Trending Security Topics
Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Called To An Urgent Zoom Meeting With HR? It Might Be A Phishing Attack
The risk, of course, is that employees working from home for the Coronavirus pandemic lockdown will all-too-quickly believe they have received a genuine invitation to a video meeting with HR, click on the link to a fake Zoom webpage, and hand their corporate email login credentials over to criminals.
From “Graham Cluley” Graham Cluley (4/26/2020)
Oregon Man Allegedly Impersonates CU Employees To Steal Money From Members
Federal prosecutors alleged an Oregon man impersonated credit union employees and used text messages to obtain members’ personal information to steal funds at ATMs and make purchases at retail stores.
From “Credit Union Times” Peter Strozniak (4/27/2020)
Meant To Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries
U.S. Bank said the letters are designed to confirm with the cardholder that the address change is valid and to combat identity theft. But clearly, for many recipients they are having the opposite effect.
From “Krebs on Security” Brian Krebs (5/08/2020)
Phishing Emails Caught Exploiting DocuSign And COVID-19
Phishing emails typically try to ensnare their victims by impersonating well-known companies, brands, products, and other items used by a lot of people. If the emails can reference a topic of interest or concern to the recipients, so much the better. DocuSign is a secure electronic signature tool used by many organizations to ease and expedite the process of getting signatures on important business documents. The coronavirus quarantine has forced more people to work remotely, so a service like DocuSign is likely in much higher demand than usual.
From “Tech Republic” Lance Whitney (5/08/2020)
A Complex Phishing Attack Exploits Microsoft Excel 4.0 Macros
Curious receivers who are interested in the content of the attachment will try to download and open it, doing what the attackers hoped that would happen. When the attachment is opened, it will automatically run a series of covert Excel 4.0 macros.
From “The Trending Times” Willie Hahn (05/25/2020)
Research Shows Malware Is Easy To Buy, Own, And Deploy
"What we found exceeded our expectations far beyond what we initially anticipated. As it turns out, you don't have to be a programmer or even have any specialized technical knowledge to buy or create malware. In fact, the entry bar is set so low that practically anyone can do it–all you need is an online wallet loaded with some Bitcoin," the report said.
From “Tech Republic” Jonathan Greig (4/28/2020)
10 Ransomware Strains Being Used In Advanced Attacks
Advanced attackers are continuing to camp out in networks for weeks or months, conducting reconnaissance and stealing sensitive data before unleashing crypto-locking malware. Smash-and-grab attacks may focus on one endpoint, for example, tricking victims into opening a malicious spreadsheet attached to an email, which, if opened, instantly begins encrypting every file on the system.
From “Bank Info Security” Mathew J. Schwartz (4/29/2020)
Suspicious Business Emails Increase, Imposters Pretend To Be Executives
The scam is convincing because cyber thieves in many cases gain access to business email accounts and assume the false identities of company managers. It’s more important than ever to pay attention to safe cybersecurity practices and make sure you verify requests for payments,” he said. “Don’t rely on email alone – call the person and confirm the payment is legitimate before releasing any funds.”
From “Help Net Security” (4/30/2020)
FINRA Warns Of Phishing Emails Targeting Members
The messages, which carry the subject line "Action Required: FINRA Broker Notice for [Firm Name]," ask recipients to take immediate action and open a file, which is sometimes a PDF document, according to the alert. The attachments direct the recipient to a website, which asks for a username and password for a Microsoft Office or SharePoint account, according to the alert.
From “Bank Info Security” Ishita Chigilli Palli (5/14/2020)
Some Small Business Owners Expect IRS And WHO To Send Them Emails, Survey Reveals
The economics behind the current COVID-19 pandemic creates gateways for possible cybersecurity intrusions, and consumers and small business owners (SMB) are among the most affected, according to a survey from IBM Security and Morning Consult. One of the unknowns that trails the feeling of insecurity generated by the pandemic is the economic aspect, whether it’s for regular consumers or SMBs. People are starved for information, and they will try to get it from any possible source. The problem with that is that sources could be malicious.
From “Security Boulevard” Silviu Stahie (4/29/2020)
JavaScript Skimmers Found Hidden In ‘Favicon’ Icons
In the latest scheme, the malicious code is hidden inside a favicon - an icon associated with a URL that is displayed in a browser's address bar or next to the site name in a bookmark list - and hosted on a domain controlled by the attackers, according to Malwarebytes.
From “Bank Info Security” Akshaya Asokan (5/07/2020)
COVID-19 Contact Tracing Text Message Scams
Tracers won’t ask you for money or information like your Social Security, bank account, or credit card number. Anyone who does is a scammer.
From “Federal Trade Commission” Colleen Tressler (5/19/2020)
1st United Credit Union Warns Of Fraud Targeting Teenagers
Teenagers are being targeted on social media and other sites in a scam involving counterfeit checks and the promise of quick cash, the chief administrative officer at California-based 1st United Credit Union said in a public advisory that offered tips to help counter the alleged scheme.
From “Credit Union Times” Mike Scarcella (5/20/2020)
OUCH! Newsletter: The Power Of Updating
One of the best ways you can protect yourself is to ensure the technologies you use all have the latest updates, making it much harder for cyber attackers to break into them.
From “SANS” Don C. Weber (5/06/2020)
For Six Years Samsung Smartphone Users Have Been At Risk From Critical Security Bug. Patch Now
What makes such a vulnerability particularly concerning is the claim that it could be done without any user interaction, a “zero click” scenario where – for instance – a vulnerable phone just generating a thumbnail preview for a notification message might actually allow an attack.
From “The State of Security” Graham Cluley (5/07/2020)
Coronavirus-Themed Phishing Templates Used To Capture Personal Information
The spread of the coronavirus has triggered a surge in templates that spoof government agencies and health organizations in an effort to capture personal information from people.
From “Tech Republic” Lance Whitney (5/15/2020)
Phishing Scam Impersonates Navy Federal
The “payload” consists of a link to a fake login page hosted at a URL that is not associated with Navy Federal, but has a landing page that appears similar to the legitimate Navy Federal login page, the company said. Clicking on the link will compromise users’ login credentials to their Navy Federal accounts, which would become vulnerable.
From “Credit Union Times” P.J. D’Annunzio (5/20/2020)
New Phishing Campaign Impersonates LogMeIn To Steal User Credentials
To apply this alleged security update, the user is told to click on a link in the email. A stern warning asserts that if the update is not applied, then the user's account will have to be suspended for security reasons. Clicking on the link brings the recipient to a fake login page that appears similar to the actual LogMeIn page.
From “Tech Republic” Lance Whitney (5/20/2020)
8 Ways To Protect Members From CARES Act Stimulus Scams
As proceeds from the U.S. CARES Act begin to hit the nation’s pocketbooks and bank accounts, credit unions are strategizing how to help members manage their newfound cash. Fraudsters, on the other hand, are strategizing how best to steal it.
From “Credit Union Times” Ashley Town (5/01/2020)