1. Surprise, You’re Getting Sued
A very effective email phishing and malware attack has come out disguised as a nastygram from a law firm. The scam typically notifies you that you’re being sued, and it instructs you to review the attached file and respond within a few days — or else. The kicker? The attached Word documents are booby-trapped with a trojan used to drop malware on your computer.
This scam was discovered as part of a phishing kit. That’s right, there are ready-made kits hackers can purchase, customize, and put in play. It has some spelling mistakes and awkward grammar that might tip off the vigilant reader, but what’s troubling is how the phishing kit included five booby-trapped Microsoft Word docs to choose from, and none of those files were detected as malicious by more than three of the five dozen or so antivirus products that scanned the Word docs on May 22, ten whole days after they were spammed out.
Also of concern? A legitimate law firm was spoofed in this attack. According to reports, someone had recently called them to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter.
So aside from putting your own lawyer on speed dial, what can you do to avoid this scam?
- Anytime an unsolicited email evokes a strong emotion (such as fear), stop and think before you click. Look up the law firm online, and call them. Do not click on any links or use any contact information in the message.
- Try to remember that legal proceedings typically require serving papers in person, through the mail, or even by putting a notice in the newspaper.
- Never open attachments you aren’t expecting, especially from people you don’t know.
2. Customer Service, How May I Rob You?
In this new age of social media customer service, scammers are seeing opportunity.
As digital giants like Twitter and Facebook scramble to keep up with fake news and fake accounts, some are bound to slip through. So when you want to make a complaint about goods or services and get some sort of fast and public resolution, use caution.
It works like this: you tweet to the company about being overbilled or missed delivery, etc. A very similarly named account that may include “CS” or some customer service variation responds to you.
They’ll ask for basic information such as name, address, and account number or login. But then there’s ‘trouble locating your account’ so further information is requested. This may be your date of birth and phone number.
Once they have your phone number, they call posing as the company and can request even more personal information in a seemingly reasonable way. This may include the bank account you use to pay that company and possibly some security questions for “verifying.”
You’re happy to do whatever it takes to get resolution to your problem, so you may not realize that you’ve now handed over the keys to your entire bank account and login details that can be sold on the Dark Web.
This very scam was used in England to wipe out a woman’s bank account and take out multiple loans in her name. So what can you do, especially when it seems that a public complaint is the only way to get some attention?
- Check to see if the account is verified on Twitter or Facebook or whatever social platform you’re using. Not all businesses will be verified, but large corporations typically are.
- Visit the company’s website to find out the account(s) they use for customer service. Look at their contact page or hover over their social media icons to see their official handles.
- Limit your exposure by submitting complaints through the company’s chat or email system, and leave social media for more social pursuits.
3. Holiday Hacking
The bad guys are known to use holidays such as Memorial Day to try to get you to click on a dangerous link or download a malicious attachment. They can pose as charities asking for donations, especially for veterans on this holiday, and they often mimic sales from major retailers. These scams will probably crop up again for the Fourth of July.
Whether you’re traveling for the holiday weekend or staying home to take advantage of online shopping deals, be cautious when performing any types of online transactions. Be suspicious of any out-of-the-ordinary emails, and be mindful of what information you’re sharing over your phone when you’re on the road.
- If you’re being asked for donations and it’s not a company you have given to before, navigate to the company’s website independently. Do not click on any of the links in the message.
- If you receive an incredible deal or offer in your inbox, visit the website independently. Private offers may not be listed publicly, so if you don’t see the deal, call the company before clicking any links in the email.
- If you’re traveling, remember to turn off your mobile device’s Bluetooth when not in use. Cyber criminals can pair with your phone’s open Bluetooth connection and steal personal information.
