1. An Olympic Scam
As with any global event, the Olympics are expected to be a popular topic of scams. TechRepublic reported:
“Events like the Olympics serve as an amplifier for cybercrime,” said Emily Wilson, vice president of research at Terbium Labs. Cyberattackers will be exploiting the “increased distraction around the Olympics, allowing them to be more successful.”
The warnings from last year about tickets, travel, and fake contests became less relevant as the decision was made to not allow attendees this year. But there are still scams to look out for.
Be careful of first-to-know winner lists and updated medal counts. Behind-the-scenes streaming links from spoofed companies and any videos trying to appeal to your emotions should also be treated with suspicion. Those are your ‘devastating moment’ or ‘shocking finish’ clips we can’t help clicking on. And be aware that these may come to you as emails or SMS texts.
This is not to say that all sensational headlines are scams. Unfortunately, even legitimate sources use click-bait language sometimes. But it does mean that scammers will try to sneak their similar-seeming emails in along with everyone else. So be on your guard.
How can you avoid this scam?
- Familiarize yourself with the legitimate emails and texts you receive. If you have the NBC News or Sports app, for example, it would be unusual to get a text from them rather than a notification in the app. If you get their emails, make sure the logo is correct and current. You may quickly glance at an email and recognize the NBC logo, only to find it is an old one the scammer copied off the Internet. Keep in mind you can navigate to legitimate articles and videos without clicking on questionable links. Anything accessible only to subscribers, meaning you have to log in, should especially be done independently.
- Always pay closer attention to messages about global topics or trends. When the audience is literally the world, the scams will follow. So look at the details: match the sender’s name and the sender’s address. Read carefully, don’t skim. When we skim, we see what we expect, rather than what’s there, and we can miss mistakes. Trust your gut if anything seems ‘off,’ and don’t click if you’re not sure.
2. Word is Innocent
Scammers are using a new technique to bypass scanning tools for malicious code. McAfee Labs discovered it just a few weeks ago and explain how it works.
You’ll receive an email with a Word attachment. There is no malicious code in the Word attachment, so it passes through your email filters.
Once you open the Word document, you’ll see some sort of message about the document being ‘created in a previous version of Word,’ and that in order to view or edit it, you’ll need to enable macros. You know enabling macros is a red flag, but it looks like a reasonable Microsoft message. And the email wasn’t flagged as malicious…
If you do enable macros, a password-protected Excel document will be downloaded from a remote server. Then the two documents essentially talk to each other, taking data from the Word document and entering it into the Excel document as functions to create a new macro. This new macro turns off the policy that enables your macro download warning for Excel and then Excel downloads the malware.
It is creative and dangerous.
So how can you stay safe from this?
- The good news is that if you still abide by the ‘never enable macros’ rule, you will be safe from this. And if you are tempted to enable anyway, you can (and should) ask your IT team to check the message and attachment for you first.
- Remember that these scams are just business to these criminals. And that means they will continue to come up with new ways to make money. You wouldn’t keep spending money making a product no one buys anymore, and neither will they. They will continue to work on bypassing the tools we have in place, which means we have to stay alert. So always, no matter what, think before you click.
3. Milanote on the Rise
Along the lines of last month’s warning about Google docs, Milanote is being used to disguise malicious links.
Milanote, if you are not familiar, is similar to Microsoft’s OneNote. It’s a note-taking collaboration tool used by big name companies like Uber, Google, and Nike, and it is legitimate. Recently, analysts at Avanan, an email security company, noticed a dramatic increase in attacks using files hosted on Milanote.
1,367 out of 1,430 emails to be exact. 95.5%
How it works is as an email with a pdf attachment. The pdf is supposedly an invoice of some sort, and the email is a typically worded business message. Both email and attachment go through email filters without being flagged because there is nothing malicious. The pdf is a brief one-liner with a button or link to the ‘actual’ invoice, and it is an authentic Milanote link.
The scam is if you click the link on the invoice and go to the Milanote page, on the Milanote page is another link. This is the bad one.
What can you do against this?
- Just as you should automatically stop when presented with any kind of login screen or credentials page that you did not navigate to independently, begin to think of click trails like this. It should cause you concern to receive an attached invoice that is not actually an invoice. It should make you outright suspicious if that attachment leads to yet another link. No legitimate business should make you click 3 times to view what they expect you to pay. But this still works sometimes because we get invested. We’re curious enough to click once. That doesn’t show us, so we click again. Now we’re really curious. What’s at the end of this trail? It’s human nature to wonder and to solve mysteries, but there needs to be a stronger imperative to stop now.
- Also remember the basics such as whether or not you should be receiving an email about an invoice in the first place. Double-check the sender and sender’s email address. Is there any reference to a project or order number? If you recognize the sender, give them a call first. And as always, ask your IT team to check it out for you.
