Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Scam Of The Week Blends CEO Fraud And W-2 Phishing

I have talked about CEO fraud here many times — e-mail attacks spoofing the boss and social engineering a high-risk employee into wiring funds to a bank account controlled by the bad guys.

And I probably also warned you against W-2 phishing, where scammers impersonate the boss and ask a PDF with all employee tax forms. Per a new “urgent alert” issued by the U.S. Internal Revenue Service, internet criminals have now combined both schemes and at the same time are targeting a much wider range of organizations than ever before.

Scam Of The Week: IRS Issues Warning On New Tax Phishing Attack

It's unbelievable, but the new tax season is around the corner and the bad guys are already at it. This is a two-phase phishing scam of the week you need to watch out for: 

PHASE 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. Something with the innocent subject "I need a preparer to file my taxes."

The tax preparer responds, and the bad guys send a second email with a malicious attachment claiming to contain the client tax information. The tax preparer falls for this social engineering attack and opens the attachment (likely enables macros) and that compromises the machine and now the bad guys own the tax preparer's computer.

Scam Of The Week: Locked PDF Phishing Attack

Wednesday Jan 4th, the SANS Internet Storm Center warned about an active phishing campaign that has malicious PDF attachments in a new scam to steal email credentials.

The SANS bulletin said that the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”

John Bambenek, handler at SANS Internet Storm Center said: “This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,”

This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks. Here is how it looks:

Scam Of The Week: Watch Out For Fake Apps

The shoe retailer Foot Locker Inc. has three iPhone apps. But that did not stop an entity calling itself Footlocke Sports Co., Ltd. from offering 16 shoe and clothing apps in the App Store.

Tech support scammers abuse bug in HTML5 to freeze computers

Malwarebytes Researcher Jerome Segura reported on a new Tech Support scam that uses a known HTML5 bug to freeze the system and trick people to call a fake support number. Note, it does not crash the system, it just takes all CPU and almost all memory resources. See the Task Manager stats top right.

Scam Of The Week: Tech Support Claims Your Hard Disk Will Be Deleted

Symantec warns that tech support scams are getting more sophisticated by the month: "These scams remain one of the major and evolving forces in the computer security landscape. Between January 1 and April 30 this year, the Internet Crime  Complaint Center (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US$2.27m."

Recently, Symantec has observed a new feature in the tech support scams it is detecting – the use of code obfuscators. Early tech support scams had their entire malicious code clearly visible. Now code obfuscation, which was mostly seen with Exploit Kits, has made its way to tech support scams.

[ALERT] Scam Of The Week: Brad Pitt Found Dead (Suicide)

The divorce between Brad Pitt and Angelina Jolie has been used by the bad guys for a "celebrity death hoax" which unfortunately is high-grade click bait.

It's the most recent one to hit social media and your employee's inbox, and will not be the last. Snopes, a debunking site that usually gets it right, confirmed that this bogus news has been around since the 21st of September.

Scam Of The Week: Insidious New IRS Social Engineering Attack

There is a new insidious IRS scam that you need to warn your employees, friends and family about, and inform your HR department to start with.

Seasoned internet criminals are sending bogus emails with attachments, text messages and even snail mail claiming to be from the IRS and using a phony Form CP 2000.

A new "long con" Scam Of The Week: Binary Options

Most scams on the internet are "short con" scams, compare them to hit & run. However, "long con" scams have started to show up that can take a few months to finally steal the money. 

In the last few weeks, government organizations in several countries have warned for a new scam on the internet called binary options. These scams lure you in with the opportunity to make money through movements in the prices of certain assets. As an example, so far this year people in Australia have lost $3 million to these scammers.

Scam Of The Week: A New Type Of Tech Support Fraud

We spotted an unusual phishing email which revealed a new scam your users will soon find in their inbox. Time to inoculate them before it becomes a problem!

Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like "unusual sign-in activity".

Copies of these emails have been used for credentials phishing for a few years, but the problem is these security notifications are now being used by bad guys as a new attack vector for a tech support scam.

These new "phishes" point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below, which was sent to us by one of our customers -- who were well trained -- and did not fall for the scam.

PS: KnowBe4 uses HubSpot to host our website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:

So, I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews