Friday Phish Fry

Phishing Email Alerts

Examples of clever phish that made it past my spam filters and into my Inbox, from clients, or from reliable sources on the Internet.


For all you Browncoats, today is International Watch Firefly Day


Don’t fall  for these COVID-19 phish

You can read more about these sorts of scams at the following link.  https://wjla.com/news/nation-world/do-not-click-the-link-police-warn-of-scam-covid-19-text-messages.


Fake Security Certificate Updates: A New Twist to an Old Trick

Not a phishing exploit, but a browser exploit that anyone could stumble across.  Hackers are now using fake security certificate updates to trick people to installing malware on their devices. Learn how the ruse works and how to avoid […]

The post Fake Security Certificate Updates: A New Twist to an Old Trick appeared first on CHIPS.


At last – a use for all those phishing emails you’ve been getting!

Here’s something officially useful you can do with all those phishing scams – and the cost to you is approximately zero!


IC3 Releases Alert on Extortion Email Scams

Original release date: April 21, 2020

The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages everyone to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.


New sextortion scam: “High level of risk. Your account has been hacked.”

The latest sextortion emails try to fool you with technical terms they hope you won’t understand.  Read more…

Subject: High level of risk. Your account has been hacked. Change your password.

Partial contents: _Hello! Í am a hacker who has access to yoür operatíng system. Í also have full access to yoür accoüňt. Í’ve been watchíng yoü for a few months now. The fact ís that yoü were ínfected wíth malware throügh an adült síte that yoü vísíted.


Here’s an example of a Sextortion Phishing Email

This was sent to a client.  The client’s name, email address, and password were changed to protect the innocent.  If you receive an email like this one it is fake.  The password is purchased online from an old breach, so it is proof of nothing.  Just delete.


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.