Cyber security platform TitanHQ has revealed that you are more likely to be hacked on your birthday than on any other day of the year.
The cyber experts have done some digging to find out the most popular scams of the last year and are warning the public to be on the lookout for some less commonly known phishing scams. Here are some of the surprising ways that you could be targeted online - and how to prevent it from happening.
The Happy Birthday Email
Phishing emails usually harp on a message of urgency (i.e, your password is about to expire ) to rush users through a desired call to action before thinking about what they are really doing. However, another less commonly known approach is to hit them in a vulnerable moment in which they have their guard down.
In a new trend that exploits flattery, attackers send targeted victims an email on their birthday. These are no generic attacks as the attackers must actually know when your birthday is. The email contains a birthday greeting that invites the user to click on a link to see the e-birthday card that a loved one sent.
Sometimes even going as far as to tell the victim they have an Amazon gift card waiting for them that someone purchased for their birthday. Of course, there is no e-card or voucher, just a weaponized malware payload such as ransomware that will now invade your network once it infiltrates your computer.
The Question Quiz Scam
Everyone loves to win, especially if it’s a contest that involves a prize. Recently, the Akamai Threat Research team uncovered an attack they call the “question quiz.” The targeted victim receives an email or Facebook Invite from a well-established brand asking them to participate in a quiz. Those who participate and complete the quiz are told they will receive a nice prize and end up scammed instead.
This attack was backed by an elaborate network of over 9,000 domains and subdomains. Each domain was only used for a short amount of time and then discarded before it could be properly classified as malicious. The attack also disguised the attacks using an array of content delivery network (CDN ) features.
The Google Contest Winner
With this scam, the victim receives an email announcing that they are the latest “Google Winner” as a way to thank you for being a loyal user of Google services. The email includes precise directions as to how to claim your prize which of course involves sharing your personal details with Google.
The letter also includes a link taking you to a fake Google site that requires you to log on with your Google credentials. While the criminals don’t steal any funds in this scam, they do walk away with your Google details, which people often use at many third-party sites, as well as personal information that can be used to validate your identity.
The MFA Attack
Multifactor authentication is highly recommended today for any resource site that requires login credentials, but don’t think that MFA is foolproof. Because of the increasing usage of MFA, cybercriminals are quickly developing ways around it.
During this phishing attack, a user usually clicks on a link that takes them to a website that is spoofing their bank’s webpage. The victim then inputs their credentials, which the attacker captures in real-time and immediately uses them. The attacker’s logon to the actual bank’s site initiates an MFA check which the user assumes was initiated by their own login attempt. A popup then appears on the spoofed page prompting the user to type in their MFA code. Once this is inputted, the attacker now gains complete access to the victims account and can change the MFA phone number if desired.
Meanwhile, TitanHQ is also urging people to be aware of some of the more common cyber ploys which involve:
The invoice scam: An email alerts you of an outstanding invoice from a known vendor and provides you with a link to pay the invoice. The link leads to a spoofed website and you type in your credentials, an attacker steals them and uses them to access funds.
The bank scam: Your bank or credit company emails you requesting that you update your personal information and payment information for their records with a link to a spoof site.
The tax scam: Then there is that dreaded email from the tax office alerting you that you owe money and are facing legal action if not paid in full within an allotted amount of time.
How to protect against New Scam Approaches
User education on identifying basic tell-tale signs of an attack
A combination of email filtering and web filtering
Applying a healthy amount of skepticism when replying to emails
Layer your company’s protection
Only accept communication from trusted sources
TitanHQ is a 20-year-old multi-award-winning cybersecurity business, that protects end users for over 8,500 businesses and 2,500 MSP partners. The secure platform protects your users from malware, ransomware, phishing, viruses, botnets, and other end user compromises. Most importantly, our products were built from the ground up for MSPs. We save MSPs support and engineering time by stopping problems at the source while also providing ideal products to sell in your technology stack.
Would you like unlimited FREE access to all that the Galway Advertiser has to offer? Find out more here!
