Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

E-Mail From Department Of Labor Could Be Phishing Attack

There is a new phishing campaign to keep a watchful eye on according to email security firm INKY. It’s a particularly fiendish one.

The attackers have designed an email template that does an admirable job of imitating the look and feel of emails sent from the US Department of Labor.

These are being sent out to recipients asking them to submit bids for an ongoing DOL project with the specifics of the project varying from one email to the next.

The emails are professionally and meticulously arranged. Thanks to some clever spoofing they appear to come from an actual Department of Labor server. Naturally they do not come from the DOL, and there are no ongoing projects that require the Department of Labor to blindly spam out emails seeking bids.

Nonetheless, an unwary recipient could easily be taken in by the scam and click the “Bid” button embedded in the email.  That button is of course masking a malicious link which will take the email recipient to one of the phishing sites controlled by the scammers.

Like the emails themselves, these spoofed sites look completely legitimate. A comparison of the HTML and CSS on the scam sites with the actual Department of Labor reveals that they have identical code behind them which is clear evidence that the scammers scraped those sites and used the code to create their own copies.

What’s different is the fact that the scam site includes a pop-up message that is there seemingly to guide the email recipient through the bidding process.  What it’s really doing is moving the potential victim closer to giving up his or her Office 365 credentials.

Of interest is that after a victim enters his/her credentials they’ll be prompted to enter them a second time.  This is to minimize the risk of the scammers harvesting mis-typed credentials.  They seem to have thought of everything!

There’s no good defense against this except for vigilance and mindfulness so please make sure your employees, friends, and neighbors are aware of the ongoing campaign.

0
Posted on Author Atlantic Computer Services Categories Blog

Top 10 Brands That Phishing Attackers Use To Scam Users

Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web.

Have you ever wondered which agencies, companies or brands are the most imitated by these attackers?

Whether you have or not it should come as no surprise that someone is tracking that.  Security firm Checkpoint is tracking it to be precise.

Quite often Microsoft tops the list but this year they’ve been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping.

Here is the list of the top ten for this year from their report:

  1. DHL (impersonated in 23 percent of all phishing attacks, globally)
  2. Microsoft (20 percent)
  3. WhatsApp (11 percent)
  4. Google (10 percent)
  5. LinkedIn (8 percent)
  6. Amazon (4 percent)
  7. FedEx (3 percent)
  8. Roblox (3 percent)
  9. Paypal (2 percent)
  10. Apple (2 percent)

The specific lure used in each of these cases varies wildly.  For instance, when a scammer spoofs a shipping company the email is typically some variation of “we’re trying to deliver a package to you but are having problems, press this button for more information.”

While PayPal scams typically go the route of “Your account has been temporarily suspended.  Please click here to verify your information.”

Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of “click here to claim your free Chromebook.”

Now that you are armed with a list of the most often imitated brands you at least have a list of things to be on the lookout for.  The best defense is vigilance just like always.  If it sounds too good to be true it probably is and don’t ever click on embedded links even if you think you know and trust the sender.

0
Posted on Author Atlantic Computer Services Categories Blog

New Data Breach Hits US Cellular Company

It’s the dawning of a new year and the hackers of the world have been busy.  This time it’s US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company’s customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That’s small consolation if you’re one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

“On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account.”

If you haven’t received a notification in the mail from US Cellular then it’s  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we’ll probably be seeing a lot more of this kind of thing in the year ahead.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Using Big Brand Surveys To Scam Victims

Surveys have long been a playground of hackers and scammers.

That’s true at any time of the year but it’s especially true around the Holidays when such scams seem to attract even more unwitting victims.  In fact, some estimates place scammer profits revolving around fake surveys as being nearly $80 million a month. So it’s big business for them.

The particulars vary somewhat from one operation to the next.

Here’s how they work in general:

First the scammer targets a perfectly legitimate survey or giveaway offered by a big well-known company or brand.

They’ll copy the layout and format of this legitimate survey creating their own version of it.  By all outward appearances from the perspective of a visitor to the survey site, they’re taking advantage of a legitimate offer.

Naturally there are some telltale signs.  Most of these fake sites aren’t checked closely for quality control so you’re likely to catch spelling errors or grammatically incorrect phrases that could serve to give away the game. Of course there’s no hiding the URL but most of the people who land on a survey or giveaway page aren’t paying much attention to that.

Once on the page the victim is in the funnel. The survey proceeds as you’d expect with a request for personal information at the end.  Sometimes they ask for a credit card (which the victim is assured won’t be billed – it’s merely being used for ‘verification purposes.’)

And you know how the story ends.

Armed with this freshly gleaned information the scammers make off with it either running up big bills on the victim’s card or selling the data to the highest bidder.

This is a global issue.  It impacts people from all walks of life and from almost every country on the planet.  Don’t fall for it.  Do your due diligence or just say no to anything that looks like it’s too good to be true.

0
Posted on Author Atlantic Computer Services Categories Blog

Large GoDaddy Data Breach Involves WordPress Customer Email Adresses

Are you a GoDaddy customer? Do you maintain a WordPress blog with the company?

If so be advised that the company recently announced a breach of their network. An as yet unidentified third party accessed GoDaddy’s Managed WordPress hosting environment.

Based on the investigation to date the intrusion began on September 6, 2021. While taking advantage of a vulnerability the company was unaware of at the time the unknown attacker was able to gain access to a variety of information.

The information taken includes:

  • The email addresses and customer numbers of more than 1 million Managed WordPress customers (both active and inactive)
  • The original WordPress Administrative password that was set at the time of provisioning
  • For active customers, the SFTP and database usernames and passwords
  • And for some customers (exact number unknown at this time), the SSL private key

The company has retained the services of an independent third-party security firm to assist them with their investigation. That investigation is ongoing but the company has already reset the SFTP and database passwords for all impacted users. They are in the process of issuing and installing new certificates for customers who had their SSL private keys exposed.

The company is in the process of contacting all impacted users. If your email address was exposed, you will definitely want to keep a sharp eye out for phishing attacks targeting your email address.

As is the case any time an event like this occurs the company apologized and stressed that they take customer data security very seriously. No additional information is available at this time but bear in mind that the investigation is still ongoing.

It’s unfortunate but not altogether unsurprising. A company as large as GoDaddy with millions of customers is an attractive target for almost any hacker. Stay vigilant out there. This won’t be the last major breach we see this year.

0
1 3 4 5 6 7 13