Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

New Phishing Emails Target Citibank Account Holders

Are you a Citibank customer?  If so, be aware that a group of scammers is specifically targeting Citibank account holders.

The campaign is incredibly convincing, and the emails look just like official communications from the company.  All logos have been copied and are positioned correctly.  The sender address appears genuine at first glance and the body of the email message is free of typos which is a common “tell” among poorly orchestrated phishing campaigns.

The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient’s Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.

The solution according to the email is simple.  Take swift action now to protect your account.  Click the link below to verify your account information and avoid a permanent suspension.

Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.

Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn’t. Any user who “verifies their credentials” by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.

This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL.  Never trust embedded links!

0
Posted on Author Atlantic Computer Services Categories Blog

Malware Hidden Inside Games Found In Microsoft Store

Security experts tell people all the time to never to download apps from anywhere other than official sources like the Microsoft Store, the Google Play Store, and the Apple App Store.

It’s good advice but unfortunately, even those sources aren’t perfect when it comes to keeping malicious apps that have been poisoned with malware off of their virtual shelves.

Recently, the cyber-intelligence firm named Check Point discovered poisoned clones of a number of popular games like Temple Run and Subway Surfer.  These poisoned clones have been responsible for compromising more than five thousand machines located primarily in Sweden, Israel, Spain, and Bermuda.

The code lurking in these poisoned copies of popular games is called Electron Bot and it is fairly mild in terms of what it does. It seeks to earn profits by taking control of machines and commandeering their social media accounts including Facebook, Google, YouTube and Sound Cloud.

If the owner of the infected system happens not to have accounts on any of those services, that’s fine too.  Electron Bot is more than capable of setting up brand new accounts and then commenting and “liking” content on those platforms which is engaging in click fraud.

This Electron Bot is not new.  It was first spotted in the wild in the waning days of 2018 masquerading as an app called “Album by Google Photos” on the Google Play store.

Since then, the malicious code has undergone several revisions and each time the authors have further refined the code and added new capabilities to it.

According to the Check Point researchers, the main goals of the group behind the malware seem to be:

  • SEO poisoning – Create malware-dropping sites that rank high on Google Search results.
  • Ad clicking – Connect to remote sites in the background and click on non-viewable advertisements.
  • Social media account promotion – Direct traffic to specific content on social media platforms.
  • Online product promotion – Increase store rating by clicking on its advertisements.

As malware goes that’s hardly the worst thing but it’s still not something you want on your system. So be warned and be aware.

0
Posted on Author Atlantic Computer Services Categories Blog

Employee Information Was Leaked At Cookware Company Meyer

Meyer Corporation is a California-based company and a giant in the cookware industry. Meyer is the latest victim in a seemingly never-ending parade of hacking attacks. The full extent of the attack has not yet been disclosed because an investigation into the matter is ongoing. However, we do know at this point that the attackers made off with at least one database containing the personal information of thousands of Meyer employees.

The company issued a breach notification and has filed papers with the Attorney General office in both Maine and California.  Notification letters have already been sent to individuals impacted by the breach.

The notification reads in part, as follows:

“Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information.

The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”

The company has not confirmed that the attack was a ransomware attack. However, the Conti gang who makes heavy use of ransomware successfully breached the company’s defenses last November (in 2021).  Their leak site contained nearly 250 MB of data which represented about 2 percent of the total data stolen from the company during that attack.

It’s not much of a silver lining. At least in this case, unless you work for the company, your personal information does not appear to be at risk.  Even if you are one of the unfortunate people who received a notification letter from Meyer you will be offered two years’ worth of free identity protection.  That’s small consolation but it’s something.

0
Posted on Author Atlantic Computer Services Categories Blog

New iOS 15.4 Update Addresses AirTag Stalking Issue

Apple AirTags are handy.  They’re an incredibly convenient way to help keep track of your stuff. If you lose something that has been tagged you can easily locate it using the “Find My” app, which will point the way to whatever it is that you have tagged.

The only problem is AirTags can be misused as well.  It didn’t take long for Airtag Stalking to become a “thing”. Apple took note and relatively swift action.

That’s why as of iOS release 15.4 the company behind the handy tech is putting additional security measures in place.  These include the addition of a new privacy notice that users will see during setup that warns tracking someone via the technology can be considered a crime.

The changes also include an enhancement that allows users to specify when an unidentified pair of AirPods is found traveling with you.  Previously AirPods would generate a generic “Unknown Accessory Alert” which caused confusion among some users.

On top of that Apple has removed the feature that would preemptively disable safety alerts when a tracker is detected in your vicinity. Users will find new tracking notification settings in their Find My app settings.

In addition to the AirTag security features the 15.4 release will include a new American Siri voice that is “less gendered” than the voice assistant’s current options. Other enhancements include a Universal Control feature and Face ID support while wearing masks.

That sounds fantastic but there is one slight wrinkle.  Apple has not yet announced an exact release date for the latest iOS build. Although based on prior releases and the always-active rumor mill, most people are expecting it to get a widespread release sometime in March of this year (2022).

That’s good news indeed for Apple fans and customers especially if you’ve already come to rely on those handy little AirTags.

0
Posted on Author Atlantic Computer Services Categories Blog

 Skype Gets New 911 Calling Feature In The U.S.

Recently, Skype announced a change to its 911 calling feature.  Previously the feature was only useable in the UK, Finland, Denmark, and Australia.

Now, the company has unlocked it for the United States as well and will even allow the software to share the location of the caller with emergency services.

It’s a welcome change and one that’s long overdue but there are a few limitations to be mindful of.  Users will get a “Notice and Disclosures” warning if they opt in for location sharing.  This notice cautions users that the service doesn’t work quite the same way as a traditional phone call and users are urged not to make emergency calls via Skype when they are outside of their home region, as those calls could potentially be re-routed elsewhere.

The company also warns that during a Skype outage, or when users are having internet or power issues the calls may be cut off in situations where a traditional landline or cell phone may still work.

Even with the provisions and warnings it’s a great feature and something US users should be mindful of.  Having an alternate way to make an emergency call may not be something you’ll ever have occasion to use.  Then again it could literally be a lifesaving feature.

In any case the new capability will be available to users in the US with the release of Skype 8.8. In addition, when you update to the latest version you’ll be able to leave voicemail messages of up to five minutes in length as opposed to the two-minute cap users currently have.

Users will be able to put Skype in either light or dark mode as they prefer, they can send custom reactions, and even zoom in or out when they share their screen.  Be on the lookout for Skype 8.8 and make updating to the latest a priority.

0
1 45 46 47 48 49 236