Phishing

10 Ways Hackers are Using Coronavirus to Phish You

by | May 28, 2020 | Phishing

COVID-19 has been a goldrush for hackers looking to exploit the epidemic. Almost every aspect of what’s unfolded has presented hackers with new and creative ways to phish you.

People are fearful, they’re working from home and under a lot of stress. That makes for a perfect target for hackers. Here are the top ten ways hackers are using the pandemic to phish you. It would be nice if these were the only ten. They’re not – there’s more.

 

 

#1 Free Money

Everybody knows about the stimulus checks offered by the U.S. government to most workers, which means hackers know about it too. And they’ve been using it to phish you.

From the WKRG web site, “The FBI is also warning about another kind of scam–email phishing scams over coronavirus and economic stimulus checks. The agency says to look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government.” The email is not from the government, it’s from a hacker.

 

#2 Web Conferencing

For many people working from home, they’re using web conferencing software for the very first time. So, they’re not experienced with the procedures and protocols for using it and hackers know that to launch their phishing attacks. A phishing attack aimed at getting your credentials.

Zoom web conferencing has been the most targeted application. Thousands of potential phishing sites have been created to target Zoom users as its usage has soared. But it hasn’t just been Zoom. Other applications targeted by hackers includer WebEx (Cisco), Skype (Microsoft), GoToMeeting, Microsoft Teams and Google Hangouts. Be wary of any unsolicited email from a web conferencing company.

 

#3 Medical Information

At this time, people are looking to trusted authorities for any medical information they can about COVID-19. Trusted authorities like the CDC, the WHO and NIH. Hackers know and use those symbols of trust to phish you when you’re looking for medical information.

From an article on Help Net Security, attackers have “been tricking users with fake email notifications and fake alerts impersonating local authorities, the US Centers for Disease Control and Prevention (CDC), and the World Health Organization (WHO) to deliver malware or to steal email credentials.” If you want the latest medical information from a trusted source, get it from their website.

 

protection from phishing

 

#4 Prevention and Cures

COVID-19 has people scared. So, scared that they’re taking matters into their own hands when it comes to prevention and cures. Hackers know that and use that to phish you.

From Tech Republic, “Many of the scams Barracuda Sentinel detected were looking to sell coronavirus cures or face masks or asking for investments in fake companies that claimed to be developing vaccines.” If you purchase a face mask, only do it from a reputable retailer.

 

#5 Charities

People who are faring better than most during the pandemic want to help and that help usually involves donating money to a charity. And hackers know it, so they use it to phish you.

Scams in the form of donation requests for fake charities are another popular phishing method. For example, one scam caught by the Barracuda systems claims to be from the World Health Community (which doesn’t exist but may be trying to take advantage of similarity to the World Health Organization) and asks for donations to a Bitcoin wallet provided in the email.” Don’t give to charities using Bitcoin.

 

#6 Travel Refunds

Many people planned a trip before the coronavirus outbreak and now can’t go because of travel restrictions. So, people want to get their money refunded and hackers know that and use that to phish you.

From the Identity Theft Resource Center, “As a result of the COVID-19 pandemic, the Tokyo 2020 Olympics have been postponed until next summer 2021. However, scammers will not postpone their attempts to target consumers through a series of tactics, including ticket refund scams. People should be on the lookout for these schemes under the guise of helping people to switch their plans to suit the new 2021 date.” If you want a refund, deal directly with the service provider.

 

how does phishing work

 

#7 Entertainment

People are stuck at home. They need entertainment, like the kind available from companies like Netflix. And hackers know it so they use it to phish you.

An example of this is the Netflix Covid-19 phishing scam. In this scam, victims receive an email telling them that because of the COVID-19 pandemic, Netflix “will give out 3 months of Netflix Premium to help you spend more time at home.” And of course, the email comes with a link to click on for more information. It’s a scam. Be fearful of anything “free” during the pandemic.

 

#8 Delivery Services

More and more people are buying online and depending on delivery service to obtain their goods. Hackers know that and use that to phish you.

According to TechRepublic, “Cybercriminals are leveraging overwhelmed delivery services to further phishing schemes.” Consumers are used to receiving emails from ecommerce companies, including shipping status emails. So, it’s not a big leap for hackers to use those emails to launch a phishing attack. Be hypervigilant when receiving package tracking emails.

 

 

 

#9 Unemployment Fraud

People who have never been unemployed are finding themselves unemployed for the first time. And they aren’t always sure what to do or where to begin. So, naturally hackers pretend to fill in the blanks for these newbies and answer their questions, when in reality they’re just setting them up to be scammed.

According to CNBC, when referring to the scammers, they report that “In some cases, they will pose as individuals helping file for unemployment benefits and then steal personal information. More than 31 million Americans are currently collecting unemployment benefits, according to the Labor Department.” That’s a big pond for hackers to go phishing in.

 

#10 Fake Insurance

Whenever there’s something harmful, people are going to want to insure themselves against it and Covid is no different. And hackers know it. If you want to protect yourself and your family with Covid insurance, you can be sure hackers will be there waiting to scam you.

AAA has been out on the frontline warning people about these fake insurance scams. The company stated “Be especially wary of COVID-19 insurance scams. Robocalls, plus text and email phishing attacks can pitch false insurance deals to consumers of all ages. These pitches may ask consumers to pay insurance premiums, without delivering coverage.”

These are the top ten ways hackers are using coronavirus to phish you today. There will almost certainly be new ones in the future. To good news? You can protect yourself from all of these, and any new ones in the future, simply with an email security software called Phish Protection.

Phish Protection doesn’t require you to purchase anything. It sets up in 10 minutes, works with all major email providers and best of all, it only costs pennies per user per month. The coronavirus-based phishing attacks are not going to stop. But you can keep them from harming you with Phish Protection.

More Bad News for Microsoft 365 Users

by | May 20, 2020 | Phishing

As we’ve written about many times before, Microsoft Office 365’s native security does not do a very good job of protecting you from phishing attacks which makes Office 365 extremely vulnerable to them. Now comes news of a targeted email phishing attack specifically designed to bypass the already vulnerable Office 365 security.

“The attack is a variant of ‘PerSwaysion’, a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.”

(more…)

Phishing is Changing but Defense Remains the Same

by | May 13, 2020 | Phishing

One of the challenges to stopping phishing attacks is that hackers used to be really nimble. They would use a new domain for each phishing attack, often keeping it active for only a few hours before retiring it forever. This fleet footedness enabled the hackers to do their dirty work before word got out about the malicious website. That situation seems to be changing.

(more…)

Sophisticated New Tactic Makes Phishing Emails Harder to Detect

by | May 6, 2020 | Phishing

You’ve seen reCAPTCHA. It’s the image verification software that asks you to click on the cars or the crosswalks to verify you’re a human being and not a bot. It’s a service now owned by Google.

Seeing reCAPTCHA software on a website probably gives most people a sense of security. Afterall, the website is protecting itself from malicious activity with the software. And that’s exactly why hackers have started using reCAPTCHA to launch phishing attacks. Because it gets you to let your guard down.

(more…)

Zoom isn’t the Only Video Conferencing Service Being Targeted by Phishing Attacks

by | Apr 29, 2020 | Phishing

If you’ve been paying attention, you know that the Zoom video conferencing service has been in the news a lot recently as a prime target for phishing attacks. This is the result of more people working from home due to COVID-19. Thousands of potential phishing sites have been created to target Zoom users as its usage has soared.

With all the headlines, you might get the idea that Zoom is the only video conferencing service being targeted by hackers. Unfortunately, hackers are more ambitious than that. Other popular services, including WebEx and Skype, are also under attack.

According to an article on Help Net Security, “Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for credential phishing, in particular to steal Zoom and WebEx credentials.”

In the case of WebEx (a Cisco company), “The fake emails purportedly coming from Cisco are a mishmash of unconnected visual elements and subject lines that command attention (e.g., “Critical Update!” or “Alert!”).”

Skype is in the same boat as WebEx. According to Threat Post, “Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look ‘eerily similar’ to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a Review button.”

While not in the headlines yet, it’s only a matter of time before other video conferencing services like GoToMeeting, Microsoft Teams and Google Hangouts are the target of phishing attacks. The bottom line is, employees working from home are outside the protective boundary of the company’s network and are therefore more vulnerable to these types of phishing attacks.

What’s needed now, more than ever, is the ability to protect employees from phishing attacks who are working from home. To do that requires cloud-based email security so that emails destined for employees at their home office can be screened before they ever hit the inbox. What’s needed is email security like that available from Phish Protection.

Phish Protection is cloud-based email security with real-time link click protection, which protects against the most sophisticated type of attack: time-delayed phishing attack. Phish Protection sets up in 10 minutes by making a simple change to a DNS entry. That means you can protect a thousand employees working in a thousand different homes in about 10 minutes. And Phish Protection only costs pennies per employee per month with no hardware or software to buy.

COVID-19 will eventually go away but hackers won’t. Protect your employees today. Try Phish Protection free for 60 days.

Hackers Now Going After Software Tools Which Help Workers Collaborate

by | Apr 22, 2020 | Phishing

In business today we use software in almost everything we do. What’s proven to be especially useful is web-based software or software-as-a-service (SaaS). It would be almost impossible to find someone in business who isn’t using at least some SaaS tools. From email (Gmail) to communication (Skype) to file sharing (Dropbox), SaaS tools have become a staple of office productivity.

(more…)

There’s More Than Just COVID-19 Phishing Emails Out There

by | Apr 15, 2020 | Phishing

COVID-19 is certainly grabbing the majority share of the headlines today. And why not? Afterall, it is a worldwide pandemic.

If you’ve been paying attention, you’ll also notice COVID-19 is responsible for a majority of the phishing email headlines. And why not? Afterall, hackers tend to “follow the news,” so it’s not surprising the dramatic increase in coronavirus-themed phishing emails.

(more…)

COVID-19 Fear Leads to Trickledown Phishing Scams

by | Apr 1, 2020 | Phishing

One of the fastest-growing security threats today is coronavirus-based phishing scams. Here, scammers use people’s fear of the virus to get them to do something they shouldn’t.

According to an article on TechRepublic, “There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts.”

(more…)

Coronavirus Requires Two Quarantines

by | Mar 18, 2020 | Phishing

By now, everyone has heard of COVID-19, the coronavirus rapidly spreading across the globe. In response to this fast-moving coronavirus, the international medical community has come up with a pretty simple, but effective way to stop it: quarantine. In other words, isolate yourself to keep from getting infected. And it seems to be working.

As hard as it may be to believe, there may actually be something spreading even faster than COVID-19. Coronavirus-themed scams and phishing attacks. And it’s only going to get worse because more people are working from home where they have even less protection from these threats than they do at work.

(more…)

How Chatbots Became a Phishing Tool

by | Mar 16, 2020 | Phishing

Whenever someone develops technology to help people, you can be sure that eventually, hackers will figure out some way to use that same technology to phish people. Such is the case now with customer service chatbots.

Customer service chatbots are software-driven instant messaging apps which are designed to convince you that you are having a conversation with a real person. They are frequently found on ecommerce websites as a first line of customer support.

(more…)

Sometimes When You go Phishing You Catch a Shark

by | Mar 6, 2020 | Phishing

It’s easy to assume that someone who is rich and famous is also tech savvy, but that’s not always the case. Take for example the news this week that Shark Tank star Barbara Corcoran lost almost $400,000 in a phishing scam.

According to an article in People Magazine, “The incident unfolded last week when Barbara’s bookkeeper received an email about an invoice ‘approving the payment for a real estate renovation.'”

(more…)

Phishing Attacks Get Really Scary When They Stop Attacking People and Start Attacking Systems

by | Feb 26, 2020 | Phishing

When you think about phishing attacks, most people think the ultimate goal is to get the victim’s credentials and use them to possibly impersonate them or steal their money. And mostly, that’s true. We hardly ever think that the ultimate target of a phishing attack might be an inanimate object. But more and more it’s becoming the case. And it’s getting pretty frightening.

(more…)

How Something Meant to Protect Your Mobile Device is Being Used to Phish You

by | Feb 13, 2020 | Phishing

Since mobile devices are essentially computers, it didn’t take long to figure out they needed to be protected like computers. That’s especially true given how frequently users download apps from the app store onto their mobile devices.

One example of mobile protection is Google Play Protect. Google Play Protect is Google’s built-in malware protection for Android devices. When you download an app from the Google Playstore, Google Play Protect automatically scans your device and makes sure your apps and everything else are safe. Sounds pretty good.

(more…)

Hackers Use Recent Tragedies to Target Phishing Victims

by | Feb 6, 2020 | Phishing

Hackers have no soul. They will use any means available to target victims with phishing emails, including seizing on the latest widely-known tragedies. And you have to be aware of it.

On January 26th, Kobe Bryant, an internationally-recognized sports superstar died in a helicopter crash outside Los Angeles. It didn’t take long for the heartless hackers to try and take advantage of the tragic event. According to KDBJ7 in Virginia, “BBB warns of phishing and clickbait scams following the death of Kobe Bryant. The sender claims to be from a reputable news organization capitalizing on trending news with an exclusive video, image, or document they want to share with you. These links can lead users to a malicious website once clicked.”

(more…)

The News Gets Worse for Victims of Ransomware

by | Jan 22, 2020 | Phishing

Hackers using ransomware to extort money from victims used to have a fairly straightforward playbook: gain access to the victims data, encrypt it and promise to decrypt it for the ransom. That by itself caused all kinds of havoc.

From Laporte, Indiana to Baltimore, Maryland, companies and municipalities found themselves scrambling to figure out how to decrypt their own data, or whether or not they should pay the ransom. And as bad as things got, these victims still had one thing going for them. While they couldn’t get to their data, nobody else could either, so at least it was safe from widespread public disclosure. Not anymore.

(more…)

The Newest Phishing Tactic Designed to Get You to Click

by | Jan 9, 2020 | Phishing

Phishing is a pretty straightforward scam. Get victims to click on a link they shouldn’t. In that regard, hackers never stop evolving and coming up with clever new ways to trick victims into clicking. And it seems they’ve done it again.

The trick of course is to make a malicious URL look legitimate. In that endeavor, hackers are now using the date to make phishing URLs look normal. According to an article on PCMag website, “Scammers have been incorporating the date into their malicious internet domains to help them spoof legitimate websites.”

(more…)

Bad News for Phishing Attacks: AI is Coming

by | Jan 2, 2020 | Phishing

If you’re responsible for email security at your company, then you’re acutely aware of the role that social engineering plays in effective phishing attacks. Social engineering is not a technology hack, it’s psychology hack. It doesn’t exploit technological weakness, it exploits human weakness. You can be sure the next phishing attack launched upon your organization will have, at its roots, social engineering.

(more…)

May the Force Be With You—That Force is a Phishing Attack

by | Dec 26, 2019 | Phishing

The newest Star Wars movie due out this week, The Rise of Skywalker, could just as easily be titled The Rise of Hackers, because they’re using the release of the over-hyped movie to target fans with a phishing attack.

As reported in SC Magazine, “Star Wars: The Rise of Skywalker is just being released into theaters today but cybercriminals were already assembling fake websites and social media profiles to deliver malware to fans, instead of something useful like the Death Star’s plans.”

(more…)

The Latest Popular Service to Serve You up Phishing Emails: Spotify

by | Dec 18, 2019 | Phishing

If it’s a popular consumer service, you can bet that eventually, hackers will use it in phishing attacks. First it was Netflix, then it was Instagram and then Google and now Spotify.

Almost all communication with the services you use today is via email. Hackers know it, and that’s why phishing attacks aren’t going away any time soon. This time, it’s hackers going after Spotify customers with a phishing email that warns you that your payment didn’t go through.

(more…)