Phishing that Targets Online Gamers
September 26th, Tip of the Week | Phishing threats aren’t limited to scammers targeting your email inbox. Those who play online games also need to be aware of increased threats. According to research from Kaspersky, when downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device. It was found that from July 1, 2021 through June 30, 2022, the TOP 5 game titles that cybercriminals used as a lure to distribute secret-stealing software included Valorant, Roblox, FIFA, Minecraft, and Far Cry. When downloading “add ons” for your games, be sure to only use known app stores and avoid those tempting free offers.
Phishing Attacks Using QR Codes are on the Rise
September 19th, Tip of the Week | W&L and other universities across the nation are being targeted with phishing scams that encourage users to scan fraudulent QR codes. The threat actors are using QR codes embedded in images to bypass email security tools that scan a message for known malicious links. This has opened up a new attack vector, allowing these phishing messages to reach your inbox. The messages are being sent with a sense of urgency such as: Microsoft Final Warning: Security Authentication for {university name}
Most QR code scanners on modern smartphones will ask you to verify the destination URL before launching the browser as a protective step. You should always check the URL before proceeding. More importantly, never scan a QR code from an unsolicited email. When in doubt, you can always contact the ITS Helpdesk at X4357 or help@wlu.edu for assistance.
Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails
September 13th, Tip of the Week | According to KnowBe4, the security awareness platform used at W&L, phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.
To stay ahead of the game, some cybersecurity companies are using proprietary large language models to generate phishing emails for security awareness training. Simulated phishing tests at W&L will likely have to adapt to this new reality as well.
Make Sure to Update Your Apple Products Today
September 8th, Tip of the Week | It’s important that all Mac, iPhone, iPad and iWatch users update their systems to protect against a particularly dangerous and recently discovered exploit.
According to MacRumors, the macOS 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 updates that Apple released today includes fixes for security vulnerabilities that Apple says may have been actively exploited in the wild. According to Apple’s security support page, in iOS, iPadOS, and macOS, processing a maliciously crafted image could lead to arbitrary code execution, allowing a hacker to gain access to the operating system with a simple picture. The zero-click vulnerability allowed attackers to send a maliciously crafted PassKit (Wallet) image to a target via iMessage, infecting their device “without any interaction from the victim.”
Social Engineering is the Primary Method Hackers Use to Gain Access to Sensitive Information and Systems
August 28th, Tip of the Week |Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Because social engineering can happen from almost any angle, everyone needs to have a healthy level of skepticism, especially with new messages.
KnowBe4 suggests the following routine for all messages, regardless of how they arrive.
- Is the request something new from sender to receiver?
- Could the request, if malicious, harm receiver’s interests? If yes, research the request more before acting.
