Beware Of Phishing Emails Appearing As From The Federal Government

The Digital Security firm Inky reports that they’ve discovered a new, disturbing phishing campaign you should be aware of.

The company has spotted a disturbing number of scam emails purporting to be from Mike Pence, the Vice President of the United States.

The emails bear titles like “Coronavirus Guidelines for America.”

It’s bad enough that hackers and scammers are taking advantage of the fear and confusion of the global pandemic to ply their trade. This campaign is noteworthy for the simple reason that the people behind it went straight to the top of the food chain. Not content to pretend to be from the CDC or the WHO, they opted instead to impersonate the people who hold the highest elected offices in the land.

It’s a bold move that’s paying off for them. After all, if you received an email from the Vice President, promising updates and information about the virus, odds are you’d want to take a closer look.

That’s exactly what the scammers are counting on. The emails they’re sending out have attachments that promise updates and information. However, all clicking on them does is install malware on the victim’s system, leaving them open to identify theft and the loss of a wide range of personal data.

As ever, vigilance is the key. If you don’t know the person sending you an email message, the safest course of action is to simply not open it at all. If you can’t resist opening it to take a peek, certainly don’t risk opening any attachments or clicking on any links the email might contain.

The hackers and scammers are relentless and are using the current fear, frustration, and uncertainty to lure unsuspecting victims. Don’t fall for it. Stay safe out there, both online and out in the world.

New IRS Tax Scammers Use Personal Data For Big Returns

Recently, the Department of Justice brought charges against Babatunde Olusegun Taiwo for using personal information acquired on the Dark Web. He used the information from data breaches to file fraudulent tax returns with the IRS.

He was able to gain enough information to file more than two thousand income tax returns that attempted to claim more than $12 million. The IRS paid out nearly $900,000 before the authorities caught wind of the scam and shut it down, arresting the St. Louis man and sentencing him to four years in prison.

The Special Agent in charge of the investigation, Thomas Holloman, had this to say about the matter:

We will continue to pursue criminals who prey on innocent victims and we will continue to enforce our nation’s tax laws. Today’s sentencing should send a clear message to would-be criminals – you will be caught and you will be punished.”

Taiwo isn’t the only criminal to have recently been caught by the Department of Justice’s drag net. In a separate announcement, the DOJ released details of the case against Hitesh Madhubhai Patel, an Indian national. Between 2013 and 2016, he leveraged call centers to scam victims out of millions of dollars by impersonating the IRS and USCIS. He was threatening victims with deportation, arrest, and jail time unless they paid bogus fines over the phone to his employees.

Patel is due to be sentenced on April 3rd of this year and could face up to twenty years of prison time, in addition to fines of up to a quarter million dollars.

Kudos to the Department of Justice for bringing these crooks to justice. One has to wonder though, for every criminal caught and jailed for activities like these, how many more remain uncaught? Too many, but progress is progress!

FBI Sheds New Light On Ransomware Tactics

According to a recent FBI alert marked “TLP: AMBER,” businesses should be on high alert for ransomware attacks.

The alert reads, in part, as follows:

Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.

The actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections and stolen login credentials.”

The alert also states that the attackers behind these two ransomware strains often wield Cobalt Strike tools, including Cobalt beacons to gain remote access.

Once the attackers gain a toehold inside a target network, they’ll carefully explore and map the target network, seeking out the most sensitive information including proprietary company data, payment card information and other customer details and the like.

The goal here is to identify the highest value information that can be exfiltrated to the command and control server for sale on the black market. Finally, when all of the most valuable information has been siphoned from the network, the hackers will trigger the ransomware itself, which they’ll use to gain an additional payment, extorting the affected organization.

The FBI also reports that hacking operations carried out by nation-states often deploy ransomware to make it appear that the attack is the work of traditional cybercriminals, throwing forensic investigators off of their trail.

The process of network mapping and exfiltrating valuable data can take weeks or even months, depending on the size of the network. So, organizations may be infected long before the visible signs of the attack become evident. Given that, it’s more important than ever to have robust security system in place. You should have remote backups taken at regular intervals and a rapid response plan in place in the event of a breach.

Latest Scam Involves People’s Social Security Numbers

There’s a new scam making the rounds, and it’s a particularly nasty one involving your social security number.  Here’s how it works:

You may get a robocall seemingly from the government, claiming that there’s a problem with your Social Security number. The call also states that your account has been flagged for suspected fraudulent activity.

You’ll be given a number with instructions to call back and speak to a government agent in order to get help resolving the issue and prevent your arrest.

Needless to say, given the importance of your Social Security number and the looming threat of legal action and possible arrest, a significant percentage of people will call back. They will be desperate to resolve the matter quickly before things escalate.

Of course, the reality is that Social Security numbers cannot be suspended.  This is merely the hook this breed of scammers are using to get people to call them and get help resolving an issue that doesn’t actually exist.

If you make the mistake of calling back, you’ll be pressured for your name, date of birth, and banking information. In addition to those of course, you will be asked to verify your Social Security number for security purposes.  Essentially then, those who get roped into this scam wind up giving the person on the other end of the line everything they need to steal their identity and empty their bank account.

While anyone of any age can be targeted by the scam, it seems to be impacting older Americans in disproportionate numbers, which makes this group of scammers even more despicable than most.

As ever, vigilance is the key to staying safe.  If you get a call like this, don’t call back at all.  If you feel tempted, don’t call the number you get via the robocall. Rather, look up the number of your local Social Security office and begin your inquiry there.  In short order, you’ll confirm for yourself and your own peace of mind that there is indeed nothing to it.