Thanks to our friends at Entirenet for the following post!
Back with more news to help keep everyone informed on the latest threats hitting end users. The details are basically the same regardless of what malware is being distributed, the part that is constantly changing is the way in which the malware is being presented to the end user. The bad guys send out a socially engineered email, put up a fake website or inject malicious ads on other people’s web sites hoping that anyone will “make the mistake” that will download and install their infection. Recently there has been a number of reported phone calls trying to trick people into doing the same thing. Using all sorts of tactics ranging from fake tech support agents from Microsoft, Dell, HP and other manufacturers to antivirus support agents or other software providers. They will threaten to shut off your computer permanently, deactivate your software or licenses so you cannot use them any longer or inform you that you need an update and will try to guide you to a website. While I would expect that those working for Entirenet would be savvy enough to recognize most of these scams, we have to look at where everyone works as well. The majority of ransomware today will spread across a network infecting anything that it can gain access to. With that in mind I send these notices to our staff and have encouraged you to share this info with the people you live with, work with or share a network with. Remember to think before you click, end users are the last line of defense.
For your edification here are a few links if you want more information:
- FBI public service announcement regarding ransomware: https://www.ic3.gov/media/2016/160915.aspx
- A warning about issues with iOS 10 update bricking iPhones and iPads(Courtesy of Jay Carlson): It is reported by Apple that this issue has been fixed now and the update will work
- A recording of an actual tech support scam phone call. (Both accents are a bit thick, but it demonstrates the point) http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
- The link above is part of the KnowBe4 blog post: https://blog.knowbe4.com/cyberheistnews-vol-6-37-scam-of-the-week-a-new-type-of-tech-support-fraud
- Seagate sued by its own employees because of a successful CEO fraud phishing scam. http://www.bbc.com/news/technology-37337741
- A reminder that emails can be spoofed and you need to think before you click
- If you are interested in reading up about regular threat updates I would recommend you sign up for the Cyber Heist News. AKA: KnowBe4 blog, a link is at the bottom of their page