By Lauren Morley on Nov 20, 2019 9:13:00 AM
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
Fake sexual harassment complaints spreading malware
Image via Bleeping Computer
Phony emails that appear to come from the US Equal Employment Opportunity Commission are being used to spread a type of malware known as TrickBot through large companies.
Phishing emails are distributed to employees, using personal information collected by the attackers such as their name, the company name, job titles, and phone numbers to make the scam more convincing. The subject line of the email uses the format "Name_of_Victim - A grievance raised against you." Using fear tactics coupled with this level of personalization can be very convincing to recipients, and raises the risk of them opening the attached infected document to learn more details about the phony complaint.
Luckily, at least so far, the scammers haven't paid enough attention to other details to make the email completely convincing. Misspellings such as 'harrassment' and forms that don't match the content and logos are clear signs of a fake.
What to do: If you receive an email like this, remember that it's a fake! Look for signs like misspelled words, things that don't match, and odd logos or images. If you want to check the validity of supposedly important emails you may receive, contact the issuing party directly. Don't use any phone numbers or email addresses contained in the email itself, but search and find the organization's official website. And never open attachments in emails unless you're positive it's legitimate and were expecting the attachment!
Costco coupon Facebook scam
This scam promises users that if they complete several surveys and share the phony post on Facebook, that they will receive a $75 coupon for Costco. While it's not clear what the end goal of this scam is, generally the perpetrator will use these to collect personal details.
Costco learned of the scam and posted on their Facebook page, "Despite several posts out there, Costco is NOT giving away $75 coupons. While we love our fans and our members, this offer is a SCAM, and in no way affiliated with Costco. Thanks to our fans for letting us know about this recurring hoax!"
What to do: Now that you know of this scam, don't fall for it! Always be wary of social media promotions and double check that they are actually coming from the official company page.
Expedia online travel booking scam
Travelers looking for help with their online bookings are being scammed by thieves posing as Expedia employees. The scammers will set up a fake website and ads impersonating Expedia. Users will search for Expedia customer support and call the scammers' number. The person who answers will tell callers that the refund website is down and customers need to buy gift cards to receive a refund or pay change fees.
What to do: Expedia stated they are working to remove the fake numbers and make their true customer service contact information easier to find. If you ever need to speak with customer service at any business, do not simply call the first number that pops up in an online search. Go to the company's official website and find the information there.
Bank scam using Zelle to steal money
A phone scam is making the rounds and tricking many recipients into giving attackers access to their bank accounts. The attacker will call and say they're from your bank, and that they've detected fraud on your account. The caller will help you take care of it and set up security measures to prevent future fraud.
The victim receives a "verification code" to enter on their login page in the bank's app. While the attacker claims this is to verify you are the owner, you're actually allowing them to reset your account login information. The caller will tell you that the account is locked to prevent problems and you will be issued a new debit card.
However, victims will realize that the attacker has actually gained access to their account and changed the login details to lock you out. If you don't already have a Zelle money transfer account set up, they will set one up under your bank information and begin transferring your money to them.
What to do: All it takes for this scam to work is the attacker knowing your phone number and which bank you use, along with you going along with their instructions! If you receive a call claiming to be from your bank, tell the caller you will call them back. They will likely try to keep you from doing so by telling you this is urgent and needs to be taken care of right away before the supposed fraud affects you. Do not stay on the line regardless of what they say. Look up your bank's official customer service number (usually on your card itself, or on the company's official website). They will be able to tell you right away if there is anything going on with your account.
Phone scam impersonating law enforcement
Another phone scam has been hitting states in various similar forms. The caller will tell you that they are with law enforcement (and sometimes even use the name of an actual officer in the area). The caller may use spoofing technology to make it look like the call is coming from a local agency.
The "officer" will tell you that there is a warrant out for your arrest, or one is about to be issued. The recipient can clear up the warrant by giving gift cards or giving money to the caller.
What to do: A law enforcement officer would never call you to demand any sort of payment to clear up a warrant. Any warrants will be delivered in person and you won't receive a phone call letting you know about it! Never give personal information over the phone to unsolicited callers, don't meet anyone in person, and contact your local police department if you do receive a call like this.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!