Fake phishing email. Click on to enlarge.
It seems that every new event brings out a crop of scammers ready to exploit the gullible. Several recent scams are using the Equifax breach settlement, and the recent mass shootings in El Paso and Dayton to extract money from or deliver malware to their victims.
First, from KnowBe4, we have the details of several scams taking advantage of people attempting to get the $125 settlement payment they may be owed as a result of the Equifax credit report database breach. These are showing up as phishing campaigns using Equifax logos and trade dress. Clicking on the embedded links will take the unwary to a fake settlement website.
Fake web page. Click to enlarge.
If you want to file a claim, go to the FTC website and click on the blue “File a Claim” button. Here is the legitimate link: https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement. I have read that requests for a cash settlement have already exceeded the funds available for payment, so you might as well sign up for the free credit monitoring option instead.
The next alert came from CISA (formerly US-CERT). This announcement advises us to look out for phishing emails, Facebook and other social media posts, and even SMS text messages soliciting contributions for the survivors. These messages will redirect you to fraudulent web sites where you will be separated from your cash. There could be malware downloads that will infect your computer, tablet, or smartphone, allowing the attackers to remotely access your computer and hijack it for other exploits, such as account takeover, ransomware, or bit-coin mining. CISA even is warning about door-to-door in-person solicitations.
Keeping yourself safe from these predators requires the usual vigilance and suspicion. CISA recommends:
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.
- Review CISA’s Tip on Staying Safe on Social Networking Sites.
- Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.
- Review the information from the Federal Trade Commission on Before Giving to a Charity.
Hopefully you can keep yourself from falling victim to these perennial scam artists.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com