Next week, WyzGuys Cybersecurity Blog is having its own Scam Week, and will be focusing on scams we see happening to our clients all the time. A couple are listed below.
There’s an attachment that you are “strongly recommended to read” on account of coronavirus infections in your area. Don’t open it!
Original release date: March 6, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
Original release date: March 4, 2020
In association with the Federal Trade Commission’s National Consumer Protection Week, the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. These scammers aim to gain potential victims’ trust and steal their money and personally identifiable information.
The Cybersecurity and Infrastructure Security Agency (CISA) reminds consumers:
- Government agencies will never call or text you unsolicited and demand immediate payment to avoid arrest or other legal action;
- Government agencies will never ask you to pay fines or fees with retail gift cards, prepaid debit cards, wire transfers, internet currency, or by mailing cash; and
- If you receive these calls or texts, hang up or ignore them, and talk to friends and family to make sure they do the same.
CISA encourages all Americans to visit the SSA’s Slam the Scam webpage, review CISA’s Tip on Avoiding Social Engineering and Phishing Attacks, and participate in the online events scheduled throughout the day.
These apps plunk ads in front of us when we’re trying to do something else, often leading to inadvertent ad clicks and much cursing.
HTTPS web encryption – blessing or curse? A new SophosLabs report looks at how much the crooks love TLS.
We reported this last weekend about the BEC email account hijacking aspects of this case. This report is about the cyber-insurance company who refuses to pay the bank’s claim. The bank failed to follow their own procedures for wire transfers, omitting the important step of calling the customer to confirm. The court sided with the insurance firm, and the bank has to absorb the $2 million loss on their own. If you have cyber-insurance, make sure you read both the coverages, and the exclusions. In an unrelated case, an insurance company refused a claim from big pharma company Merck because the NotPetya attack has been revealed to be a cyberwar attack by the Russian GRU. The policy excludes payment for loss due to an act of war.
ICISI bridges the [cyber] security gaps critical infrastructure is facing. Our primary mission is to act as a “bridge-builder” to inspire and revolutionize imaginative solutions that protect the world’s most critical assets from cyber threats.
The International Critical Infrastructure Security Institute (ICISI) is a 501(c)(6) research and workforce development organization that specializes in cybersecurity and the protection of critical infrastructure from cyber-based threats. By providing access to state of the art labs, ICISI grants access to technologies and training that would otherwise be only accessible by the larger laboratories. “ICISI Democratizes Cyber-Physical”™ for all levels of expertise. We provide the environment, training, and staff to push boundaries and innovate new security technologies.
The US Court of Appeals ruled that he couldn’t continue to be held for refusing to give up his passcodes.
The FBI’s Internet Crime Report shows that business email comprise is the biggest money-maker for cybercriminals. See FBI’s 2019 Internet Crime Report
from the encrypt-ALL-the-things! dept
Historically, like much of the internet, DNS hasn’t been all that secure. That’s why Mozilla last year announced it would begin testing something called “DNS over HTTPS,” a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in… (full story)