Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

Beware Of Phishing Emails Appearing As From The Federal Government

The Digital Security firm Inky reports that they’ve discovered a new, disturbing phishing campaign you should be aware of.

The company has spotted a disturbing number of scam emails purporting to be from Mike Pence, the Vice President of the United States.

The emails bear titles like “Coronavirus Guidelines for America.”

It’s bad enough that hackers and scammers are taking advantage of the fear and confusion of the global pandemic to ply their trade. This campaign is noteworthy for the simple reason that the people behind it went straight to the top of the food chain. Not content to pretend to be from the CDC or the WHO, they opted instead to impersonate the people who hold the highest elected offices in the land.

It’s a bold move that’s paying off for them. After all, if you received an email from the Vice President, promising updates and information about the virus, odds are you’d want to take a closer look.

That’s exactly what the scammers are counting on. The emails they’re sending out have attachments that promise updates and information. However, all clicking on them does is install malware on the victim’s system, leaving them open to identify theft and the loss of a wide range of personal data.

As ever, vigilance is the key. If you don’t know the person sending you an email message, the safest course of action is to simply not open it at all. If you can’t resist opening it to take a peek, certainly don’t risk opening any attachments or clicking on any links the email might contain.

The hackers and scammers are relentless and are using the current fear, frustration, and uncertainty to lure unsuspecting victims. Don’t fall for it. Stay safe out there, both online and out in the world.

0
Posted on Author Atlantic Computer Services Categories Blog

Huge Increase In Phishing And Malware Attacks Using Coronavirus

Around the world, hundreds of millions of people are terrified of the current pandemic that’s raging. Most of those are currently self-quarantining at home and limiting their social contacts. Everyone is hungry for news and information.

Sadly, hackers, scammers and other assorted criminals have wasted no time preying on this massive captive audience.

According to data collected by Proofpoint, there has been a massive surge in Coronavirus-themed phishing and malware attacks. In fact, these kinds of attacks now dominate the threat landscape and are likely to continue to do so until the end of the crisis.

A representative from another security company, Trustwave, is also tracking the surge in these types of attacks.

Trustwave had this to say about the trend:

Cyber criminals, proving beyond doubt they are completely devoid of morals, have ramped up their activities, unashamedly using all manner of coronavirus lures to trick people. We are now seeing dozens of different email campaigns per day.”

To be sure, some of the campaigns being launched are more sophisticated than others. Some do little more than attempt to persuade a potential victim to donate bitcoin to a phony fund.

Others are a good deal more subtle, and will pretend to be from respected groups like the World Health Organization, either promising information or asking for donations during this critical time. Naturally, anyone who attempts to access the promised information or help out will wind up with one form of malware or another installed on their system and not get the information they were promised.

These facts underscore an important point. As desperate as everyone is for information, it’s more important than ever to keep security at the forefront of our minds. No matter how temping a lure might be presented to you, refrain from clicking on links or opening files from untrusted sources.

0
Posted on Author Atlantic Computer Services Categories Blog

Coronavirus Health Notifications Being Used To Carry Malicious Threats

A Pakistani-based hacking group that goes by a variety of names, including “Transparent Tribe,” “APT36,” “Mythic Leopard” and others has been discovered to be behind a particularly nasty attack recently.

Researchers with QiAnXin’s RedDrip Team discovered a phishing campaign bearing the group’s stamp.

This new campaign utilizes poisoned files that appear to be health advisories sent by the Indian government. These days, people are desperate for information about the Coronavirus, and the hacking group is taking full advantage.

Their poisoned documents are being opened at an alarming rate, and when they are, a malicious tool called the Crimson RAT (Remote Administration Tool) is being installed.

This tool allows the hacker group to, (among other things):

  • Capture screenshots
  • Collect information about the antivirus software the victim’s computer or device uses
  • Make use of TCP protocols for communicating with the command and control server
  • Stealing credentials from the victim’s browser
  • Listing running process, drives and directories on the victim’s machine
  • Retrie files from its C&C server

While all of those are bad, the last one is probably the most dangerous. Once the hackers have established an entry point on the infected system, they can use the communications link with the C&C server to install literally any other type of software they want.

For the time being, the group has contented themselves with operations in India, but they’re not the only state sponsored threat actor on the world stage. They’re certainly not the only ones to be using the fear surrounding the Coronavirus as cover for their nefarious activities.

Be sure your employees are aware of this new threat, and adopt the policy of not opening any health related information you get via email. If you want to know the latest information available, instruct your team to go to the CDC’s website and pull it straight from the source.

0
Posted on Author Atlantic Computer Services Categories Blog

Phone Call And Text Phishing Scams Are On The Rise

For the last couple of years, the primary means of communication when conducting phishing campaigns has been email. Phishing emails have been absolutely rampant. So much so that people are increasingly on their guard against them.

Naturally, this prompts scammers to change their tactics, switching things up a bit to catch people by surprise.

In this case, according to recent data published by HMRC, the scammers are opting to rely on phishing calls and text messages to dupe people into giving up their personal information. HMRC is the UK’s equivalent of the IRS.

According to the data, about half of the phishing calls and texts take the form of bogus tax rebates or other refunds. The problem has become so widespread that HMRC had to recently issue an alert.

The alert stated in part as follows:

HMRC will never ask for personal or financial information when we send out text messages. Do not reply if you get a text message claiming to be from HMRC offering you a tax refund in exchange for personal or financial details. Do not open any links in the message.”

While their advice was specific to taxpayers in the UK, the same basic advice could easily apply to and be published by the IRS here in the US. It’s worth repeating that if and when you get calls or texts from the IRS, they will never ask for any personal or financial information. If you get a call or a text from someone claiming to be the IRS and they ask for that sort of information, it should serve as a giant red flag. The appropriate response is to simply hang up or delete the text message in question.

In a year or two, the scammers will no doubt swing back to relying primarily on email, but for now, be aware that your phone, via either calling or texting, has become their new favorite tool.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Emails Trick Users With Convincing Security Credentials

Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year (2020).

When targeted by this attack, a user will get an email containing a braded document containing the name of a legitimate cybersecurity provider.

The name of a known cybersecurity provider alone generates a certain amount of trust in the reader. In addition, the email contains a password protected document, which naturally is the kind of security that a company in the security business would utilize.

Most of the emails contain subject lines that indicate the recipient is entitled to a refund or a free security product upgrade. That builds on the trust already established and gives the user an enticement for opening the enclosed file that has been password protected “with their security in mind.”

Naturally, nothing could be further from the truth. If the user unlocks the protected file, he or she unwittingly enables the macros embedded in the file, which will then activate and install NetSupport Manager. The manager is surprisingly a completely legitimate remote access control program, but used here for nefarious purposes.

As long as it’s running quietly in the background, it gives the people who sent the email a secret inroad into the machine and the network it is connected to.

Not only is the use of a known cybersecurity firm name a sneaky bit of social engineering, but the use of a perfectly legitimate remote connection tool is as well. That is because no antivirus software on the planet would flag the tool, which gives the hackers using it in this way a completely untraceable means of gaining access to a wide range of networks.

Be on your guard against this threat. It’s insidious, and the folks behind it could do a lot of harm to your company.

0
1 8 9 10 11 12 13