1. Capitalizing on Celebrities
The news of Kobe Bryant’s death shocked everyone at the beginning of this week. As a beloved athlete and respected entrepreneur and investor, his death made headlines and continues to receive attention and emotional responses.
Bad actors love to exploit this kind of situation in a variety of ways. They’ll use the Bryant helicopter crash as bait with links to ‘special news coverage,’ secret footage, places to post your sympathetic messages, and even as funding grabs for the other victims of the accident.
Whatever tactic is used, you will wind up with either infected workstations at the house or in the office, giving out personal information, or unleashing ransomware on your network.
What can you do?
- Always remember to be wary when someone is tugging at your emotions or offering special access, e.g., never before seen footage. If you receive an email with anything like this, force yourself to stop and look before clicking on anything. Check the sender, and hover over the links.
- Browse to websites independently of email. For example, if a message claims to show an NBC behind-the-scenes special on Bryant or interview outtakes, try Googling it first. If it really exists from NBC, you should be able to find it. They want the website traffic, and they’ll want you to share and post about their content.
2. No Such Thing as a Temporary Social Security Number
Researchers at Kaspersky have come across a phishing site that’s posing as a data leak protection service set up by the US government.
The site claims to be compensating victims of data breaches, offering cash “to residents of all countries around the world.” The website is well-designed and looks like an official government site, despite some grammatical irregularities and the mention of a non-existent “US Trading Commission.”
Users are invited to enter their names and phone numbers to see if they’re entitled to receive compensation. The site warns that entering false information is illegal, but the researchers found that the output will be the same regardless of what is entered.
“For example, we [researchers] inquired about the personal data of a citizen named fghfgh fghfgh. The site pondered for a while, seemingly connecting to a database of information about leaks…and lo and behold, found that our fictional character with an unpronounceable name had indeed had their data leaked. Moreover, it turned out that someone had already used their photos, videos, and contact information, and so fghfgh was entitled to compensation in excess of $2,500!”
After entering your info and seeing how much money you could be owed, you are asked to provide your payment card information and Social Security number (SSN) in order to receive your money.
There is also an option for non-US citizens who don’t have a SSN. They’ll be taken to a page where they can purchase a temporary SSN for just nine dollars. The scam ends after the victim has either provided their SSN and payment information, or after they’ve forked over the nine dollars.
Stay safe with these tips:
- Being the victim of a breach is scary and all too possible nowadays. But you should be immediately suspicious of anyone asking for your social security number over the phone or through a website.
- There are some legitimate services that can see if your information has been compromised. We can perform Dark Web searches for you and your business, and haveibeenpwned.com is a website search tool that you can put your email into and see if it has been involved in known breaches. You can then use that information to change your password and possibly close old online accounts.
3. Windows 7 Support Scams
As you know, Microsoft ended support for the Windows 7 operating system on January 14th. Scammers are taking advantage of the long-anticipated news to launch tech support scams, according to the Better Business Bureau (BBB).
These scams are typically conducted over the phone, with the scammer posing as a Microsoft employee. The scammer will use social engineering to either call you out of the blue, or they’ll use computer pop-ups or emails to convince you to call them.
“The caller may seem friendly and helpful, but they are far from it,” the BBB explains. “They may convince you to pay yearly fees (that don’t exist) or request remote access to your computer under the guise of installing software. If you pay the fees, you could lose hundreds of dollars. But if you allow the scammer access to your computer, your secure personal information, such as banking details and login credentials, can be compromised. This puts you at risk for identity theft.”
So how can you protect yourself?
- First, know that Microsoft will never call you unsolicited. They do not offer support by calling or pushing popups on your computer.
- In fact, you should always be suspicious when someone calls out of the blue offering to remote into your computer. Our advice is to tell them you can’t talk at the moment and then call us or report it directly to Microsoft.
- You should also make an immediate plan to upgrade or replace that Windows 7 operating system. Even without scammers calling you, vulnerabilities will continue to be discovered that Microsoft is no longer offering security patches for.
