Phishing attempts are getting more and more brazen. And lately they're going after our heart strings trying to get in between the logical part of our brain and the emotional part of our heart to get us to click without thinking first.
This week we've uncovered two pretty brazen phishing attempts that we think you should be aware of.
So without further adieu, here they are...
1. Hurricane Harvey Charity Fraud
Hurricane Harvey hit hard and Houston got badly flooded. While the death toll rises, you can also count on low-life cyber-scum exploiting this disaster. Horrible.
Scammers are now using the Hurricane Harvey disaster to trick people into clicking on links, on Facebook, Twitter and phishing emails trying to solicit charitable giving for the flood victims.
Here are some examples:
- Facebook pages dedicated to victim relief contain links to scam websites.
- Tweets are going out with links to charitable websites soliciting donations, but in reality include links to scam sites or links that lead to a malware infection.
- Phishing emails dropping in a user's inbox asking for donations to #HurricaneHarvey Relief Fund.
Previous disasters have been exploited like this, and the bad guys are going at it again will all guns blazing. Be wary of anything online covering the Hurricane Harvey disaster in the following weeks.
Don't fall for any scams. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser or use a bookmark. Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Hurricane Harvey disaster relief... THINK BEFORE YOU CLICK!
2. IRS / FBI Themed Ransomware Phishing Attacks
WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.
The IRS said: "The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers."
“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call."
Remember that the IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. THINK BEFORE YOU CLICK!
You can read the detail of the warning here: https://www.irs.gov/newsroom/irs-issues-urgent-warning-to-beware-irs-fbi-themed-ransomware-scam
So there you have it. Two of the more recent phishing scams to be aware of.
This is great stuff to know, but the more important question is - are you doing all you can to make sure your users are educated and STAY educated about these vulnerabilities? This literally comes full circle back to having the proper Cyber Security User Awareness Training program in place for your organization. Here are a few related links that could help you address this:
- The Keys to a Successful Cyber Security Awareness Training Program
- What the Average User Knows About Cybersecurity Should Scare You!
- Hands Down The Best Cyber Security Investment
If you have any questions or are interested in learning more about our recommended approach to user awareness training, please send me an email or give me a call.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.