Increasing Online Love Scams Are Costing Victims Big Money

Since the start of the Covid-19 pandemic online dating sites have seen a tremendous surge in memberships. People are seeking romance online since in person dating was sharply curtailed by lock downs. Naturally this proved to be an irresistible lure to scammers around the world. So much so that the FBI has recently issued a warning concerning confidence fraud which are increasingly targeting people who are looking for love online.

The surge in these types of scams have very real costs that impact those who fall victim to them in two main ways:

According to FBI statistics these scams have cost their victims more than $113 million since the start of 2021 but the financial cost is just the beginning. Since these scams are designed to play with the emotions of their victims there’s a very real emotional cost as well.

To execute the scam the scammers begin by creating fake profiles on online dating websites and begin conversing with potential matches in the dating site’s ecosystem.

Once a potential victim is on the hook and lured by the prospect of romance the scammer will invent a story about a sudden crisis. This inevitably moves the conversation to asking for money to help a sick family member or to help cover travel expenses to facilitate an in-person face to face meeting. Naturally there is no crisis and no meeting will ever take place. The entire point of the story is to try and convince the victim to part with his or her money.

In terms of protecting yourself against such scams the FIB Advisory recommends the following:

  • Never send money, trade, or invest per the advice of someone you have solely met online.
  • Do not disclose your current financial status to unknown and un-trusted individuals.
  • Do not provide your banking information, Social Security Number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know is legitimate.
  • If an online investment or trading site is promoting unbelievable profits, it is most likely that–unbelievable.
  • Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast.

It’s excellent advice. Be sure your employees are aware of the current trend and on their guard against it.

It’s National Cyber Security Month 2021!

 It’s like Christmas time for us in the IT world, because…

October is National Cyber Security Awareness Month!

This is the time of year we get out the megaphone and shout the importance of protecting your company, your clients, your employees, and yourself.

Businesses face significant financial loss when a cyber-attack occurs. In 2020, a sharp increase was reported in cyberattacks that target businesses using stolen logins and passwords.

Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.

Here are some tips you can use to support a culture of cybersecurity at your organization.

Some Simple Tips

  1. Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
  2. Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.
  3. Stay up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.
  4. Social media is part of the fraud tool set. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.
  5. It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting or forwarding all phishing attempts to a supervisor, so that any necessary organizational updates, alerts, or changes can be put into place.

 

For anyone working from home

  1. Only use approved tools. Only use organization-approved software and tools for business, including company provided or approved video conferencing and collaboration tools to initiate and schedule meetings.
  2. Secure your meeting. Tailor security precautions to be appropriate for the intended audience. Plan for what to do if a public meeting is disrupted. Take precautions to ensure your meeting is only attended by intended individuals.
  3. Secure your information. Tailor your security precautions appropriately to the sensitivity of your data. Only share data necessary to accomplish the goals of your meeting.
  4. Secure yourself. Take precautions to avoid unintentionally revealing information. Ensure home networks are secured.

 

Take these tips and look for ways you can be proactive about how you put them into practice in your business. It could make the difference between being safe and being the victim.

Be #cybersmart this month and every month!

 

For more information about Cyber Security services for Wilmington businesses, click HERE and learn what Atlantic Computer Services can do to protect you.

 

Information courtesy of cisa.gov.

Ransomware Attackers Look For Unpatched Systems To Exploit

Not long ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18th of this year (2021) the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it’s inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cyber crime campaigns. Those include the ones that utilize human-operated ransomware.

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.

Microsoft is continuing to monitor the situation but the bottom line is simply this: This flaw has been patched. Researchers connected with Bleeping Computer have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.

Popular HP Gaming Laptops And Desktops Have Security Vulnerability

Do you own an HP Omen, Envy, or Pavilion gaming laptop or desktop? You’re certainly not alone if you do. It’s a wildly popular and incredibly versatile model that has sold millions of units worldwide. Unfortunately there’s a problem. A serious security flaw in a driver used by the Omen gaming software. It comes pre-loaded on all HP Omen laptops and desktops and can be abused by hackers to take control of a target system.

This flaw is being tracked as CVE-2021-3437. It was caused by HP’s decision to use vulnerable code that was copied in part from an open source driver.

The Omen gaming hub can be used by any PC to boost one’s gaming experience via overclocking and creating highly optimized gaming profiles that adjust system settings depending on what game you’re playing.

The software can be downloaded on any PC but as mentioned it comes pre-installed on several of HP’s most popular models. In light of the above the flaw in the HP Gaming Hub software can potentially put millions of users at risk.

If there’s a silver lining it lies in the fact that HP acted quickly and has already patched the issue. In fact a fix has been available since July of this year (2021). If you use the Gaming Hub application be sure to check the version you’ve got installed.

If you’re using HP Omen Gaming Hub 11.6.3.0 or earlier you’ll want to update right away. If you’re using HP Omen Gaming Hub SDK package prior to 1.0.44 you’ll likewise want to grab the latest version.

So far, there have been no reports of this bug being exploited in the wild. It’s still a potentially serious issue though. So if you are currently using a vulnerable version of the software upgrade right away just to be safe.

Report Finds One Third Of Suspicious Emails Are Threats

Employee cyber security training is paying off according to a report recently released by IT security company F-Secure.

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one third of those emails could be classified as phishing.

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases they even gain access to a system that the hackers are targeting. For example hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

If the recipient enables macros to view the document, it will install malware onto the recipient’s computer. That will allow the hackers to spy on the user and attack other machines on the network. It’s one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

Even with a relatively low success rate there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

F-Secure’s Director of Consulting had this to say about the recently published study:

“You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.