Category Archives: Phishing

Scammers Mimic Apple in Latest Round of Phishing Campaigns

Via: Malwarebtes Labs

We’ve seen a number of Apple-related phishes in circulation over the last few days. While most of them already lead to deactivated phishing sites, we thought it was worth highlighting some of the tricks being used to bait people into handing over payment details at the moment.

Fake receipt emails
First up, a number of fake “receipt” emails ranging in date from February 2–6. While the content of some of the emails varies slightly, most of them use a subject line similar to the below:

[ New Statement ] Your receipt from Apple [ 02 February 2018 ]

In the cases we’ve seen, the mails claim to be receipts for a payment of $9.99 made out to, er, Mr. Edward Snowden. Apparently, privacy campaigns and 2 terabyte storage plans go together nicely.

 


The good news for potential clickers is, the site the scammers are trying to bounce through is already wise to the scam and has effectively killed the one-way street to the phish page. The phish link itself is also offline, so we can’t show you what may lay in wait. But we can confirm people won’t be losing money to this one anytime soon.

 

Someone else logged in
Elsewhere, we have a “Reminder” notification that someone else is logging in on your Apple account with an iPod in Monaco.

The email reads as follows:

[Reminder] [Notification Update] Statement new log-in your Apple account with other device
Fοuг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ Ьееn lοсκеd Ьесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе ассеѕѕіng уοuг ассοunt аnd mаκе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :
Country : Monaco
IP Address :
Date and Time : 13:09, 06 Feb 2018
OS : iPod
Browser : Safari
If you did not make these action or you believe an unauthorized person has accessed your account, you should login to your account as soon as possible to verify your information.

Apart from the lazy typos (“Four your safety”) and awful sentence structure, they also make use of some Cyrillic characters in a likely attempt to bypass Beyesian filtering. While the destination site was offline again, it’s worth noting that all of the examples tried to send potential victims to HTTPs websites, instead of the plain old HTTP landing page. All phishers now want to look as “secure” as they possibly can—anything to help pull the wool over your eyes.

Always worth repeating: Just because a website is HTTPs, does not mean it is a legitimate website. Phish pages can lurk anywhere, no matter what security the page you’re on happens to be touting.

Apple care scare
There’s also some dubious texts going around claiming to be from Apple Care:

It reads as follows:

Final Notification
Your Apple ID is due to expire today. Prevent this by confirming your Apple ID at
appleid-revise(dot)com
Apple Inc

As you can see, there’s a big push to apply pressure to potential victims, and everything falls somewhere between the two extremes of “Payment made, quick do something!” and “So, your account is going to be terminated.” While we’re happy to say this is another one that came to our attention already DOA, even as texts were going out, the sad truth is that for every site taken down there are many more happily accepting credit card details and personal information.

Fake app purchases
We’ve also seen some fake app purchases, and this one rather spookily has an order number attached that was actually of some relevance to the recipient.

While one hopes this is just some horrible coincidence, it could just as easily have prompted the above individual to start visiting rogue links—and that’s all it really takes. Just one fragment of information from an otherwise garbled email missive could be enough to cost someone a small fortune—or even worse, a very large one.

If you’re worried about the pushy tone of a supposed Apple missive, contact them directly to check its validity, and wander over to their help page for more information on securing your Apple account. These are some of the most common scams around, and for as long as Apple IDs are tied to valuable purchases and personal information, criminals will continue target these accounts.

Read the full article.

Phishing Scams Targeting Direct Deposits

An increase in cyber threat actors sending phishing emails to education employees for the purposes of obtaining account login information has been seen across the education sector and universities. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.

This type of attack utilizes the inherent risk behind the use of single sign-on (SSO) features. SSO allows for the use of a single set of credentials to gain access to connected systems, providing authentication, authorization, access control, and password synchronization across an environment. In these incidents the cyber threat actor usually sends education sector staff a phishing email, a PDF attachment or malicious link. The phishing email often spoofs the account of an IT administrator or senior official. Upon clicking the link or downloading the attachment, the user is prompted to enter their login credentials, which the cybercriminal uses to log into the payroll system. The cybercriminal then changes the direct deposit information for that employee so that the employee’s paycheck is sent to a different account or pre-paid credit card. According to the FBI, in some instances the cyber threat actor is also accessing the employee’s email account and creating rules that immediately forward incoming emails containing specific words to the deleted folder so the employee does not get alerted to the criminal activity.

Fordham University has certain protections in place against such attacks thanks in part to the email protection built into Gmail, email protection services from Proofpoint and DUO’s two-factor authentication. The combination of all these security aspects help protect Fordham accounts from being compromised even if one’s credentials are attained.

If you believe you have received a phishing message or similar suspicious message, please do the following:

  • Do not respond to the message.
  • Do not click on any attachments or links.
  • Do not call the number listed.
  • Do not provide any information such as username and password.
  • If you did respond to the email and provided confidential information, please contact Fordham IT Customer Care ASAP at (718) 817-3999 for instructions on how to manually reset your password.
  • Delete the message.

Please note: Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.

To learn more about protecting yourself online against such phishing attacks as these and others, please take the UISO’s online course, “UISO Security Training.” The course can be accessed in Blackboard, under My Organizations. You can login to Blackboard either via the portal, at My.Fordham.edu, or directly from Fordham’s Blackboard portal.

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Phishing Scams Now Harder to Detect

Via: Krebs On Security

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Phishers are moving to HTTPS because it helps increase the likelihood that users will trust that the site is legitimate. After all, your average Internet user has been taught for years to simply “look for the lock icon” in the browser address bar as assurance that a site is safe.

Perhaps this once was useful advice, but if so its reliability has waned over the years. In November, Phishlabs conducted a poll to see how many people actually knew the meaning of the green padlock that is associated with HTTPS websites.

“More than 80% of the respondents believed the green lock indicated that a website was either legitimate and/or safe, neither of which is true,” he wrote.

What the green lock icon indicates is that the communication between your browser and the Web site in question is encrypted; it does little to ensure that you really are communicating with the site you believe you are visiting.

So what can you do to make sure you’re not the next phishing victim?

Don’t take the bait: Most phishing attacks try to convince you that you need to act quickly to avoid some kind of loss, cost or pain, usually by clicking a link and “verifying” your account information, user name, password, etc. at a fake site. Emails that emphasize urgency should be always considered extremely suspect, and under no circumstances should you do anything suggested in the email.

Phishers count on spooking people into acting rashly because they know their scam sites have a finite lifetime; they may be shuttered at any moment. The best approach is to bookmark the sites that store your sensitive information; that way, if you receive an urgent communication that you’re unsure about, you can visit the site in question manually and log in that way. In general, it’s a bad idea to click on links in email.

Links Lie: You’re a sucker if you take links at face value. For example, this might look like a link to Bank of America, but I assure you it is not. To get an idea of where a link goes, hover over it with your mouse and then look in the bottom left corner of the browser window.

Yet, even this information often tells only part of the story, and some links can be trickier to decipher. For instance, many banks like to send links that include ridiculously long URLs which stretch far beyond the browser’s ability to show the entire thing when you hover over the link.

The most important part of a link is the “root” domain. To find that, look for the first slash (/) after the “http://” part, and then work backwards through the link until you reach the second dot; the part immediately to the right is the real domain to which that link will take you.

“From” Fields can be forged: Just because the message says in the “From:” field that it was sent by your bank doesn’t mean that it’s true. This information can be and frequently is forged.

If you want to discover who (or what) sent a message, you’ll need to examine the email’s “headers,” important data included in all email.  The headers contain a lot of information that can be overwhelming for the untrained eye, so they are often hidden by your email client or service provider, each of which may have different methods for letting users view or enable headers.

Describing succinctly how to read email headers with an eye toward thwarting spammers would require a separate tutorial, so I will link to a decent one already written at About.com. Just know that taking the time to learn how to read headers is a useful skill that is well worth the effort.

Keep in mind that phishing can take many forms: Why steal one set of login credentials for a single brand when you can steal them all? Increasingly, attackers are opting for approaches that allow them to install a password-snarfing Trojan that steals all of the sensitive data on victim PCs.

So be careful about clicking links, and don’t open attachments in emails you weren’t expecting, even if they appear to come from someone you know. Send a note back to the sender to verify the contents and that they really meant to send it. This step can be a pain, but I’m a stickler for it; I’ve been known to lecture people who send me press releases and other items as unrequested attachments.

If you didn’t go looking for it, don’t install it: Password stealing malware doesn’t only come via email; quite often, it is distributed as a Facebook video that claims you need a special “codec” to view the embedded content. There are tons of variations of this scam. The point to remember is: If it wasn’t your idea to install something from the get-go, don’t do it.

Lay traps: When you’ve mastered the basics above, consider setting traps for phishers, scammers and unscrupulous marketers. Some email providers — most notably Gmail — make this especially easy.

When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that with a “+” sign just to the left of the “@” sign in your email address. For example, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to Gmail and create a folder called “Example,” along with a new filter that sends any email addressed to that variation of my address to the Example folder.

That way, if anyone other than the company I gave this custom address to starts spamming or phishing it, that may be a clue that example.com shared my address with others (or that it got hacked!). I should note two caveats here. First, although this functionality is part of the email standard, not all email providers will recognize address variations like these. Also, many commercial Web sites freak out if they see anything other than numerals or letters, and may not permit the inclusion of a “+” sign in the email address field.

View the full article.

Beware of This Apple iPhone Password Phishing Scam

ios security phishing

Apple’s iPhone customers could potentially fall victim to a scam that would see them unwittingly hand over their Apple ID credentials.

Security researcher Felix Krause on Tuesday published a proof-of-concept that shows how easy it is for hackers to replicate the familiar “Sign In to iTunes Store” Apple prompt on the iPhone and steal a user’s password. According to Krause, developers can turn on an alert inside their apps that look identical to the legitimate pop-up requesting a user’s credentials. If the person inputs the password, the malicious app owner could steal the information and users wouldn’t even know they were targeted.

“Users are trained to just enter their Apple ID password whenever iOS prompts you to do so,” Krause wrote in a blog post. “However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases. This could easily be abused by any app.”

Apple ID alerts are common fare in a typical day using the iPhone. They come up when users want to make an app purchase or when account content, like iCloud data, needs to be accessed. Apple’s legitimate pop-ups display information and then request users input their Apple ID passwords to proceed.

According to Krause, any app developer can create an identical pop-up, and he was able to do just that as part of his research. Users, then, would be hard-pressed to determine whether it was a legitimate password request or one that could leave their credentials open for theft.

Still, Krause said that users can protect themselves by never inputting passwords into pop-ups and instead going into the iPhone’s Settings menu and do it there to ensure it’s a legitimate request. He also suggests clicking the home button when a pop-up is displayed. If the home button closes the app, it was a phishing scam, but if the pop-up remains, it’s a real Apple request.

Looking ahead, Krause believes the best way to fix the problem is by Apple making some tweaks to the way apps ask for Apple ID passwords. Rather than use pop-ups, he says, Apple should ask users to open the Settings app and input their credentials there, thereby eliminating the apps from the process altogether.

(source: http://fortune.com/2017/10/10/apple-iphone-password-phishing-scam/)

Dont Fall for Scare Tactics!

(Photo from – http://www.telugunow.com/news-headlines/ransomware-effect-companies-hyderabad-320479.html)

Hackers hope their victims are uninformed and easily persuaded, because that’s the perfect recipe for success in their business. If users don’t know what to look out for, they can easily be baited into downloading malware, or giving up confidential information.

  • Don’t feel forced to into immediate action.
  • If you receive a suspicious email that is threating and requiring immediate action, take a moment to decide what your next step should be.
  • Is this an email about your banking or credit card account?
  • Then you should contact that institution directly, by phone whenever possible.
  • Is this a message saying that you have a virus on your system?
  • Perhaps you should run your antivirus software scan.
  • Taking a few moments to assess the situation and make your own decision can really make a difference and keep your accounts safe.
  • Many times your account or device hasn’t been compromised, and the hacker is leading you to a link that will compromise your account/device.
  • Remember that hovering over a link will show you its true destination. This is a good way to verify website.
  • Do not download any attachments included in any suspicious emails or use links provided within the body of the email to visit a suggested website.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Cyber Criminals Are After Your Information

One of the most valuable currencies on the internet is information, and there are attackers dedicated to accruing it around the clock. Shared below are some of more commonly used techniques.

Pharming

Pharming is also referred to as Domain Name System (DNS) poisoning. Pharming modifies a system’s host files or domain name system to automatically redirect users to a fake URL or website, even if the user enters the correct web address or uses a bookmarked page. When successful, this form of phishing can collect the desired information with the user none the wiser as they have navigated to legitimate website.

Content Injection

Content Injection phishing is similar to pharming in that it uses a legitimate website to compromise the user’s personal information. The difference being that the hack/malware is added to the back end of a legitimate website instead of the user’s device. With this type of phishing, the hacker is able to mislead and redirect the user to get them to give up their personal information.

These two forms of phishing may be a little harder to detect without the proper tools

Man-in-the-Middle Attacks

Man-in-the-middle (MitM) attacks occur when a hacker sets up between the user and the websites they are trying to use, like an online banking site or even social networking page. They then take the users’ information as it’s being entered, making it harder to detect this type of phish.

 

Search Engine Phishing

Search engine phishing is executed by hackers creating malicious webpages. They often contain enticing offers and attempt to get users to click on the page, when it is pulled up as a result from a search engine query. It’s important to pay attention to the web addresses you are being directed to in order to avoid being tricked into providing your personal information.

Stay Protected

  • Use anti-virus and spyware software
  •  Antivirus and spyware software is sometimes underrated. Having the software on all of your devices can seriously reduce the risk of pharming and content injection phishing schemes.
  • Make sure all of your programs, apps, and tools are up to date.
  • When updates are pushed they ensure that vulnerabilities are detected and patched, and if the updates aren’t installed, it can put your device(s) at risk.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

Have you heard of Spear and Whale Phishing?

Spear Phishing

(Photo from – https://oxen.tech/blog/spear-phishing-new-twist-old-scam/)

Spear Phishing is really what it sounds like, a directly pointed attack. The attackers gather as much information as they can from the internet to build a more personalized, and believable attack.

  

(Photo from – http://resources.infosecinstitute.com/category/enterprise/phishing/spear-phishing-and-whaling/#gref)

 Whaling

Whaling is a specific form of spear phishing, in which the attacker goes after a high-profile target associated with a business, or government entity.  These victims may include but are not limited to senators, CEO’s, and those with access to company’s finances.

  • Pay close attention to the emails you receive.
  • Look for spelling and grammatical errors. Hover over URLS to reveal the destination of the link. Also hover over the links at the bottom of the email, many times these may look functional but are not.
  • If you’re being requested to verify personal information (name, D.O.B, or SSN) don’t use any forms provided in the email. Visit the home page for the business instead and check your account that way, or call customer service for more information when possible.
  • Businesses can avoid whale phishing by simply implementing a specific stationary for their emails directed to their employees. Making it easier to spot a spoofed email.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What are Smishing and Vishing?

(Photo from – YouTube.com )

What is Smishing??

Smishing is SMS-Phishing, messages that are sent to your mobile device to attempt to obtain your credentials (usernames, and passwords) or financial information (credit card, and social security numbers).  While these may be a little easier to spot (How did I win $1000.00 Wal-Mart gift card if I never signed up for a contest?) we should still be mindful that the potential risk is still there.

(Photo from – https://info.phishlabs.com/blog/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks)

Vishing

Similar to Smishing is Vishing. Hackers use IVR software to try to obtain sensitive information.

As with email phishing schemes there are a few steps we can take to ensure we aren’t targets of these two forms of phishing.

  • If it sounds too good to be true, it just might be!
    • If you receive a text message from a number you don’t recognize, do not click any links that may appear in the body of that message.
    • Also if you receive a phone call from a phone number you aren’t familiar with, allow it to go to voice mail. Reputable businesses will leave you a message if necessary.
  • Avoid sharing your mobile number.
    • While there may be many offers/memberships that request your cell phone number, limiting the number of websites you enter your cell number into will reduce your risk of Smishing and Vishing.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

What is Phishing?

(Photo from – http://www.uidaho.edu/infrastructure/its/departments/security/phishing-scams)

Phishing is a fraudulent communication sent that appears to come from a reputable company or person, with the intent to obtain the users credentials (usernames, and passwords) or their financial information (i.e. credit card, and Social Security numbers). While phishing is one of the oldest types of cyber scams or attacks that is still prevalent in today’s world, the criminals that launch the attacks have evolved with technology making some phishes harder to identify than others.

How do I spot a phishing scam?

  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.
  • Don’t trust that link!
    • If you receive an email requesting you log in to verify account information, navigate to their home page directly. Avoid using the links provided within the email as they may automatically download Malware to your device or take you to a website that will do so.
  • Don’t fill in those blanks!
    • Do not enter your personal information (name, D.O.B, SSN, etc.) on to a form that is embedded into a suspicious email. Again if you need to verify account information for a reputable business navigate to their page directly. 
  • Does something look off?
    • Pay attention to the emails you receive regularly, they can help you spot a phony in the future. Great phishers will recreate websites with small discrepancies, keeping an eye out for minor or careless mistakes can keep you safe.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

 

 

Don’t be a victim of a phishing scheme!

Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Below is an example of a phishing campaign scam.

phishing_email_example

Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

Visit us daily for more tips tips during National Cyber Security Awareness Month starting October 2nd.

If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.