CNR Eco System

11/01/2022

Fake Text from Amazon:
https://www.wgal.com/article/scam-text-message-claims-to-be-from-amazon/41757450 #

The text claims there's a problem with your account and provides a link to recover it.

01/26/2022

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.
Since nearly the start of the coronavirus outbreak, cybercriminals have been exploiting every facet of the pandemic by preying on our anxiety and fear as a way to make a buck. As COVID-19 testing and test kits are now being required by more public venues and organizations, attackers have seized on this need to try to scam people. A recent blog post from security firm Barracuda Networks looks at the rise in phishing campaigns that exploit the concerns over such testing.
During just the past few months, demand has risen for COVID-19 test kits. Along with that demand has come both a scarcity of test kits as well as confusion over where and how to obtain the kits. And those factors have triggered an increase in test-related scams. Between October and January, the number of COVID test-related phishing attacks surged by 521%, according to Barracuda. After peaking in January, the daily average fell but has recently started to rise again.
In their phishing campaigns, cybercriminals try a few different tactics to grab the attention of potential victims.
In some cases, attackers hawk COVID-19 tests and medical supplies such as masks and gloves. Many of these are for counterfeit or unauthorized products. In other cases, scammers send a phony notification of an unpaid order for COVID-19 tests. Included in these emails is a PayPal account where the attackers hope to grab money from fearful or desperate victims. And in additional cases, criminals pretend to be from laboratories or testing facilities promising to share COVID-19 test results.
In one phishing email caught by Barracuda, the scammer promotes COVID-19 rapid test kits with competitive prices and fast delivery dates. The attacker aims to add legitimacy to the hoax by claiming that the products are CE certified (meeting European Union requirements for health, safety and environment) and have already been shipped to the European market.
In another phishing email, the criminals are selling not only COVID-19 test kits and analyzers but thermometers, pulse oximeters, freezers for vaccine storage and syringes for vaccine injection.
And in one more phishing email, the attackers impersonate a company's HR department with an attached PDF file claiming to be a COVID-19 vaccination self-compliance report. Also spoofing Microsoft and Office 365 in the email, the scammers are looking to steal account credentials from unsuspecting employees.
To protect yourself and your organization from phishing attacks that exploit COVID-19 tests and related topics, Barracuda offers the following tips for IT and security professionals:
1. Be dubious of any emails about COVID-19 tests. Instruct your users to watch out for emails that aim to sell COVID-19 test kits, offer details on testing sites with immediate availability, or share test results. Warn them to never click on links or file attachments in such emails, especially ones they didn't expect.
2. Turn to artificial intelligence. As sophisticated attackers can sneak past email gateways and spam filters, you need security products that will protect your organization against spear-phishing attacks. The right technology doesn't just scan for malicious links or attachments but uses AI and machine learning to look for anomalies within your normal communication patterns.
3. Rely on account takeover protection. Many threats come not just from external email messages but from internal ones via compromised employee accounts. As such, you need to make sure that scammers aren't using your organization to launch attacks against itself. For that, rely on security products that use AI to determine when accounts have been compromised, alert users in real-time of such incidents and remove malicious emails from those accounts.
4. Establish strong internal policies to stop fraud. Create and review internal policies to make sure that all personal and financial data is handled correctly. Set up guidelines and procedures to confirm all email requests for wire transfers and payment changes. Require in-person or telephone confirmation and approval from several people for any financial transaction.
5. Train employees to recognize and report cyberattacks. Provide employees with awareness training about the latest COVID-19-related phishing scams and other possible threats. Make sure that users can spot these attacks and immediately report them to your IT staff or help desk. Try using phishing simulations for email, voicemail and text messages so that employees can better identify a cyberattack.
Reference: https://www.techrepublic.com/.../cybercriminals.../...

Providing IT professionals with a unique blend of original content, peer-to-peer advice from the largest community of IT leaders on the Web.

08/24/2021

More Bogus Email, just delete. Trying to get your PayPal Info!

06/15/2021

Another One trying to get your Information:
Do not call the number or click any links:

12/08/2020

Zoom-themed phishing attacks have spiked since the start of the pandemic. We are seeing both Zoom and Teams-themed criminal campaigns. Attackers adapted quickly earlier this year when a large portion of workers began operating remotely, and the phishers still are improving their lures to exploit your organizations’ dependence on video-conferencing platforms.

Scammers registered more than 2,449 Zoom-related domains from late April to early May this year alone. Con artists use these domain names, which include the word 'Zoom,' or 'Teams' to send phishing attacks that look like they are coming from the official video conferencing services.

This finding isn’t surprising, since attackers always update their phishing lures to take advantage of ongoing trends and events. The BBB says users can defend themselves against new variations of phishing lures and suggest a few security best practices.

I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"There are new Zoom (and Microsoft Teams) phishing attacks you need to watch out for. The Better Business Bureau has three great tips.

"Out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule,’"

"You might even receive a message welcoming you to the platform and requesting you click on a link to activate your account". the BBB warned:
• “Double check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam.
• “Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain.
• “Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.”
Remember: Think Before You Click." It is more important than ever these days."