Posts tagged " Phishing "

Four ways to avoid being a victim of Russian cyberwarfare

January 22nd, 2018 Posted by News No Comment yet

Russian cyberwarfare is the new threat to the nation, according to Nick Carter, the head of the British army, which means that the new frontline is, well, you. So it’s now more than just simple self-care to be smart about your online security – it’s your patriotic duty.

Update your devices – and upgrade the ones you can’t

Some of the most damaging cyber-attacks in recent years haven’t come through elite hackers crafting one-of-a-kind viruses to break into secure government devices, but from exploiting the old and out-of-date hardware that normal people use every day.

Take the Mirai botnet: a swarm of millions of hacked devices, it was used to overload servers by bombarding them with traffic requests. But the basic elements of the botnet were simple, cheap, “internet of things” devices such as security cameras or smart lightbulbs, which had glaring security flaws that no one ever bothered to fix.

Don’t be a John Podesta

“Fancy Bear” is the organisation behind the hacking of Hillary Clinton’s campaign chairman, John Podesta. He fell prey to a phishing campaign, well-executed but simplistic, that allowed the attackers to download – and leak – every email he had sent or received.

At its heart, the hack used a fake warning from Google, asking Podesta to click a link and log in to respond to a security alert. After an aide mistakenly told him the link looked legitimate (he meant to type “illegitimate”), he did – but the link didn’t go to Google, and so he ended up sharing his username and password with the attackers.

The easy-to-say, hard-to-do advice is “always make sure links are from who they say they are”. A more useful recommendation may be to join the 10% who have “two-factor authentication” turned on their email.

Avoid paying the ransom

The WannaCry ransomware attack has been credibly linked to North Korea, which has apparently been stepping up its use of cybercrime as a method of fundraising – a technological improvement from recent history, when the nation was one of the largest forgers of US currency.

Keeping a backup of your critical data is a good idea anyway (who knows when a stray cup of coffee will fry your treasured photos?), but it is twice as useful if you can avoid paying a bitcoin ransom to a pariah state.

Think twice before retweeting and sharing

According to new figures from Twitter, more than 50,000 accounts on the site were created for the express purpose of spreading Russian misinformation during the US election. Of course, the point of the misinformation accounts was to blend in with conventional US political activists, so … maybe just log off altogether?

Thanks to Alex Hern at The Guardian for this article.

Phishing Posts that really catch people out

June 28th, 2017 Posted by Industry Focus, News No Comment yet

As hackers grow in sophistication, so do the phishing scams they try and entice innocent users with. We’ve rounded up some of the most common and well-used versions:

The Public Speaker

This is a long-running scam that preys on the hopes of public speakers, inviting them to speak (and be paid a hefty fee) at a conference in the UK or somewhere else in the world.  In the last year or so, the scam has taken a nasty turn, targeting ministers, pastors, and preachers to invite them to a bogus religious conference and again offering them a big paycheck.

Now, the scam has taken a new direction, aimed at women and parents, or at least speakers on these subjects.  Please beware if you get a letter like this.  The idea is to get your personal details under the pretext of sending you some money, or getting you to send some money to take care of administrative fees or governmental controls, with a promise of a big check to come.

But this is a scam.  You will never get the promised big check.  The conference is not real.

So the answer is simply to ignore the email.  Don’t be tempted!

The Tax Rebate

Fraudsters are generating phishing emails by posing as HMRC in order to gain access to people’s bank accounts. It appears the occurrence of these emails has become increasingly common as a Which? survey found that of 2016 adults, 40% had received communication of this nature.

The general format of these e-mails can look very convincing as they make use of genuine HMRC branding. Sometimes emails are signed off with the name of an actual HMRC employee making them seem even more realistic.  The contents will generally be offering you a tax refund and asking for bank details in order for the money to be refunded.

The amount offered is usually up to £500, so as not to raise the recipient’s suspicions. The main aim of these emails is to extract money from your bank account, get you to send money or to gain enough personal information about you to sell you details to identity theft criminals. An example is below:

Phishing email 1.png

 

HMRC will never send notification of a tax reimbursement or ask for personal or payment information by email. So you can safely ignore these emails.

Google Docs

This is a sophisticated phishing scam that asks for permission to access files stored in Google Drive. The attack involves an email being received saying a Google Doc has been shared with you.

The message looks legitimate and appears to be from a contact you already know. But when clicked, permissions are granted to a third-party that has no relation to Google. The below image shows the phishing scam in action:

google-docs-oauth-phishing-email

 

 

 

 

 

 

 

 

 

 

 

 

What to do if you get ‘phished’

“If you have disclosed confidential data (e.g. a username or password), go to the real site and change it immediately, to stop the criminals hijacking your online account,” You can also report emails to your email service provider.

If you see a phishing email at work, the best approach is to forward it to an IT department or report it in via internal company systems. If it appears to come from a colleague, but it does look and feel ‘phishy,’ don’t reply in the mail, call them or go to see them to confirm the validity of the mail and the contents.

Never reply to the message, even if you fancy taunting the ‘phisherman,’ you would only be confirming your email address is valid and live.

If you do click on a phishing link, it’s also worth reporting the incident to Action Fraud.

 

Companies have been crippled by an attack dubbed ‘Petya’, the second major ransomware crime in two months.

June 28th, 2017 Posted by News No Comment yet

The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom.

The Petya ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools.

The malware tries one option and if it doesn’t work, it tries the next one.

What should you do if you are affected by the ransomware?

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @HackerFantastic on Twitter.

“If machine reboots and you see this message below, power off immediately! This is the encryption process. If you do not power on, files are fine.

hackerfantastic

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. Back up your files regularly and keep your anti-virus software up to date.

Contact Microcomms for a free Security Audit and for information about anti-virus and anti-malware software.

Google Docs users hit with sophisticated phishing attack in their inboxes

May 5th, 2017 Posted by Uncategorized No Comment yet

A Google Docs scam that appears to be widespread began landing in users’ inboxes on Wednesday in what seemed to be a sophisticated phishing or malware attack. The deceptive invitation to edit a Google Doc – the popular app used for writing and sharing files – appeared to be spreading rapidly, with a subject line stating a contact “has shared a document on Google Docs with you”. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.

Clicking on that link grants permission to a bogus third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts.

Google has said it is aware of the issue and investigating it. The company encouraged users to report the email as phishing within Gmail.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated.

Web

Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages.

As the Verge noted, Wednesday’s attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but instead is working within Google’s system with a third-party web app that has a deceptive name.

If users have already granted permission through the phishing email, they can go to their settings and revoke the app.