Scams of the Week:

 

Fraudulent COVID-19 communications from many attributed sources

It is truly unfortunate that these types of scams are occurring but reports are arriving from many news outlets of attempts by scammers to impersonate official COVID-19 communications from various agencies such as public health, insurance companies, financial institutions, charities and others.

If in doubt, check for notices published on these agencies websites

Some offerings to be very wary of include;

  • Companies offering COVID-19 tests for a price.
  • Charities claiming to be raising funds for the development of the COVIID-19 vaccine.
  • Offerings of stock in COVID-19 related companies
  • Messages from the  Canadian Red Cross offering masks or other equipment with a link to purchase.
  • Messages from "infected" individuals requesting financial aid.

Be suspicious of any direct communication, such as phone, email and texting claiming to originate from these agencies.

You can refer to the Public Health Agency of Canada for official updates regarding the novel COVID-19 virus. (https://www.canada.ca/en/public-health.html)

Check https://www.bbb.org/council/coronavirus/ to find out more about scam alerts related to the COVID-19 virus.

Please report a business that you suspect is fraud at the Better Business Bureau at https://www.bbb.org/scamtracker/us

.

Fake Equifax Claim

Internet bad guys are now trying to trick you into filing an Equifax claim and get a $125 payment because your personal data was in the Equifax data breach. They are sending phishing attacks that look like they come from Equifax and when you click on the links, you wind up on a fake website that looks like it's Equifax, but will try to steal your personal information. Don't fall for it.

if you want to file a claim, go the legit FTC website and click on the blue "File a Claim" button. The website will check your eligibility for that claim, not everyone's information was compromised. Here is the link to the FTC site:
https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

Fake Audio Note

ALERT: Internet Criminals are sending phishing attacks where they try to trick you into listening to a fake "Audio Note". They show you screen shots and attempt to scam you into clicking on links or even log into a fake Microsoft login page.

For Microsoft accounts and Outlook.com logins, it is important to remember that Microsoft login forms will just be on microsoft.com, live.com, microsoftonline.com, and outlook.com domains only. If you are presented with a Microsoft login form from any other URL, avoid it and only use your normal bookmarks to go to these sites.

 

Sharepoint/OneDrive scam

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending you an invite via email to open a SharePoint document. The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don't be tricked.

Whenever you're submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

 

Active Shooter on Campus Phishing Scam.

Cyber criminals are now exploiting recent active shooter events on campus to get people panicked and "click-by-reflex" to find out if a loved one is safe. This same phishing attack could be used against any organization with an active shooter protocol and training in place. If you see emails with titles like:

  • “IT DESK: Security Alert Reported on Campus”
  • “IT DESK: Campus Emergency Scare”
  • “IT DESK: Security Concern on Campus Earlier”


Please think before you click, and look for any red flags related to a phishing scam. In any case, click on the Phish Alert Button to send this email to IT."

Tech support scams using browser lockers.

Microsoft tech-support scam operation has been observed scamming users by posing as authorized Microsoft support technicians.

The scam operates by locking a users web browser with malicious pop-up ads. The locked browser may convince the user that something is truly wrong with the computer, enticing the victim to call the number on the pop-up ad. They are then instructed to download an app giving the criminals the ability to control their computer. This is then followed up  by a sales pitch to purchase a “support plan” from the fake company. The company's go by the names GeeksHelp and AmericaGeeks.

 

Alert:

 

Whatsapp spyware gives criminals unwanted access to your phone

If you have WhatsApp installed on your phone, you should update it now. In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.

While most spyware requires some action on the user's part, this new vulnerability did not. All that was required was to place a call to a phone with WhatsApp installed, you didn't even have to answer or interact with the call.

https://www.androidcentral.com/update-whatsapp-now-prevent-being-exploited-attack

Blur Password Manager Breach.

On Thursday, December 13th 2018, Blur became aware that some information about Blur users had been potentially exposed.

The following information may have been exposed about Blur users who had registered their accounts prior to January 6th, 2018:

  • Each user’s email addresses
  • Some users’ first and last names
  • Some users’ password hints but only from our old MaskMe product
  • Each user’s last and second-to-last IP addresses used to login to Blur
  • Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.

As a best practice, you should change your Blur password. If you use the same password you use on Blur on any other service, you should change those passwords to new unique passwords as well.

Facebook Security Breach causes 90 Million account password resets.

A security vulnerability on Facebook allowed malicious hackers the ability to hijack user accounts. In response, Facebook reset the passwords of 90 million users on Saturday September 29.

https://www.infosecurity-magazine.com/news/facebook-resets-90-million/

Ticketfly website defaced and customer database breached.

Ticket distribution service Ticketfly shut down its website on Thursday after its public website was defaced.

Ticketfly is investigating the extent of the breach.

https://support.ticketfly.com/customer/portal/articles/2941983-ticketfly-cyber-security-update

Malicious Chrome Extension

Nigelthorn malware is targeting chrome users with a malicious extension. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the malicious extension.

The extension then executes a malicious JavaScript code, turning the victim's computer into part of a botnet. This malicious browser extension than performs credential theft, crypto-mining, click fraud and more. 

In addition to stealing the victim's Facebook and Instagram credentials, the malware also collects data from the user's Facebook account. 

This stolen information is then used to send malicious links to friends of the infected person in an effort to push the same malicious extensions further. If any of those friends click on the link, the whole infection process starts over again.

Please do not install extensions to view content. This is a common method of distributing malware.

Orbitz travel booking web-site has been breached!

Orbitz has suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards whom made certain purchases between January 1, 2016 and June 22, 2016.

In response to the incident, Orbitz is offering customers a year of free credit monitoring.

Fortnite online game accounts hacked.

Fortnite, available on Xbox One, PlayStation 4, Windows PC and Mac, is a ‘battle royal’ action survival game developed by Epic Games in which players collect resources, build fortifications and construct weapons and traps to engage in combat against creatures.

It's been reported that there has been suspected hacking of player accounts of Fortnite, with some players discovering large credit card charges from fraudulent purchases.

In a statement, Epic said: “We are aware of instances where users’ accounts have been compromised using well-known hacking techniques.

“Any players who believe their account has been compromised should reach out to our player support immediately.”