New Phishing Emails Target Citibank Account Holders

Are you a Citibank customer?  If so, be aware that a group of scammers is specifically targeting Citibank account holders.

The campaign is incredibly convincing, and the emails look just like official communications from the company.  All logos have been copied and are positioned correctly.  The sender address appears genuine at first glance and the body of the email message is free of typos which is a common "tell" among poorly orchestrated phishing campaigns.

The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient's Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.

The solution according to the email is simple.  Take swift action now to protect your account.  Click the link below to verify your account information and avoid a permanent suspension.

Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.

Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn't. Any user who "verifies their credentials" by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.

This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL.  Never trust embedded links!

Call SpartanTec, Inc. if you need help in protecting your organization against phishing and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

E-Mail From Department Of Labor Could Be Phishing Attack

There is a new phishing campaign to keep a watchful eye on according to email security firm INKY. It's a particularly fiendish one.

The attackers have designed an email template that does an admirable job of imitating the look and feel of emails sent from the US Department of Labor.

These are being sent out to recipients asking them to submit bids for an ongoing DOL project with the specifics of the project varying from one email to the next.

The emails are professionally and meticulously arranged. Thanks to some clever spoofing they appear to come from an actual Department of Labor server. Naturally they do not come from the DOL, and there are no ongoing projects that require the Department of Labor to blindly spam out emails seeking bids.

Nonetheless, an unwary recipient could easily be taken in by the scam and click the "Bid" button embedded in the email.  That button is of course masking a malicious link which will take the email recipient to one of the phishing sites controlled by the scammers.

Like the emails themselves, these spoofed sites look completely legitimate. A comparison of the HTML and CSS on the scam sites with the actual Department of Labor reveals that they have identical code behind them which is clear evidence that the scammers scraped those sites and used the code to create their own copies.

What's different is the fact that the scam site includes a pop-up message that is there seemingly to guide the email recipient through the bidding process.  What it's really doing is moving the potential victim closer to giving up his or her Office 365 credentials.

Of interest is that after a victim enters his/her credentials they'll be prompted to enter them a second time.  This is to minimize the risk of the scammers harvesting mis-typed credentials.  They seem to have thought of everything!

There's no good defense against this except for vigilance and mindfulness so please make sure your employees, friends, and neighbors are aware of the ongoing campaign.

Call SpartanTec, Inc. now if you want to protect your information against online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Top 10 Brands That Phishing Attackers Use To Scam Users

Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web.

Have you ever wondered which agencies, companies or brands are the most imitated by these attackers?

Whether you have or not it should come as no surprise that someone is tracking that.  Security firm Checkpoint is tracking it to be precise.

Quite often Microsoft tops the list but this year they've been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping.

Here is the list of the top ten for this year from their report:

1. DHL (impersonated in 23 percent of all phishing attacks, globally)
2. Microsoft (20 percent)
3. WhatsApp (11 percent)
4. Google (10 percent)
5. LinkedIn (8 percent)
6. Amazon (4 percent)
7. FedEx (3 percent)
8. Roblox (3 percent)
9. Paypal (2 percent)
10. Apple (2 percent)

The specific lure used in each of these cases varies wildly.  For instance, when a scammer spoofs a shipping company the email is typically some variation of "we're trying to deliver a package to you but are having problems, press this button for more information."

While PayPal scams typically go the route of "Your account has been temporarily suspended.  Please click here to verify your information."

Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of "click here to claim your free Chromebook."

Now that you are armed with a list of the most often imitated brands you at least have a list of things to be on the lookout for.  The best defense is vigilance just like always.  If it sounds too good to be true it probably is and don't ever click on embedded links even if you think you know and trust the sender.

Call SpartanTec, Inc. now if you need help in protecting your business against cyberattacks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New TodayZoo Phishing Campaign Is Going After Passwords

Microsoft recently reported on the existence of an unusual phishing campaign designed primarily to harvest the passwords of unsuspecting victims.

One of the things that makes the campaign so unusual is the fact that it appears to be built by using bits of code copied and pasted from the work of other hackers. Call it a "FrankenPhishing Campaign" if you will.

Microsoft borrowed from the story of The Island of Doctor Moreau and has dubbed this campaign "TodayZoo". While it may be crude and cobbled together from the work of other it has been both large and successful enough to gain attention.

The campaign does a surprisingly admirable job of impersonating Microsoft's own brand. The campaign makes use of a technique called "zero point obfuscation" which makes use of HTML text written in a font size of zero designed to evade human detection.

This tool is a simple and almost crude plan and yet it has proved to be surprisingly successful. Users get an email that appears to be from Microsoft. The body of the email indicates that the user's Microsoft 365 account has been compromised and the user's password must be reset.

The email contains a link but of course, the link only points to a dummy version of the password reset page. The moment the user enters his or her login credentials all they're doing is handing them over to the people who orchestrated the phishing campaign or the cybersecurity threat.

Note that most phishing campaigns that work this way collect the login credentials on one site then forward them onto some other. In this case, the people behind the campaign are simply storing the credentials on the site that collects them.

All of this points to a group of enthusiastic amateurs. It's an audacious campaign and they will undoubtedly learn from it and improve. Odds are excellent that this is not the last we've heard from this group.

Call SpartanTec, Inc. now if you need the help of professional experts in keeping your information safe from hackers, phishing campaigns, and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New TodayZoo Phishing Campaign Is Going After Passwords

Microsoft recently reported on the existence of an unusual phishing campaign designed primarily to harvest the passwords of unsuspecting victims.

One of the things that makes the campaign so unusual is the fact that it appears to be built by using bits of code copied and pasted from the work of other hackers. Call it a "FrankenPhishing Campaign" if you will.

Microsoft borrowed from the story of The Island of Doctor Moreau and has dubbed this campaign "TodayZoo". While it may be crude and cobbled together from the work of other it has been both large and successful enough to gain attention.

The campaign does a surprisingly admirable job of impersonating Microsoft's own brand. The campaign makes use of a technique called "zero point obfuscation" which makes use of HTML text written in a font size of zero designed to evade human detection.

This tool is a simple and almost crude plan and yet it has proved to be surprisingly successful. Users get an email that appears to be from Microsoft. The body of the email indicates that the user's Microsoft 365 account has been compromised and the user's password must be reset.

The email contains a link but of course, the link only points to a dummy version of the password reset page. The moment the user enters his or her login credentials all they're doing is handing them over to the people who orchestrated the phishing campaign or the cybersecurity threat.

Note that most phishing campaigns that work this way collect the login credentials on one site then forward them onto some other. In this case, the people behind the campaign are simply storing the credentials on the site that collects them.

All of this points to a group of enthusiastic amateurs. It's an audacious campaign and they will undoubtedly learn from it and improve. Odds are excellent that this is not the last we've heard from this group.

Call SpartanTec, Inc. now if you need the help of professional experts in keeping your information safe from hackers, phishing campaigns, and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Report Finds One Third Of Suspicious Emails Are Threats

Employee cybersecurity training is paying off according to a report recently released by IT security company F-Secure.

 

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one third of those emails could be classified as phishing.

 

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases they even gain access to a system that the hackers are targeting. For example hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

 

If the recipient enables macros to view the document, it will install malware onto the recipient's computer. That will allow the hackers to spy on the user and attack other machines on the network. It's one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

 

Even with a relatively low success rate there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

 

F-Secure's Director of Consulting had this to say about the recently published study:

 

"You often hear that people are security's weak link. That's very cynical and doesn't consider the benefits of using a company's workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results."

 

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.

 

Call SpartanTec, Inc. now if you need help in protecting your accounts and network from phishing and other types of online attacks.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

 

New Phishing Emails Use Convincing Security Credentials

Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year (2020).

When targeted by this attack, a user will get an email containing a braded document containing the name of a legitimate cybersecurity provider.

The name of a known cybersecurity provider alone generates a certain amount of trust in the reader. In addition, the email contains a password protected document, which naturally is the kind of security that a company in the security business would utilize.

Most of the emails contain subject lines that indicate the recipient is entitled to a refund or a free security product upgrade. That builds on the trust already established and gives the user an enticement for opening the enclosed file that has been password protected "with their security in mind."

Naturally, nothing could be further from the truth. If the user unlocks the protected file, he or she unwittingly enables the macros embedded in the file, which will then activate and install NetSupport Manager. The manager is surprisingly a completely legitimate remote access control program, but used here for nefarious purposes.

As long as it's running quietly in the background, it gives the people who sent the email a secret inroad into the machine and the network it is connected to.

Not only is the use of a known cybersecurity firm name a sneaky bit of social engineering, but the use of a perfectly legitimate remote connection tool is as well. That is because no antivirus software on the planet would flag the tool, which gives the hackers using it in this way a completely untraceable means of gaining access to a wide range of networks.

Be on your guard against this threat. It's insidious, and the folks behind it could do a lot of harm to your company. Call SpartanTec, Inc. now and let our team of IT experts help you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/