Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

New Damaging Phishing Attacks Are Targeting Pandemic SBA Loans

The CISA (Cybersecurity & Infrastructure Security Agency) has recently published an advisory, warning of a new phishing campaign that specifically targets business owners who have received pandemic relief in the form of loans from the Small Business Administration. Apparently, according to the advisory, the campaign was launched toward the end of July 2020 by an as yet unknown group of hackers. It was altered slightly in the month of August.

In the initial wave of emails, the goal seemed to be to steal SBA login credentials. The latest effort focuses much more on attempting to trick recipients into providing a range of personal and financial information.

The campaign emails all bear subject lines that are some variant of “SBA Application – Review and Proceed” and comes from the (spoofed) email address: disastercustomerservice@sba.gov.

A link embedded in the body of the email claims to take the recipient to the SBA signup where they will sign in to receive financial assistance. Naturally, the website is merely a spoof of the actual SBA page, replicated over a number of top level domains.

Security researchers tracking the campaign note that some of the phishing emails direct recipients to websites containing the GuLoader malware that is used to drop other malware payloads onto the machines of unsuspecting users. Researchers note that the most recent wave of emails use social engineering techniques that are sophisticated enough to fool even some security professionals.

If you are a business owner and have received pandemic relief or are considering applying for benefits, your best bet is to ignore any emails you might receive. Instead of clicking email links that promise to take you to the SBA’s website, open a new browser tab and manually navigate your way there. It’s a shame that hackers are taking such advantage at a time like this, but sadly, it’s not much of a surprise.

0
Posted on Author Atlantic Computer Services Categories Blog

New Netflix Payment Phishing Emails Appear Legitimate

Do you have a Netflix account? If so, you’re certainly not alone. Since the start of the pandemic, the company has experienced unprecedented growth, and is now the video streaming service of choice for tens of millions. If you’re one of those, be aware that an as yet unknown group of hackers has developed an exceptionally convincing looking phishing scam designed to harvest Netflix payment information.

The attack begins just like many do, with the receipt of an email explaining that your monthly Netflix payment failed. The email “helpfully” provides a link to what appears to be Netflix, complete with information boxes that allow you to re-enter your payment information.

The hackers took pains to make sure that their bogus email address bore a strong resemblance to the actual Netflix customer support email address. They also made sure the screen provided for you to enter your credit card information is a convincing replica of the real thing.

If you’re paying close attention, you’ll notice that the domain is markedly different, and that’s how you know you’re being taken in. Unfortunately, when many people are concerned that there’s a legitimate problem with their account, they won’t pay sufficient attention. That’s precisely what the hackers are counting on.

In any event, the new campaign has been wildly successful thus far, and even when their current domains are shut down, you can bet that the hackers will simply set up new ones and keep their malicious game going. There’s easy money in it, and they’re unlikely to stop as long as they’re finding success.

The only real way to counter this kind of thing is to be very careful and watchful. Pay attention to the URLs you’re being directed and re-directed to. Better yet, if you get an email like this, instead of clicking links embedded in the email, simply open a new browser window and type in the URL yourself. If you’re having a problem with your account, that fact will become readily apparent as soon as you log in.

0
Posted on Author Atlantic Computer Services Categories Blog

Don’t Fall For Office 365 Zoom Notification Phishing Email

Do you use Microsoft Office 365? Do you also use Zoom? If so, be advised that there’s a new phishing campaign designed with you specifically in mind, the goal of which is to ultimately make off with your Office 365 login credentials. Since the start of the global pandemic, Zoom and other video conferencing solutions have seen an explosion in the size of their user base, given that COVID-19 forced tens of millions to work from home.

In a nutshell, here’s now the new campaign works:

The hackers controlling the campaign kick things off by sending out what appear to be automated Zoom account suspension alerts. These are convincingly crafted and make it appear that your account has been compromised. The message is invariably either a carbon copy or a slight variant of the following:

We’ve temporarily suspended your Zoom because your email failed to sync with our server within the past 24 hours. At this time, you will not be able to invite or join any call/meeting. Please verify your email:”

And then, just below the ‘Please verify your email’ bit in the body of the message, the hackers have included a button labeled ‘Activate Account,’ which a fair percentage of this message’s recipients are clicking on.

Clicking on the button opens a browser tab and takes the email recipient to a well-designed spoof of a Microsoft Login page which asks for the user’s credentials.

Naturally, if the user enters their login information here, nothing will happen except that the information will be stored in a database belonging to the hackers, who will no doubt use it later.

Not long ago, the US FBI issued a warning about BEC scammers targeting users of popular cloud-based email services like Google’s G-Suite and Microsoft’s Office 365 to steal credentials for use in attacks down the road. This latest campaign certainly seems to add an exclamation point to the end of that warning. Stay on your guard and make sure your employees are aware.

0
Posted on Author Atlantic Computer Services Categories Blog

SBA And CDC Phishing Emails Can Carry Malware

According to Microsoft, its machine learning threat detection models have helped its research teams uncover multiple mal-spam campaigns. These campaigns have been tied together by the common theme of incorporating poisoned disk image files used as attachments. Each campaign has been aimed at a different target population, but all use some variant of COVID-19 in their subject lines, and all feature either ISO or IMG file attachments.

In all cases, the image files contain a version of the Remcos Remote Access Trojan (RAT) which allows the attackers to gain complete control over any machine their malware infects.

Microsoft identified three separate campaigns including:

  • One that specifically targeted US accountants and accounting firms with emails claiming to contain “COVID-19-Related Updates” for members of the American Institute of CPA’s.
  • Another targeting manufacturing concerns based in South Korea, with email subject lines and interior graphics painting them as being from the CDC’s Health Alert Network (HAN).
  • Yet another that specifically targeted small business in the US. These emails were crafted to appear to be from the Small Business Administration (SBA) and promised detailed information on how to get pandemic-related disaster loans.

Tanmay Ganacharya is the Director of Security Research in Microsoft’s Threat Protection division.

Tanmay had this to say about the recent discovery:

The main thing that we really wanted to call out, and why it caught our attention, is because of the COVID-19 lures and also because of the slightly different techniques we found and the type of attachments they are sending. They’re using ISO files, which is not super common. It’s not like this is the first time we have ever seen it, but it is also not like extremely common for attackers to do this.”

It goes without saying that if you, or one of your employees, gets an email like any of those described above, don’t run the attached files, and stay on your guard. We’re almost certain to see many more attacks like these before the crisis is behind us.

0
Posted on Author Atlantic Computer Services Categories Blog

Gmail Blocks Millions Of COVID-19 Phishing Emails Daily

Google’s popular Gmail service has been busy. In a typical day, the company’s email system blocks more than a hundred million phishing emails.

During the last week alone, the company reports that their system saw a massive spike in phishing emails related to COVID-19, with more than 18 million such messages being blocked in just the last seven days.

As staggering as that number is, that’s in addition to the more than 240 million COVID-related spam messages that Gmail blocks on a daily basis. As good as Google’s system is, the company reports that it’s not bullet proof. Unfortunately, some of the messages wind up slipping through and landing in users’ inboxes.

According to a recent blog post on the matter, here are just some of the ways that hackers, scammers and spammers have attempted to take advantage of the fear and confusion surrounding the pandemic:

  • Impersonating authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or to distribute malware.
  • Phishing employees operating in work-from-home settings
  • Capitalizing on government stimulus packages and imitating governmental institutions to phish small businesses.
  • Targeting organizations impacted by stay-at-home orders.

Google had this to say about the surge in such emails:

We have put proactive monitoring in place for COVID-19 related malware and phishing across our systems and workflows. In many cases, these threats are not new – rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19.

As soon as we identify a threat, we add it to the Safe Browsing API, which protects users in Chrome, Gmail and all other integrated products. Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files.”

No system is perfect, of course, but Google is clearly on the right track. Kudos to the Google team for keeping a watchful eye.

0
1 7 8 9 10 11 13