1. Russia-Ukraine Alert
This is not a specific scam, but it may be critical to your cybersecurity. And before diving in, I’d like to take a moment and say that our thoughts and prayers go out to the people of the Ukraine currently under siege.
Now that a full-scale invasion is under way, we as business owners need to be ever more vigilant against cyberattacks out of Russia. There have been a series of cyberattacks against several of Ukraine’s bank and government agencies since the tensions began. There is every reason to assume that as these attacks are successful in Ukraine, they will also be directed towards the US and other NATO allies.
The Department of Homeland Security last week launched a “shields up” drive to protect the U.S.’s critical infrastructure from Russian actions. The shields up initiative encourages organizations of all sizes to take steps to reduce their chances of a cyberattack and ensure that they’re prepared in the case of a breach. The recommendations include assessing unusual behavior, assembling a crisis-response team, and shoring up vulnerabilities that might exist in your network.
While most of the press deals with defense and banking systems, cyber attackers are not discriminatory; they will be happy to destroy or disrupt your company as well.
“The reason why there are these bulletins coming out, especially directed at small and medium-sized businesses, is that we have learned the hard way about the fragility of the global supply chain,” says Theresa Payton, a former White House Chief Information Officer under George W. Bush.
So what should you do?
- We recommend the following actions be performed by or with your IT services provider. These are not new or one-off activities, but now is a good time to ensure they’re being handled to your satisfaction.
- Make sure your backups work, and test the restore function.
- Patch all known vulnerabilities and test the patches.
- Deploy strong MFA to as many employees as you can (some MFA can be easily circumvented).
- Remind employees of the role they play in keeping your business secure. For example, employees should actively look out for indicators of a potential business email compromise attack:
- Be skeptical—Last-minute changes in wiring instructions or recipient account information must be verified by some other method than email.
- Double check that URL—Ensure the URL in the email is associated with the business it claims to be from.
- Spelling counts—Be alert to misspelled hyperlinks in the actual domain name. Consider stepping all employees through at least a 15-minute security awareness training module to keep security top of mind. This email is designed to help, but not everyone reads their messages and others have unsubscribed.
Now might also be a good time to review your Incident Response Plan. Dust it off if it hasn’t been looked at in a while, or put it on paper if it only lives in your head right now.
And be on the alert for scammers pretending to be Ukrainians on social media looking for financial help. Experts at Avast have seen it already.
Remember that with every major disaster, criminals will try to prey on your emotions. Be suspicious of unsolicited emails and social media posts requesting payment in digital currency. A quick search came up with this list from the Washington Post of legitimate nonprofits and organizations.
2. Right-to-Left Trick Targeting Microsoft Users
Everything old becomes new again.
Right-to-Left Override (RLO) is a 20-year-old technique that can make file extensions appear to be different than the file types they really are. For example, a file named “abctxt.exe” would use RLO like this “abc[U+202e]txt.exe” and appear as “abcexe.txt” in Windows. So it looks like an innocent text file now, even though it is actually an executable file.
Vade, a global leader in threat detection and response, has detected a recent wave of attacks using this old, often overlooked tactic scoping Microsoft 365 accounts. They’re seeing it typically come through as ‘voicemail’ attachments.
You get an email saying you have a voicemail from a specific person or a ‘private caller’ with a datestamp included, and there is an mp3 or wav file attached. When you click to open the voicemail, you are taken to a Microsoft login webpage that requests your credentials to access the ‘sensitive information.’ In some instances, entering your login takes you to a fake voicemail message, and in others, you see an error message. In all cases, your Microsoft credentials have just been submitted to the scammers.
How can you protect yourself?
- Start by familiarizing yourself with the way your company officially sends voicemail notifications. If you get a message that’s different, it should raise a red flag. For example, ours come from the same noreply email address each time, and the attachments are wav files. So if we were to suddenly see mp3 files or a different sender, everyone should be on alert.
- Train yourself to slow down before taking any action on attachments. Whenever a message comes through with a file attached, carefully check the sender, the message itself, and the name of the file. If you have any questions or doubts, forward it to your IT services provider to check out for you. We’re happy to do that for our clients; it helps protect us all.
- Always stop before entering your credentials on a page someone else sent you to. Especially in this case when you thought you were opening an audio file, being directed to a website should make you suspicious. If you did not independently navigate to a page you expected to have to log into, then do not enter your credentials.
3. Using QR Codes for Crime
In another what’s-old-is-new-again tool, QR codes are on the rise as a scam tactic.
QR codes are the black-and-white square barcodes that you can scan with your phone’s camera and have a webpage link or other information appear. You’ve probably used them for restaurant menus and event or airline tickets. And you may have seen the Coinbase commercial during the Super Bowl that was so popular it briefly crashed their app.
They’ve been around since the ’90s and were used for automotive inventory initially, but they didn’t really catch on publicly until the late 2000s. And since the pandemic, they’ve surged. So much so that the FBI recently issued a warning about QR codes.
“Cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.”
The FBI and other security experts give the following examples of QR code criminal tampering:
- For parking spaces to steal payment information
- Redirecting an app download to the criminal’s malicious app or download
- Scanning to send a tweet or SMS (text) message for a contest can have the number changed to spam a person with those messages
- Automatically connecting to a business’s Wi-Fi can send you to the criminal’s malicious network instead.
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
