New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
SCAMS, MALWARE, AND PHISHING EMAILS USING CORONAVIRUS/COVID-19
Scam example image via FTC.gov
Scammers are taking advantage of the worldwide pandemic to plant malware and steal information. A few of these scams include:
- Fake infection-tracking and informational websites that plant malware on the visitor's computer
- Emails that claim to have the cure or prevention methods for Coronavirus. These frequently ask the recipient to download an attached file or enter their details on a website to get the bogus information.
- Fake health products sold online claiming they can cure or prevent COVID-19
- Emails claiming to be from the Director-General of the World Health Organization spreading HawkEye malware. It's designed to steal information from infected devices and install even more malware.
What to do: Any company sending out information about Coronavirus is including all the information you need within the body of the email itself to help prevent these scams from succeeding. Never download an email attachment unless you were expecting it, and don't enter your information on any website that asks for it! There is no known cure or prevention for COVID-19 yet, and anyone claiming to have one is lying. Only visit official websites for information about the virus and infection tracking data. As this is so widespread, there will be thousands of scammers trying to take advantage of this situation. Be smart and stick to reliable sources!
TURBOTAX PHISHING SCAM
Example email via Trustwave
This email scam comes with the subject "Your TurboTax case is open" and tells the recipient that their tax return may be rejected unless they follow the instructions in the email.
An Excel spreadsheet is attached to the email, and when opened instructs the user to enable macros. These are actions that Excel can use to automate tasks, and in this case enabling macros allows malware to be planted on the computer. It can steal banking and other valuable information it finds on the device and deliver it to the criminal behind the scam.
What to do: You would never have to open an Excel document or other attachment in a case like this - that should be your first alarm bell that something is wrong. If something did need you attention with your tax return, the company would instruct you to log into your online account by visiting their website directly. We recommend never following links from emails like this - go to the website yourself and log into your account to view any notifications. Alternately, you can also call the company and ask if they've sent out the email in question. Note: never call a phone number that's in the suspect email. Attackers can set up fake company phone numbers to fool anyone who calls. Look up the company's official number yourself.
NUTRIBULLET WEBSITE INFECTED WITH CREDIT CARD-STEALING MALWARE
According to security researchers, hackers accessed the NutriBullet website a number of times over the last two months. They added malicious code onto the payment pages and siphoned credit card numbers and other details from anyone who used the website to make purchases.
While NutriBullet removed the code each time it was discovered on the website, the attackers were able to continuously access its internal systems to re-plant the malware.
What to do: NutriBullet has stated they're aware of the issue and are working with cybersecurity firms to remedy and prevent any further incidents. They have not as of yet notified customers who may be affected, however. If you've shopped on their website within the last few months, keep an eye on the payment account you used for it. You may also want to set up credit monitoring and alerts if you have not done so already.
CRUISE LINE DATA BREACHES
Norwegian Cruise Line and Carnival-owned Princess Cruises have both revealed data breaches that affected customer data.
In the case of Princess Cruises, an unauthorized party accessed company data through employee accounts in early 2019. These accounts contained data about employees, crew, and guests. The type of data varies by account but can include name, address, Social Security number, government identification number (passport or driver license), credit card and bank account information, and health data. There is no indication yet that this information has been misused.
Norwegian Cruise Lines discovered the breach via security researchers for from DynaRisk. A breached database of the company's was found online on a hacking forum on March 13th, 2020. The database contained clear text passwords and email addresses for nearly 27,000 of their travel agents. Agents have been asked to change their login credentials immediately. It does not appear that guest or other sensitive data has been accessed.
What to do: If you have been a customer of these cruise businesses, keep an eye on your financial accounts and change passwords if you have an online profile with them. You may also consider locking any cards you've used to make purchases with Norwegian or Princess if able.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!