Much like phishing and spear-phishing, VISHING is the latest online scam designed to steal your logins. Only VISHING uses voicemail to do it, according to the FBI and the Cyber Security Agency (CISA). They are targeted attacks on employees of corporations using voicemail to get users working at home to call back and then use social engineering to steal VPN credentials. Check out Brian Krebs' article here.
Brad says that his company email looks to be compromised. Leo says it's more likely his email address has been "spoofed" by spammers, and it's really easy to falsify or spoof a reply email address. Sooner or later, they will move on to a new random return address. That's why everyone gets spam and even bounced back emails that don't work. So it's unlikely Brad's email address has been compromised, just spoofed.
If you become the victim of a phishing scam, here are a number of things you should do if you can:
Todd got a Facebook message from a friend that said "Is this Your Video?" and it had his picture on it. So he clicked on it, and it said the content wasn't available. Leo says that Todd was likely hacked in a phishing scam, accessing his Facebook account. What they are hoping is that you log into Facebook and get their password stolen. They can also try and get you to pay for a bogus support contract or grab your credit card number. They can even put a bitcoin miner on your computer. So NEVER click on a link. EVER.
Dave got a call that his computer was hacked. Knowing he was being phished, he decided to have some fun with them (especially since he doesn't have a computer). Leo says it's good that Dave gave them a taste of their own medicine, but it's sad that we have to deal with scammers and end up using so much energy to protect ourselves. But while it's great Dave knew and was able to turn the tables on them, it's always best to just hang up.
When you want to find out if you should stay away from typing in a suspicious and possibly fake web address, check the URL's TLD (top-level domain) which should imply whether the site is legitimate or not. For example, if a web address reads Google(dot)com/blahblah then it is a legitimate Google page. However, bad guys can spoof Google and create an address like Google(dot)badguy(dot)com which may easily deceive many victims at first glance. Always be cautious of deceptive URLs and links that can infiltrate your device if clicked.
Mara was a victim of identity theft, and just narrowly avoided having her brokerage account drained. Leo says that Mara should change her password and turn on 2 factor authentication right away. Leo suspects the bad guys got her information from a database breach like the Collection #1 or the Marriott hack. Leo also suggests going to haveIbeenpwned.com/passwords and see if her passwords have been compromised and are known.
The latest ransomware attack is called WannaCry and it's spreading via phishing email attacks. The ransomware not only encrypts your data — it also has a built-in kill switch on websites. Security researchers may have crafted a fix to it, but there's a catch. The encryption is done using Microsoft's bit locker, and the fix is to take advantage of a flaw in the cryptographic memory that keeps the keys in RAM so it can harvest them and unlock your data.
Leo says that the alleged hacking by the Russians in our election was a "bush league" spear phishing attack that allowed hackers to gain access to emails from the Democrat National Committee. Leo says we need to know more about it. It seems to Leo that this attack was more like North Korea hacking Sony.
(Photo: Santeri Viinamäki [CC BY-SA 4.0], via Wikimedia Commons>
Ellen feels like she got ripped off by Microsoft. She got a popup saying she had a virus and listened to it, then paid $250 for support. Leo says that wasn't microsoft. That was a bad guy. Leo says it was a browser popup and they use that to phish for gullible people to sign up. Microsoft will never, ever do that. It's even worse, though. They likely got remote access and not only do they have her credit card, they have also likely installed more malware on the computer. At this point, Ellen should call the credit card company, reverse the charge and have her card number changed.
