1. SSN Robocall Scams
Be on the lookout for a popular robocall scam that is tricking people into believing their Social Security number (SSN) has been suspended.
The robocall tells you to call the number provided to speak with a government agent about the issue. Some of the robocalls even threaten to issue an arrest warrant if the victim doesn’t respond.
When you call the number back, you are actually speaking with a fake government agent. This scammer will try to trick you into giving up sensitive personal information like your SSN, birth date, and bank account number.
Always remember the following to stay safe from tricks like this:
- Your Social Security Number can never be suspended.
- The Social Security Administration will never threaten to arrest anyone.
- You should not share any personal information with someone you don’t know over the phone.
- If you get this type of call, hang up immediately and report the call to the appropriate agency.
2. PDFs as Phishbait
The use of malware-laden PDF email attachments has spiked in recent months, internet security company SonicWall has found. Over the course of 2018, SonicWall detected 47,000 new attack variants using PDFs, while they observed more than 73,000 of these variants last month alone. 67,000 of these PDFs linked to scammers, while 5,500 contained links to malware downloads.
John Oates at the Register writes, “Other attacks have been known to nick login details by tricking the user into opening malicious PDFs that use remote document loading mechanisms to capture and leak your credentials.”
Most of the attacks observed by SonicWall simply used PDFs to smuggle malicious links through email security filters. Many security filters struggle to analyze content inside PDFs, so an attacker stands a better chance of getting through to their victim if they place the link in one of these files.
SonicWall notes that PDFs are generally thought of as a safe file type, so users often don’t hesitate to open them. Given the pervasiveness of PDFs within corporate and government environments, employees need to know how to avoid these attacks.
How to protect yourself:
- If you receive a message with an attachment from someone you don’t know, do not open the attachment. Even if it’s a pdf.
- Never click on a link in a message or in an attachment unless you know the sender is legitimate.
- If you think the message is okay, always hover over links to see where they are taking you. If you’re unsure, don’t click!
3. Fake Emails from HR
The bad guys know how easy it is to trick you with emails that spoof–or appear to come from–your Human Resources team. These attacks are everywhere right now.
The emails are often centered around topics such as “new” or “updated” policies, employee benefits, employee handbooks, payroll, and W-2 information.
Whenever you receive an email from your HR team, you may feel compelled to open the email and address it right away. The sense of authority that comes with HR emails is how the bad guys trick you. They’re counting on you falling victim to this sense of authority so you end up clicking before you think
If you receive an unexpected email appearing to come from your HR team, or an HR-related service, always remember the following:
- Pick up the phone and speak with someone who can confirm the request is valid BEFORE you click on any links or download any attachments.
- Log in to the HR-related service account through your browser (not through links in the email) to check the validity of the information in the email.
- If it’s a scam, immediately report the message to your IT team and your HR department.
