6 Holiday Cyber Scams to Be Aware of
With holidays rapidly approaching, the malicious actors have upped the number of attacks. It is a busy time of year for all businesses. Also, with employees going on vacation and taking time off, it is a great time for hackers to try to get into a system. This is just a summary of the most common approaches found over the past few weeks.
A number of apps (mainly in Android) have been infected with malware. While there is a list, it changes constantly. Generally speaking, if you are looking for a particular app for your phone, be it a game or tool, try to avoid anything with few reviews. The more common companies have safe apps in the stores and they generally have lots of reviews. Look for those and be wary of any apps with few reviews or a very recent upload to the store.
There is new malware out in the wild that infects documents like Excel sheets, Word docs, PDF files, etc. This has always been something out there, but recently there has been a large uptick in these types of attacks. The malware is newer and better at avoiding detection. The biggest tip for these is two-fold. First, the document is unexpected. If you feel it’s genuine, contact the sender outside of email and verify it. The second, common trait is when you open the Office document, you are asked to enable macros. Not all macros are malicious, but a random, unexpected document asking for macro permission is suspect.
Zelle/Venmo/CashApp/GooglePay, etc. Scams.
Zelle has been picked on a bit, but all of the payment apps customers have been experiencing attacks. The most common is for someone to contact you, pretending to be a rep of that company. They will ask that you “verify your identity” by reading back the SMS code you will receive in a moment. What they are actually doing is attacking your account. They are attempting to change your password. Once you read back that “verification code”, they will reset your account password and drain the account of funds. If you are ever contacted regarding fraud, hang up and call the company yourself directly.
This is a bit technical, but essentially a LOT of devices use Log4J. Log4J is a framework for logging within systems. It’s insanely popular and used by a vast number of devices, applications, etc. The problem is there are flaws recently discovered that allow attackers to assume control of systems that use unpatched Log4J. *Most* manufacturers are identifying vulnerable systems and rolling out patches. If any of you manage your own equipment, please consider updating things like your router, your switches, your NAS etc and run a round of Windows Updates.
The Support fraud.
Again, this is an old attack vector, but it’s still common because it still works. The idea is you will get a popup suddenly, stating that you’ve been infected and/or have a “critical windows problem”. This popup will show a number to call to have this problem addressed. Commonly they will charge you a few hundred dollars and do two things. They will remove the malware that they planted, that showed you the popup, then install another piece of malware that will allow them to remotely access your system at a later date.
These are fairly simple to detect. They are usually a call out of the blue from “Visa company” or similar, stating that there is fraud on your account. There’s also been a bit uptick in Discover card scams like this, so be wary if you get a call from “Discover”. Best advice is again to hang up the call, and dial the number on the back of the CC or from their website and ask if there has been fraud on your account. If there is legit fraudulent activity, your account will have been noted and they will see the note. If not, then you know you just dodged a scam.
A lot of these threats can be detected by Anti-Virus applications, as long as they are up to date. If you haven’t checked, please consider checking your Antivirus for pending updates. A lot of this malware is new, so old detection definitions will not see it. Windows Updates are another large part of protecting your PCs, so if you haven’t run them lately, please do.
If you have questions about any of this or feel that you’ve already been attacked, please contact BrightCyber immediately and we will work together to secure your devices.