it's not real! If you are trying to invest in cryptocurrency, do your research before buying anything. Only purchase from legitimate, verified sources.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!