“Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interests. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.
Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are being used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information. Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM
Obviously, an end-user who was trained to spot social engineering red flags would think twice before falling for these scams. The link goes to a complimentary job aid that you can print out and pin to your wall. You’re welcome to distribute this PDF to as many people as you can.
Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.
But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.
ALERT: WannaCry ransomware hits 150 countries with over 200,000 victims in only 3 days. The attack crawls for open vulnerabilities in Windows OS. Typically, ransomware like most Phishing attacks use a blended approach of email and web as attack vectors.
Please be sure to: (a) update your Windows OS right away, (b) make sure you have and are using current versions of both email and web security systems, and (c) archive your emails and files to ensure back up and recovery.
Criminal hackers are constantly trying to trick people into clicking on links or open attachments they did not ask for. Their new “scam of the week” is to send you an email that looks like it comes from WhatsApp and claims it is a voice mail left for you. It’s not.
Do not click on the “Play” button. If you do, your computer will get infected with malware which can cause your identity to get stolen, or all your (or the organization’s) files held for ransom.
Here is a general safety rule: Instead of clicking a link in an unverified email claiming it’s from WhatsApp (or any other social media) log in to your WhatsApp account the standard way instead and check for any messages there. Remember: “When in doubt, throw it out!”
“There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.
“Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.
Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!”
- Infection vector is email attachment with HTA file
- Spora exhibits worm-like behavior using .LNK files
- Anyone bringing a USB stick to the office is now a possible ransomware infection vector.
Read the entire article at KnowBe4
A new article published today by KrebsonSecurity about the hacking of the San Francisco rail system re-confirms that foreign hackers use ransomware to extort money from U.S. businesses. The hacker in the Krebs article has been extorting money from different companies in the amounts of tens or hundred of thousands of dollars. Read the entire article on KrebsonSecurity.com
Sometimes we may think that, my company is not big enough to catch a hacker’s interest. Wrong. No company is too small or too big for a hacker to extort money from. As the hacking impact may be different for each company, it is interfering with the business operations. It is important that additional security measures are taken to accessing company database and files. Additionally, if you received a ransom request after an attacked, report it immediately to the FBI. Each reporting can be used to identifying the bad guys.
On September 15, FBI published a new Public Service Announcement urging victims of ransomware to report the attacks to the them. Every ransomware report helps the FBI “gain a more comprehensive view of the current threat and its impact on U.S. victims”.
Ransomware creators are currently targeting businesses, not only individuals, causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. In the first months of 2016, FBI reports that the “global ransomware infections were at an all-time high”, estimating 100,000 computers a day being compromised by one ransomware variant. However, an exact number of individual or business victims cannot accurately be identified because many of the ransomware attacks go unreported.
“All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network.”
CONTINUE READING at: https://www.ic3.gov/media/2016/160915.aspx
5/23/2016: [ALERT] Two Attacks for The Price Of One: Weaponized Document Delivers Ransomware and Potential DDoS Attack
DDoS (distributed denial of service) in ransomware a new trend… Beware of phishing emails! The attack comes as a Rich Text Document (.rtf) file attached to your email. Opening it and running the macro attached to it, will install the ransomware on your computer.
Read the full article for technical details