Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
Thank you doctors, nurses, grocers, delivery drivers, pharmacists, and first responders! Thank you to those of you working in a NOC or a SOC keeping the internet up and running for the rest of us. I don’t know how we’d get through this without you. But a crisis can also bring out the worst in people.
Just look at the scams popping up to take advantage of folks who are legitimately terrified as a result of this global pandemic.
The X-Force team at IBM found this scam, posing as a helpful email from the World Health Organization with advice on how to stop COVID-19. In reality it installs keylogging malware on your machine—which the attackers will use to steal your personal information, banking credentials, or anything else you type in.
The FBI issued this warning about multiple scams, including attackers posing as the CDC; attackers trying to trick people into making fake charitable contributions; attackers trying to trick people into collecting their airline refund (just give us your credit card info to send the refund); and even worse, attackers offering fake cures and fake test kits. It’s appalling.
In this case, attackers abused an open redirect on the US Health and Human Services website (HHS.gov) to trick people into clicking on a link sent in a phishing email. The email pointed to a page on the legitimate HHS.gov domain, but that page simply redirected the victim to an attack site, which attempts to install malware.
The list goes on. These are challenging times for everyone. Asking the citizens of the world to be extra vigilant about phishing is asking a lot—particularly as we’re asking everyone to be extra vigilant about social distancing, sanitizing, hand washing, and gathering… to be strong while the economy melts down in front of their eyes… when we’re seeing daily news reports that millions might die. Phishing isn’t top of mind these days. Some pretty horrible people are taking advantage of that. Shame on them.
Allure can help. Our patented anti-phishing technology ends the victim-blaming and puts security teams in control, with proactive detection and response to phishing attacks. For help with any COVID-19 related phishing campaign, please contact us. We’d be delighted to assist you, free of charge, and with no strings attached. Our technology can help. Our team wants to do their part. We’re bringing out the best in ourselves.
Posted by Joni