Account Holder Updates:
Attackers are targeting state, local, tribal and territorial (SLTT) government entities, masquerading as vendors and suppliers. They use phishing attacks to hijack email accounts at these companies and send urgent fake invoices to their government clients.
From “Info Security Magazine” Phil Muncaster (3/22/2021)
Unfortunately, some people may take advantage of COVID-19 by using fraudulent websites, phone calls, emails, and text messages. While claiming to offer “help,” they may be trying to trick people into providing Social Security numbers, bank account numbers, and other personal information. Do not divulge your bank or credit card numbers or any other personal information over the phone unless you initiated the conversation with the other party and you know that it is a reputable organization.
From “FDIC Consumer News” (3/19/2021)
Let’s say you get an email about a charge to your credit card for something you aren’t expecting or don’t want. Your first instinct may be to immediately call the company or respond to the email and to stop the payment. Scammers know that, and are taking advantage of it in a new phishing scheme. People tell us they’re getting emails that look like they’re from Norton, a company that sells antivirus and anti-malware software. (Tip: the emails are NOT from Norton.) The emails say you’ve been (or are about to be) charged for a Norton product — maybe an auto renewal or new order. If this is a mistake, the email says, you should call immediately. (Tip: don’t.)
From “Federal Trade Commission” Emily Wu (3/17/2021)
Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft.
From “SANS” Lenny Zeltser (3/10/2021)
According to financial institutions and federal agencies, since COVID-19 began, fraud attempts have as much as tripled, with a wide variety of new scams emerging that prey on those who have been financially been hit hard by the pandemic and subsequent closures and shutdowns, people who have become isolated, as well as good Samaritans who want to be helpful to those in crisis. Indeed, the pandemic has provided a greenfield opportunity for cyber criminals, who are playing to bank customers’ concerns about job loss, financial health and community safety.
From “ABA Banking Journal” Karen Epper Hoffman (3/04/2021)
In the latest campaign, if the recipients of a phishing message open what’s portrayed as a tax-themed Word document, it displays a blurred background as well as “enable editing” and “enable content” prompts, Cybereason says.
From “Bank Info Security” Prajeet Nair (3/16/2021)
The double-extortion tactic also gained more traction in 2020. In this type of attack, the criminals threaten to leak the encrypted data publicly unless the ransom is paid. As such, even victimized organizations that have backups of the stolen data may be more willing to pay the ransom to avoid exposure. At least 16 different ransomware variants are now using the double-extortion plot, according to Unit 42.
From “Tech Republic” Lance Whitney (3/17/2021)
As for best practices when using video conferencing tools, first and foremost if you don’t feel secure, don’t share any information that may put you at risk – whether that’s intellectual property, PII, or heck, even pictures of your kids, if you wouldn’t walk around in public showing that type of information, it’s not safe to broadcast over video either. On top of that, it’s the little things that can make a big difference. Always password protect your meetings, never use a personal event link for a public facing meeting, and ensure your service provider encrypts all audio and video transmission – just following these simple tips can help mitigate some of the many attack tools that hackers have at their disposal.
From “Security Magazine” Maria Henriquez (3/15/2021)
Tax season can be a stressful time for many Americans, and scammers are waiting for you to slip up so they can steal your personal information, money and identity. NCSA and the Internal Revenue Service (IRS) want to help you stay safe online while filing your taxes with these best practices, tips, and resources.
From “National Cybersecurity Alliance” (3/09/2021)