IT Regulatory Compliance Security

Timely Topics:

Hurricane-Related Scams

CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

From “Cybersecurity & Infrastructure Security Agency” (9/30/2022)

Cookie Theft Threat: When Multi-factor Authentication Is Not Enough

Cookies associated with authentication to web services can be used by attackers in ‘pass the cookie’ attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to web services without a login challenge.

From “Tech Republic” Cedric Pernet (8/22/2022)

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.

From “Krebs on Security” Brian Krebs (8/18/2022)

---