Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Phishing

Auto Added by WPeMatico

Why Do They Spell Phishing With ‘ph?’ An Unlikely Homage

Back in the counter-culture days of the U.S., a group of people developed an obsession with telephone systems. It gave us the first hackers, the weird spelling of phishing, and Apple, Inc.

Read This Article on CloudSavvy IT ›

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dave McKay

PSA: Watch Out For This New Amazon Email Phishing Scam

Scam artists are getting so good at creating realistic-looking phishing emails that some are getting past Gmail’s spam filters. Although most of us have been trained to spot suspicious email messages, some (like the one above) look like they could be from companies like Amazon.

Read This Article on How-To Geek ›

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Justin Duino

A Google Drive Flaw Lets Hackers Trick You Into Downloading Malware

The Google Drive Logo in front of a series of hard drives.Michael Crider/zentila/Shutterstock

Google Drive is one of the more trusted cloud services out there, but that doesn’t mean it’s perfect. As System administrator A. Nikoci tells The Hacker News, bad actors can exploit flaws in Google Drive’s manage versions feature to trick you into downloading malware.

To demonstrate, A. Nikoci put together a YouTube video that shows the process. To start, the bad actor needs to upload a legitimate file, like a PDF, and create a shareable link for it. Google Drive will do its thing and generate previews, and the like so anyone who follows the link can see what the file contains.

But the next step is where things get nefarious. Google Drive has a “manage versions” feature that lets you update a file and keep the same shareable link. That’s useful if you needed to make some changes to a file you’ve already sent out.

It seems Google Drive doesn’t take as close a look at the new file as it did the original. You can change out the file entirely, even if it has a new extension like .exe, and that doesn’t trigger an update to the preview or update the file name and extension in the shared link site.

The only real indications are a change to the file icon (it no longer shows a pdf icon for instance), and when you download the file it will reveal the .exe extension. Of course, that could be too late for the right kind of malware. Or you might have the “open when finished downloading” option going.

Google Drive doesn’t seem to scan the updated file closely enough to realize it’s malware, even when SmartScreen and other antivirus programs catch the problem. Nikoci says he notified Google of the problem two days ago, but the company hasn’t corrected it.

Here’s hoping that changes soon.

via The Hacker News

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Josh Hendrickson

New Netflix Phishing Scam Can Steal Credit Card Info

news-netflix-phishing-scam-featured.jpg Netflix is great for providing so many hours of television and movies, making it the go-to entertainment option for many. But as enjoyable as it is, it can still provide some trouble. This is what the Amorblox site found out when it discovered a Netflix phishing scam that is stealing credit card information. How the Netflix Phishing Scam Works Before abandoning Netflix, it may be beneficial to find out how the scam works and how it was found, as perhaps you can changes things up a little to be sure it doesn’t happen to you so that you… Read more13764987.gif

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Laura Tucker

The coronavirus pandemic has unleashed a new wave of fraud


Criminals are getting busy — and creative — with an onslaught of new frauds preying on people’s fears and anxieties about the coronavirus pandemic.

The big picture: Desperate people are finding their unemployment checks and stimulus payments stolen. They’re also being bombarded with offers for fake cures, fake work-at-home offers and messages asking for personal financial information.

In perhaps the most widespread scam, criminals are filing fake unemployment claims on behalf of real people who haven’t lost their jobs, hitting one state after another.

  • The rush to get relief money in people’s hands has introduced new vulnerabilities to unemployment systems — state agencies and corporate human-resources departments alike are quick to approve claims without requiring much proof.
  • A Nigerian crime ring called “Scattered Canary” may be responsible for a lot of this fraud, which is made more attractive by the extra $600 a week in unemployment benefits Congress enacted.
  • Washington state — an early locus of coronavirus in the U.S. — seems to have been hit hardest, with hundreds of millions of dollars in benefits siphoned off, per the Seattle Times.

Where it stands: The Federal Trade Commission says consumers have reported about $50 million in losses to the agency.

  • TransUnion, the credit bureau, runs a weekly survey that shows that 29% of consumers say they’ve been targets of digital fraud related to COVID-19.

“Some of the really pernicious stuff that we were seeing were about people ordering P.P.E.-type materials — face masks, hand sanitizer — and then it never arrives,” Monica Vaca of the FTC tells Axios.

“Fraud is big business, and it runs just like every other corporation out there,” Will LaSala of OneSpan, which sells antifraud software, tells Axios.

  • Misinformation about COVID-19 — plus runs on items like soap and toilet paper —  prompted a lot of people to try to buy things on merchant websites that turned out to be fake, or to click on phishing offers.
  • Fraudsters dangled lures like “check your $1,200 stimulus pay status” to get people to divulge information via email, phone and text.
  • Other scams include fake charity websites, false offers of Small Business Administration loans; sham work-at-home schemes that get people to pay money up front, and calls from a local area code that purport to be from a person’s doctor.

Official-looking notices claiming to be from the government might say you’ve been overpaid in stimulus or unemployment benefits and need to return the money immediately.

  • “A lot of times, they’ll say you have to do it right now or you’ll be arrested — and, oh, by the way, put it on an Apple gift card,” Paul Stephens of the Privacy Rights Clearinghouse tells Axios.

Then there are W-2 scams, in which a hacker spoofs the email address of a CEO and asks the H.R. department for a list of employees’ tax information.

  • “When we were working from offices, there were firewalls in place that really blocked a lot of this, but now that we’re working from home, we don’t have those safeguards in place,” LaSala says. “That really led to a lot of these attacks.”

Who’s scammin’ whom: While the elderly are frequent victims, more unexpected are millennials (who are at the prime age to be home, online, idle and jittery) and college students, who are nervous about their academic future and tuition status.

  • “They pretend that they’re from the school’s financial department and they’re giving you choices,” Paige Hanson, chief of cyber safety education at NortonLifeLock, tells Axios. “They’ll say, ‘click on this link to verify your personal information.’ It will go to a fake landing page” where criminals collect the information they need to take advantage of the student.

Even if only a tiny percentage of these fraud attempts works, “the payoff is significant,” Crane Hassold, senior director of cyber intelligence at the email security firm Agari, tells Axios.

  • “Some of these attackers are working 40 hours a week. These attacks are becoming more sophisticated, more realistic.”

Experts offered some advice to try to protect yourself:

  • “Be suspicious of any unsolicited phone call email or text message you might receive from anyone, unless you initiated the contact with that person,” Stephens said. If in doubt, call back to a number you know is legit.
  • Talk to someone before taking action. “Tell a friend, tell your sibling or somebody,” Hanson said. “Even though you’re in that moment and you want to react, they might know about this scam.”

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Jennifer A. Kingson