June 20, 2017 – Political Data Breach
Voter data on 198 million (yes that’s million) US Citizens was improperly stored and freely available for 12 days on the internet. There has never been a data breach this big. The information includes birthdates, home addresses, telephone numbers, political views, suspected religious affiliations, ethnicities, where they stood on topics like gun control, the right to abortion and stem cell research.
This type of data can easily be used for nefarious purposes, from identity fraud to harassment or intimidation of people who hold an opposing political view. Worst of all, if bad guys have gotten hold of this data, they can send highly personalized phishing attacks to you, looking like something totally legit.
As ALWAYS, treat any email you get at the house or the office with a healthy dose of suspicion and ask yourself if it could be a scam. Do not click on links in emails and do not open attachments you did not ask for.
June 2017 – DMV Scam
Here is a reminder to be alert for fake emails that look like they come from your local police or State Dept of Motor Vehicles (DMV) claiming you have a traffic violation. At the moment, there is a local scam in New York that falsely states you have outstanding violations you need to either pay for or refute, and if you don’t your license will be revoked. This scam may spread so be prepared. Citations are never emailed with links in them, or sent out with an email attachment. Report scams like this to your local police department asap.
May 2017 – WannaCry Tech Support
WanaCry ransomware. A popup arrives on your screen from nowhere, and you cannot get rid of it. They popup claims it is from Microsoft and that your computer is infected and that you need to call tech support. But when you call the number you get a scammer on the phone who will try to charge you 400 dollars to run a Microsoft malicious software removal tool that anyone can download for free. Remember that Microsoft’s error and warning messages on your PC will never include a phone number. Also, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.
How to protect yourself
•Don’t call numbers from pop-up messages.
•Never allow remote access to your computer.
•Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
•Never divulge passwords or pin numbers.
•Never divulge credit, debit or banking account numbers.
•Microsoft or someone on their behalf will never call you.
If you believe you have already been a victim:
•Get your computer checked for any additional programs or software that may have been installed.
•Contact your bank to stop any further payments being taken.
May 2017 – DocuSign Scam
Hackers have stolen the customer email database of DocuSign, the company whose product facilitates electronically sign documents. These criminals are now sending phishing emails that look exactly like real DocuSign emails, and use social engineering to trick you into opening an attached Word file and prompting you to activate Word’s macro feature which will then download and install malware on the user’s workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.
If you get emails that look like they come from DocuSign and have an attachment, be very careful. DocuSign is advising customers to filter or delete any emails with subject lines like: •Completed: [domain name] – “Wire transfer for recipient-name Document Ready for Signature” •Completed [domain name/email address] – “Accounting Invoice [Number] Document Ready for Signature” •Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”
If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.
April 2017 – WHATSAPP SCAM
Did you know that the Eastern European cyber mafia does their beta testing in the U.K., before they “export” their criminal campaigns to America? Here is a heads-up of a social engineering phish that was spotted in Ireland, and may be headed to US inboxes in the near future.
A dangerous email spam message is dropping into Irish mailboxes, pretending to come from WhatsApp. Its subject says “Missed voicemail” and the content of the mail just says “New voicemessage” and has a link called “Play”. Clicking on the link will begin the download of a trojan, specifically a variant of malware first detected in August 2016 that will cause ransomware and other malware infections. (See screenshot below)
What should you do if you see this in your email? Do not open it. If you do, then do not click on the “Play” button. If you just couldn’t stop yourself from clicking, then your computer will get infected with malware which can cause your identity to get stolen, or all your files held for ransom.
It’s Tax Season!! Beware of ID theft! Bad guys are getting away with millions of dollars in bogus tax refunds. There are new safety measures in place with the IRS but there is no guarantee. The earlier you file, the less likely someone can file a fraudulent tax return in your name. Check out the IRS.gov website for more information on tax scams and consumer alerts.
People are downloading a new app, looking to get free access to Netflix accounts. What they’re actually getting is a malware strain called Netix that encrypts users’ data and demands $100 in bitcoins to unlock their files. Netflix has a 93 million-strong subscriber base in more than 190 countries, so it’s unsurprising that cybercriminals want a piece of the pie.
The program, called “Netflix Login Generator” is downloaded by users looking to gain access to Netflix without paying. The app allegedly has leaked Netflix accounts, which users can use to access the streaming service for free. In reality, all it does is provide fake account credentials that don’t work.
Once installed, the app shows you what looks like a login-password pair generator, but that’s just a distraction; it’s actually busy encrypting your data. Once it’s finished with that, up pops a ransom note. So remember than when something sounds very enticing and perhaps too good to be true, it usually is.
Do not let social engineering tricks manipulate you into downloading and executing applications that you really should not trust (And quit trying to get something for nothing – you will pay way more in the end!)
Remember, Think Before You Click!
Do you what Phishing is? It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details often for malicious reasons by disguising as a trustworthy entity via email.
That being said, there is a phishing attack going on we wanted to make you aware of. If you receive an email with the subject: “Assessment document” and/or the body of the email has a PDF attachment in it that claims that it is locked (the message may read: PDF Secure File UNLOCK to Access File Content). DO NOT enter your information and delete the email. It is fraudulent. There is also another email like this circulating claiming it is from VetMeds.
Please note the activity mentioned above is not an attempt to gain access to your bank information. We are posting this as a general public service announcement