Scams of the Week:
Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending you an invite via email to open a SharePoint document. The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!
This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don't be tricked.
Whenever you're submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.
Active Shooter on Campus Phishing Scam.
Cyber criminals are now exploiting recent active shooter events on campus to get people panicked and "click-by-reflex" to find out if a loved one is safe. This same phishing attack could be used against any organization with an active shooter protocol and training in place. If you see emails with titles like:
- “IT DESK: Security Alert Reported on Campus”
- “IT DESK: Campus Emergency Scare”
- “IT DESK: Security Concern on Campus Earlier”
Please think before you click, and look for any red flags related to a phishing scam. In any case, click on the Phish Alert Button to send this email to IT."
Tech support scams using browser lockers.
Microsoft tech-support scam operation has been observed scamming users by posing as authorized Microsoft support technicians.
The scam operates by locking a users web browser with malicious pop-up ads. The locked browser may convince the user that something is truly wrong with the computer, enticing the victim to call the number on the pop-up ad. They are then instructed to download an app giving the criminals the ability to control their computer. This is then followed up by a sales pitch to purchase a “support plan” from the fake company. The company's go by the names GeeksHelp and AmericaGeeks.
Blur Password Manager Breach.
On Thursday, December 13th 2018, Blur became aware that some information about Blur users had been potentially exposed.
The following information may have been exposed about Blur users who had registered their accounts prior to January 6th, 2018:
- Each user’s email addresses
- Some users’ first and last names
- Some users’ password hints but only from our old MaskMe product
- Each user’s last and second-to-last IP addresses used to login to Blur
- Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
As a best practice, you should change your Blur password. If you use the same password you use on Blur on any other service, you should change those passwords to new unique passwords as well.
Facebook Security Breach causes 90 Million account password resets.
A security vulnerability on Facebook allowed malicious hackers the ability to hijack user accounts. In response, Facebook reset the passwords of 90 million users on Saturday September 29.
Ticketfly website defaced and customer database breached.
Ticket distribution service Ticketfly shut down its website on Thursday after its public website was defaced.
Ticketfly is investigating the extent of the breach.
Malicious Chrome Extension
Nigelthorn malware is targeting chrome users with a malicious extension. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the malicious extension.
In addition to stealing the victim's Facebook and Instagram credentials, the malware also collects data from the user's Facebook account.
This stolen information is then used to send malicious links to friends of the infected person in an effort to push the same malicious extensions further. If any of those friends click on the link, the whole infection process starts over again.
Please do not install extensions to view content. This is a common method of distributing malware.
Orbitz travel booking web-site has been breached!
Orbitz has suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards whom made certain purchases between January 1, 2016 and June 22, 2016.
In response to the incident, Orbitz is offering customers a year of free credit monitoring.
Fortnite online game accounts hacked.
Fortnite, available on Xbox One, PlayStation 4, Windows PC and Mac, is a ‘battle royal’ action survival game developed by Epic Games in which players collect resources, build fortifications and construct weapons and traps to engage in combat against creatures.
It's been reported that there has been suspected hacking of player accounts of Fortnite, with some players discovering large credit card charges from fraudulent purchases.
In a statement, Epic said: “We are aware of instances where users’ accounts have been compromised using well-known hacking techniques.
“Any players who believe their account has been compromised should reach out to our player support immediately.”