Vishing Attacks up 625% in One Year
August 29th, Tip of the Week | According to security and awareness training firm, KnowBe4, vishing attacks have increased at a rate of 625% during Q2 2022, when compared to the 1st quarter of 2021. Vishing is the use of phone calls (both inbound and outbound) and/or voice messages to induce a response or interaction from victims. The initial message appears to be coming from a legitimate or familiar source. Often, targets are asked to call a fraudulent phone number to confirm shipping, delivery, or a purchase. The attacker will attempt to gather personal information from a victim that can be used in later ransomware attacks against a larger entity like colleges and universities. The first line of defense in this type of attack is the individual user. When presented with a message asking for your response, it’s best to slow down, analyze, and verify before responding.
Don’t Plug in that “Free” Micrsoft Office USB
August 22nd, Tip of the Week | If you happen to receive what appears to be a retail copy of Microsoft Office in the mail, and you didn’t order it, you should be careful not to plug it into your computer. PC World recently reported on this type of social engineering scam. When unsuspecting users plug in the USB drive, it immediately tells them they have a virus with instructions to call Microsoft. The fake number leads you to someone with instructions to download a remote access tool, seemingly fixing the problem, but also providing the hacker with total access to all financial login data stored on your device as well as other important information.
CEO Fraud
August 15th, Tip of the Week | CEO Fraud / BEC (Business Email Compromise) is a type of targeted email attack. It commonly involves a cyber criminal pretending to be your boss or a senior leader and then tricking you into sending the criminal sensitive information, buying gift cards or initiating a wire transfer. Be highly suspicious of any email demanding immediate action and/or asking you to bypass previously established security procedures.
Fake Invoices or Subscriptions
August 3rd, Tip of the Week | Be cautious and attentive to emails or text messages that claim to be receipts or subscription information from companies you may be familiar with. Ransomware criminals send phishing emails hoping to get you to interact with fake invoicing receipts, leading you down a path attempting to extract additional information from you and/or download remote software to gain access to authenticated systems containing your private or business information. If you’re even slightly unsure, you can call the company in question directly to ask about the suspicious messaging.
