Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

LinkedIn Now The Most Spoofed Website For Phishing Emails

Considered to be social media for professionals, LinkedIn is an invaluable tool for millions of people all over the world and a great way to make a wide range of professional connections.

Unfortunately, hackers and scammers are aware of this fact and tend to gravitate to it as well. They are hoping to take advantage of the unsuspecting.  Recent research from the cybersecurity company Check Point reveals that LinkedIn has become the most spoofed brand in phishing attacks. These attacks account for a staggering 52 percent of such incidents globally.

This figure would be surprising all by itself but what makes it almost shocking is the fact that in the 4th quarter of 2021, LinkedIn was only the 5th most spoofed brand. They were just 8 percent of phishing attacks seeking to impersonate the brand.

Clearly, between late last year and right now something changed, and the social media property suddenly became a hot commodity on the Dark Web.  In fact, as of now nothing else even comes close.  Shipping giant DHL is the second most impersonated brand, accounting for 14 percent of all spoofing incidents globally. So it lags far behind LinkedIn in that regard.

After DHL the number of spoofing incidents fall off markedly, with Google accounting for just 7 percent, Microsoft and FedEx tied at 6 percent, WhatsApp at 4 percent, and Amazon at just 2 percent.

Beyond that, Maersk clocks in at 1 percent and Ali Express and Apple each account for 0.8 percent which is barely enough to register on the radar.

No one can say with certainty why it’s happening. The current theory is that given LinkedIn’s nature as a hub for professionals, the platform is a natural target and is especially attractive to spear phishers who specifically target well-connected professionals to gain access.

Whatever the explanation, if you rely on LinkedIn, be aware that not all communications you receive may be what they seem. So proceed with caution.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows 11 Will Soon Get New Security Features

If you’re a member of the Windows Insiders group, you may already be aware of this. If you missed the company’s announcement be on the lookout for some new security improvements in upcoming releases.

Microsoft has been playing an increasingly active role in countering a wide range of cybersecurity threats and their upcoming security enhancements for Windows 11 are a part of that broader story.

One of the first changes you’ll see is enhanced phishing protection, which will help guard against phishing attacks. That will work in tandem with Microsoft Defender SmartScreen which is a cloud-based anti-phishing and anti-malware service offered by the company.

With SmartScreen integrated into the new OS, Windows 11 users will be warned when entering their login credentials into websites that appear to be hacked or are in any way suspect.

SmartScreen is very good at what it does.  Last year according to Microsoft statistics the service blocked more than 25 billion Azure Active Directory brute force attacks and intercepted more than 35 billion phishing emails. So this is exceptional protection indeed.

In addition to that, a new Personal Data Encryption is planned for Windows 11 which will protect users’ files and data when they’re not signed into the device. It does this by blocking access until they authenticate via Windows Hello.  It’s a small change, but a vitally important one.

Finally, the company is also introducing a raft of new Enterprise Level security improvements that will include Smart App Control, which checks apps against a core features profile and model and only allows them to run if they are deemed safe.

Also on the Enterprise front, Microsoft’s engineers have been busy improving the security of user accounts, devices, and apps, including a new feature called Config Lock. It locks security settings and will auto-revert to their default level if end-users or attackers attempt to modify them.

These are excellent changes all and Windows 11 is really beginning to take shape now.  We love it and we’re pretty sure you will too!

0
Posted on Author Atlantic Computer Services Categories Blog

Fake Work From Home Opportunities Are Phishing For Data

It’s no secret that the pandemic changed the way much of the world works.  Tens of millions of people are now working from home with millions more eyeing that as a very real possibility.

Unfortunately, the pandemic also changed what kinds of opportunities hackers and scammers are targeting. It shouldn’t come as a great shock that they’ve begun targeting work from home opportunities.

Here’s how a typical campaign plays out, according to researchers at Proofpoint:

On average, more than 4000 phishing emails a day are being sent to recipients worldwide.  The bulk of recipients are in the United States, but people in Europe and Australia are being targeted too.

In more than 95 percent of cases, attackers are targeting email addresses that are linked to colleges and universities. So as a first necessary step, the attackers are either hacking into university databases to get the email addresses or they’re leveraging someone else’s prior breach and buying the data on the Dark Web.

In any case, the specific lure varies from one campaign to the next but it’s always some variation of “we’re hiring X number of remote workers to do this!” They then include a few details about the job with an attachment or an embedded link to follow for more information.

Naturally, if you open the file or follow the link you’ll ultimately be presented with capture boxes designed to collect your login information or other personal details. If you give the hackers/scammers any information, you can bet that it will be used against you.  According to FBI statistics, the average loss for a victim of employment fraud is about $3,000.

It may not be life ruining bad, but it still stings. In any case, these kinds of attacks are on the rise in our post-pandemic world. Be aware and make sure that your friends and family know too.

0
Posted on Author Atlantic Computer Services Categories Blog

Email Phishing Attackers Are Pretending To Be The IRS

Emotet is in the news again according to the latest information from email security firm Cofense.  Emotet is notorious for spreading via phishing campaigns and this latest phishing campaign sees them impersonating the IRS.

By all outward appearances, the emails look legitimate. The Emotet gang knows that with so many people feeling harried during tax season, potential victims are much less likely to look closely at incoming emails that claim to have tax documents since they’re expecting tax documents anyway.

While the particulars vary from one email to the next, the general gist of emails associated with this campaign goes as follows. “Hi, we’re the IRS, and we’re contacting your business with some completed tax forms,” or, in some variants, “We’re contacting you with some tax forms you need to fill out and send back to us.”

Again, given the timing of tax season, this is not at all out of the ordinary. A surprising percentage of email recipients are opening the included attachments.

Simply opening the emails won’t doom you, but if you enter the password required to unlock the file attached to the email, you will doom yourself. Emotet will be installed in the background along with whatever additional malicious payload the hackers want to inflict on you.

In addition to that the malware will rifle through your address book, absconding with the email addresses belonging to your contacts. It does this so it can use those addresses in future reply-chain attacks, thus extending the longevity of the campaign.

There’s no good defense against this kind of attack except for vigilance.  The standard email defenses apply here.  Never open an attachment from someone you don’t know.  In cases where the recipient seems to be a government agency, call to verify that they have, sent you something that needs your attention, and examine the email closely.

Be careful out there.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Emails Target Citibank Account Holders

Are you a Citibank customer?  If so, be aware that a group of scammers is specifically targeting Citibank account holders.

The campaign is incredibly convincing, and the emails look just like official communications from the company.  All logos have been copied and are positioned correctly.  The sender address appears genuine at first glance and the body of the email message is free of typos which is a common “tell” among poorly orchestrated phishing campaigns.

The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient’s Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.

The solution according to the email is simple.  Take swift action now to protect your account.  Click the link below to verify your account information and avoid a permanent suspension.

Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.

Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn’t. Any user who “verifies their credentials” by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.

This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL.  Never trust embedded links!

0
1 2 3 4 5 6 13