BLOG

Scammers are exploiting a real “cyber incident” at a Riverhead New York high school to send out robocalls that claim to be coming from the local police department, RiverheadLOCAL reports.

“Community members should be on the alert for scammers looking to take advantage of the school district’s situation, Riverhead Police Chief David Hegermiller said in a phone interview this afternoon after the police department issued a press release warning about a robocall in which someone claiming to be a Riverhead Police sergeant said he was calling about a data breach at Riverhead High School,” RiverheadLOCAL said. “That call did not come from the Riverhead Police Department or any affiliated agencies, according to the police press release.”

The scammers are likely spoofing the phone number to make the call appear legitimate.

“Police provided the phone number and caller ID information connected with the robocall,” RiverheadLOCAL said. “A woman who answered a call to that number today said she had not made any calls of that nature and had not heard anything about it prior to RiverheadLOCAL’s inquiry. She said she had not been contacted by the Riverhead Police Department about the matter. She also said she does not live in Riverhead and does not have children in the district. The department is not making robocalls to the community about the situation in the school district, Hegermiller said this afternoon. Anyone who receives any calls to that effect should hang up and report the call to police.”

Hegermiller added that the department is still attempting to determine who is actually behind the calls.

“We are still working on it and trying to figure out who the caller actually is and how the number is being used,” Hegermiller said.

New-school security awareness training can enable your employees to recognize the hallmarks of social engineering attacks so they can avoid falling for these types of scams.

US telecommunications company Cox Communications has disclosed a data breach that exposed some customers’ information, BleepingComputer reports. The company said in a breach notification letter that an attacker was able to gain access to some customer accounts after using social engineering tactics to impersonate a Cox employee.

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts,” the statement said. “We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications. After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

Cox urges affected customers to keep an eye on their finances for any suspicious activity.

“We assure you that we take this incident very seriously,” the letter continued. “Out of an abundance of caution, we recommend that you review your financial account statements for fraudulent or irregular activity. You should immediately report any unauthorized activity to your financial institution. We also recommend that you change the password on any accounts that may use the same password as your Cox account.”

BleepingComputer offers the following additional recommendations for Cox customers:

• Immediately change the password and account security questions/answers on your Cox account.
• Be on the lookout for phishing emails pretending to be from Cox that are designed to steal your login credentials.
• Enable 2-factor authentication for your Cox accounts to make it harder for threat actors to log in to your account.

New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks. And sound policies based on best practices can help reduce the risk of being deceived by someone pretending to be an employee.

Researchers at MailGuard have observed a phishing campaign that’s using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an important-looking email has been sent to their spam folder, and they’ll need to click a link to view the supposed message.

“Scammers are sending the email from ‘quarantine[at]messaging[dot]microsoft[dot]com’, and the display name is the recipient’s domain, to feign authenticity,” the researchers write. “The email subject is ‘Spam Notification: 1 New Messages’, alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review. Details of the ‘Prevented spam message’ are provided, with scammers personalizing the subject heading as ‘[company domain] Adjustment: Transaction Expenses Q3 UPDATE’ to create a sense of urgency and using a finance-related message.”

If a user clicks the link, they’ll be taken to a spoofed Office 365 login page. MailGuard notes that once an attacker compromises your Office 365 account, they can access a wealth of sensitive data.

“Providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more, which could lead to criminal activity such as BEC, identity theft , and other fraudulent activity,” MailGuard says. “Customers of trusted brand names such as Microsoft are targeted by cybercriminals due to the company’s expansive user base, so customers must remain vigilant and check twice before clicking on any potentially harmful links.”

MailGuard urges users to be wary of emails that:

• Are not addressed to you by name.
• Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
• Are from businesses that you were not expecting to hear from, and/or
• Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.

New-school security awareness training can enable your employees to recognize social engineering tactics so they can thwart phishing attacks.

Researchers at Avanan have spotted a new phishing campaign that’s impersonating DHL with phony shipping notifications. The emails inform the recipients that they need to update their delivery address in order to receive a package.

“In this attack, scammers are using brand impersonation,” the researchers write. “By showing a page that looks like it comes from a trusted brand, they’re hoping to trick end-users into clicking on a link. That link, however, is a classic credential harvesting link, looking to steal data and other information. The email starts with noting that there is an ‘undelivered’ package from DHL. By going online, you can submit your address, as well as other information, to get the delivery on time and at the right place. However, that won’t happen. “

The researchers note that impersonating DHL allows the attackers to target people all around the world, particularly during the holiday season.

“What’s particularly clever is the spoof of DHL,” Avanan says. “Not only is DHL the third-most impersonated brand, according to Check Point Research, but it also delivers packages from around the globe. With folks broadening their purchasing horizons this holiday season, a DHL package is more likely, making the spoof more believable. The hackers are utilizing the classic social engineering tactic of urgency to get end-users to click. The thinking, they hope, is that end-users will be in a panic seeing that their package won’t get to their door on time, and will enter their info without thinking.”

Avanan offers the following advice to help users recognize these attacks:

• “If clicking on the harvesting link, inspect the URL
• “Pay close attention to mistakes in the email. “DHL Office” is not a real place—the closet think would be DHL Express ServicePoint
• “Pay extra attention to emails from brands, especially around the holidays. Check Point Research has found that two of the top five most impersonated brands ship goods (DHL, Amazon)
• “Ensure that the package that has been ordered is actually shipping with DHL. The tracking number provided provided with the original order will show if the package is delivered with DHL and the true delivery status
• “Utilize an email security solution that relies on multiple factors to determine an email is phishing”

It’s a seasonal trend, but a perennial threat. New-school security awareness training can enable your employees to avoid falling for phishing attacks.

Bleepingcomputer had the scoop. Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns. Threat actors are quick to adjust to the latest trends and hot topics, and increasing people’s fears is an excellent way to cause people to rush to open an email without first thinking it through.

In this case, the Omicron variant is an emerging strain of COVID-19 that has scientists concerned over its high transmissibility and the potential ineffectiveness of existing vaccines against its mutations.

This all makes it an ideal topic for phishing, as even the vaccinated are worried about how Omicron would affect them in the case of an infection. UK’s consumer protection organization ‘Which?’ published two samples of new phishing emails pretending to be from the United Kingdom’s National Health Service (NHS) warning about the new Omicron variant.

These emails offer recipients a free Omicron PCR test that will allegedly help them “get around restrictions”. To add trust in the emails, the malicious address used for distributing these emails is ‘contact-nhs@nhscontact.com’.  If the recipient clicks on the embedded “Get it now” button or taps on the URL in the email body, they are taken to a fake NHS website claiming to offer the “COVID-19 Omicron PCR test.”

The victims are then directed to enter their full name, date of birth, home address, mobile phone number, and email address. Finally, they are requested to make a payment of £1.24 ($1.65), which is supposed to cover the delivery cost of the test results.

The purpose of this is not to steal the amount itself but the payment details of the victim, like the e-banking credentials or their credit card details. During that step, the victim is also requested to enter their mother’s name, which the actors could use to bypass security questions during a subsequent account takeover attempt.

What to do if you got scammed

If you think you might have entered your details on a fraudulent site, contact your bank immediately and cancel your compromised card/accounts. Monitor your bank accounts closely and review the transactions for any signs of unauthorized payments. If you receive an email that looks suspicious, report it at “report@phishing.gov.uk”. To report smishing texts, forward them to 7726.

Stepping your employees worldwide through new-school security awareness training helps them make smarter security decisions and creates a strong last line of defense.

This is a cross-post with grateful acknowledgment to Bleepingcomputer.

Researchers at Egress observed a massive increase in phishing kits in the run-up to Black Friday, particularly those impersonating Amazon.

“The research, conducted in partnership with Orpheus Cyber, has lifted the lid on how cybercriminals prepare to take advantage of the retail event, reporting a 397% increase in typo squatting domains explicitly tied to phishing kits,” Egress said. “Amazon was a popular choice for cybercriminals, with a 334.1% increase in phishing kits impersonating the brand ahead of its anticipated Black Friday promotions. Amazon was the top brand for fraudulent webpages linked to phishing kits, with researchers observing almost 4,000 pages imitating the brand – three times as many as those detected for the popular online auction site eBay and over four times as many as for retail giant Walmart.”

Jack Chapman, Egress’s Vice President of Threat Intelligence, stated that people should continue to be vigilant throughout the rest of the holiday shopping season.

“We all want to buy our loved ones the best possible Christmas present and net a bargain price in the Black Friday sales, and each year cybercriminals use this to their advantage,” Chapman said. “PhaaS has lowered the barriers to entry for cybercriminals, making it easy to impersonate well-known brands and trick victims. The recent increase in the number of phishing kits listed for sale highlights the criminals’ appetite for carrying out attacks during busy shopping periods.

Chapman added that people should be particularly cautious with emails that purport to offer shopping discounts.

“Our research uncovered the behind-the-scenes activity of cybercriminals as they prepare to take advantage of unsuspecting victims this holiday period, highlighting the ease with which they’re able to impersonate brands such as Amazon,” Chapman said. “As we approach Christmas, I’d urge everybody to take extreme caution when it comes to unexpected offers and discounts – and if you’ve received an email that you think looks suspicious, don’t click any links and don’t download any attachments.”

New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks.