Cybersecurity Blog

Must Read – MRU impersonators are back – 11/16/18

 

They’re baaack!

 

A few weeks back I warned the Mount Royal Community that emails were making the rounds that appeared to be from Mount Royal Employees.  Typically the impersonated employees  were supervisors of some sort and the emails were sent to their reports. The criminals were taking advantage or our natural tendency pay attention and take action when we are contacted by our supervisor.

Unfortunately the scam is back.  Thankfully abuse@mtroyal.ca has been flooded with reports and no one has yet taken the bait. However just to be on the safe side, I thought I would give everyone a friendly reminder to check the sender’s email address before responding to an email.

 

Scammers sending emails that look like they came from your account – 10/24/18

 

 

There is a new twist on the you have been naughty scam.  Criminals are sending emails that once again claim that they have evidence that you have been visiting porn sites and if you don’t pay them, they will make that information public.

The newest form of the scam claims that they have installed a RAT (remote access Trojan) on your computer that allows them to send the evidence from your device. To drive home the point, the email looks like it has come from your email account.

The good news is, it is all a big bluff.  They don’t have access to your email, they are only spoofing the email address. Your account is secure.  Your reputation is intact and you can peacefully delete the email.

 

Scammers using voicemail to steal WhatsApp accounts – 10/17/18

 

 

Armed with nothing more than your phone number, criminals can steal your WhatsApp account.  How? By registering your phone number on their phone. Here is how it works.

First the attacker makes a request to have your phone number registered to the WhatsApp application on their phone. When WhatsApp receives the request, they text a verification code to your phone.  The scammers make their request in the middle of the night or when you are on a flight so you don’t see the verification code. With the text not answered, WhatsApp offers to read out the code and leave it in a voicemail.

If your cell phone carrier has a default password set up for voicemail and you have not changed it, the criminal simply enters the default password and boom…they can hear the verification code. Once they enter that code, the account gets transferred over to their phone. The attacker then sets up two step verification on the account and you have no way of getting it back.

The moral of the story, set strong and unique password for your voicemail.  While you are at it, do that with all your accounts.

 

Fake sites use HTTPS too – 10/04/18

 

 

As the holiday season approaches, people around the world are getting ready to cruise the internet looking for great gifts at bargain prices.  As you do your online holiday shopping, keep in mind that sites labeled HTTPS guarantee your data is encrypted as it is transmitted between your computer and the web.  It does not guarantee that the site is legitimate.

Criminals have gotten wise. They are now registering their fake web sites so they are tagged as HTTPS.  So now instead of having to worry about your credit card information being intercepted as you purchase the iPhone XS Max for the unbelievable price of $300.00 USD, you can be confident that only the scammer is receiving your data.

So how do you know that a site is legitimate? Stick with retailers that you have used in the past and access their web sites using a bookmark or search result.  If you receive an email with an offer, don’t use the link in the email.  Visit the website directly.

If you are using a new retailer:

  • Check reviews first.  Avoid retailers with large numbers of complaints that haven’t been resolved.
  • Always pay with a credit card or PayPal so you have a method of recourse should things go wrong.
  • Remember to read all the terms & conditions of sale.  Know if they have a return or exchange policy.

Lastly, remember…if it is too good to be true, it probably is a scam.

 

Hurricane Florence Relief Scams – 09/27/18

 

 

It is a sad reality, but when there is a disaster it doesn’t take long for criminals to find a way to profit.  Hurricane Florence is no exception.  There are numerous websites for hurricane Florence relief that have popped up in the last week.  All have very professional looking graphics and legitimate sounding names.  All of them allow you to donate directly from their web site. However, many of them are simply collecting money and putting it into their own pockets.

In addition to the “charity” websites, the bad guys are sending out phishing emails tugging at your heart strings and asking you to donate to hurricane Florence relief.  Just as you would with any other unsolicited email, don’t click on links or open attachments in these emails.  If you wish to donate, visit a charity’s website directly.

Not sure where to donate? Make sure you do your homework first. Charity Navigator is a terrific organization which investigates and rates charities.  They have hundreds of charities listed on their website.  You can see if the charity is legitimate and how much of their raised funds are given away and how much are used for administrative costs. With a little research you can make sure your good deed doesn’t turn into it’s own disaster.  Happy donating!!

 

Must Read – Scammers pretending to be Mount Royal employees – 09/27/18

 

It has been a busy week. There are two phishing emails going around campus at the moment.  The first one starts out rather innocently.

 

 

However if you respond to it, like half a dozen people did,  you receive a second one.

 

 

You are probably wondering why anyone would respond to the first email.  First of all the email was from a department head, so that tends to get people’s attention and generate an emotional response.  Also, almost all who responded were looking at the email message on their phone.  They were unable to clearly see the sender’s email address or the grammar errors.  This is just another reminder as to why it is so important to wait until you get to a large screen to take action on an email. It is also a reminder to not respond to our emotions. If you read an email and are responding emotionally to it, that is your cue to pause for a minute and take a closer look.

Impersonator number two  is a bit more sneaky.  Check out this bad boy.

 

 

I just love how they added the signature line to this one.  They must have received an email from Mount Royal at some point.  This is the stuff that keeps me up at night.  The grammar is perfect.  The content is plausible and looks legitimate.  The fuzzy logo is a bit of a tell, but other than that it’s not an easy one to spot.

That was the bad news.  Now for the good news.  In both cases  IT services was notified of the threat by Mount Royal University employees who forwarded the email to abuse@mtroyal.ca.  Their quick thinking gave us a heads up right away so we could block both email addresses and prevent further attacks.  They are superheros!!

Keep an eye out for these types of emails in the future.  If you find one, forward it in its entirety (no screenshots please) to abuse@mtroyal.ca and you can be a superhero to!!

 

Scam pretends to lock your phone – 08/10/18

 

 

Windows users have heard about the tech support scam that informs them their computer has a virus and they need to call a 1-800 number to unlock it. Creative criminals are now using the same tactic with iphone users. They have seeded several porn sites with malware.  After your visit, a large dialog box appears on your phone informing you that your phone has been locked because you visited an illegal porn site. It all looks very official as it correctly displays the model of your phone and the URL of the porn site. It then gives you a hyperlink to a number to call to get your phone unlocked.

In reality, your phone isn’t locked at all. If you call the number you get connected to a hacker who then attempts to get information and money from you.  Although this scam leverages a visit to a porn site, a similar scam can be set up with any type of website.  It can also target any kind of phone.  It may be iphone users that are currently targeted, but it won’t take long for this scam to show up on Android phones as well.

Never call a number that shows up in an alert or notification on your phone.  Never click on security warning links either. If you do connect to a call center and start to feel uncomfortable, hang up. Apple will never lock your phone and then ask you to call a number to get it unlocked. Come to think of it, neither will Google or Android.

 

When a stranger calls, it may not be who you think – 07/19/18

 

 

Have you checked on the computer? *Tech support scams are the bread and butter of many criminals organizations.  The latest version is rather creative.  It starts with you clicking on something you shouldn’t which installs malware on your machine.

The malware waits for you to type “bank” in the browser. When it sees you going to your banking login page, it redirects you to a fake banking web page that records your credentials while you try to login.  It then slows your computer down making you think there is something wrong with it.  Then a pop up conveniently appears telling you that you have a technical problem and asks you for your name and phone number so tech support can call you.

Surprise, a real life bad guy calls and tries to manipulate you into giving them more information so they can immediately transfer money out of your account. It is a rather slick scam. You would admire them if they weren’t stealing money from you.

This is just another reminder that no legitimate tech support company will ever call you or prompt you to call them.  If you get a 1-800 number,  are offered technical assistance without asking for it or have someone call you to offer help; the stranger is there to help themselves, not you.

 

*I am hoping you get the reference. If not, this will help.

Source : https://blog.knowbe4.com/alert-there-is-a-new-hybrid-cyber-attack-on-banks-and-credit-unions-in-the-wild?utm_source=hs_email&utm_medium=email&utm_content=63936946&_hsenc=p2ANqtz–Lu3QkGYcRkjzH-KDpYeGQLy41mfHaS4MgK7rbDIoBHwAw0BrbU5HwxlZAioadMBoGis9xB0uePy8yw7mUMBwXdMNC9Q&_hsmi=63936946

 

Is that email really from your real estate broker ? – 06/19/18

 

 

A couple from the US were devastated when they called their broker to find out that the $500 000 they had wired had not arrived. In fact the broker had not even requested funds. Upon further investigation, it was discovered that the email that they had received with the fund request had come from an email address that was just one letter off from their broker’s. The money that they had wired was now sitting in a scammer’s account.

What made the email so convincing was that it included relevant details. The email not only looked like it had come from their broker, but it sounded like it to. So much so, the couple didn’t even pause to double check the email address. How did the criminals construct such a believable email?  They had done their homework. They had gained access to the couple’s email and used information from previous messages to construct the fake one.

The sophistication of this attack goes beyond just sending a fake email. Once the criminals knew the money was on its way, they jammed the couple’s internet access and diverted some phone messages so they couldn’t contact authorities and stop the wire. These are tactics that were once reserved for large organizations but are now being used on the regular consumer. You can no longer sit back and feel assured that your simple little life isn’t a target for criminals. Today, EVERYONE is a target.

To protect yourself, do no rely on being able to identify a fake email.  Scammers are getting better and better at creating emails that look perfectly legitimate. Instead, call the email sender to verify the legitimacy of any email that makes a request for money or personal information.  Even if you are expecting that email, it is better to be safe than sorry. Just remember to use a phone number that you have used before and you know is legitimate . Be safe. Pick up the phone and call.

Adidas is not giving away free shoes – 06/19/18

 

 

From the Too Good to Be True file, comes the Adidas anniversary giveaway.  Messages are  currently circulating in WhatsApp promising a free pair of Adidas shoes in celebration of their anniversary.  Initially messages referred to a 93rd anniversary, however the hacker decided to do some basic math and more recent messages correctly refer to a 69th anniversary.

You might be asking, why on earth would someone fall for this? Well once the scammers sorted out their math, they were clever enough to spoof the official Adidas site. The fake URL is exactly like the legitimate one with only the i replaced with a vertical line with no dot.  This is an easy thing to miss when one is being tempted with free footwear.

In addition the scam is quite sophisticated.  They don’t just come right out and say, give me your personal information and I will give you free shoes. Instead, they give the whole thing a legitimate feel by making the victim qualify first by answering a short survey and requiring them to share the offer with their WhatsApp contacts (just for the record, there is no way for them to determine if you have shared a message or not). Once you qualify, you are told you can claim your shoes for a dollar. Of course as payment is now required (but it’s only a dollar, so it’s nearly free), you are sent to a webpage that collects your payment card information. Having jumped through multiple hoops to claim your prize, you now feel like you have earned the free shoes and all thoughts that this are a scam are gone from your mind.

That is until you see the confirmation of payment web page that includes a line in the footer saying you will be charged $50 per month if you don’t cancel your subscription in seven days.  Of course they now have your payment card information and will charge you what they want for as long as they want until you cancel the card.  Even worse if you fail to read the footer, they will have access to your card until you notice the charges.

Anytime someone is giving something away, assume it is a scam. If you are tempted by the sparkly giveaway being dangled in front of you, visit the company’s website using a bookmark or search engine result. If they are giving something away, it will be advertised on their official site.  Remember if it is too good to be true, it probably is.