Phishing Attacks On the Rise

Our headline could be written nearly every month. Phishing, Spear Phishing, and their variants are happening with more and more frequency and the attacks are becoming more sophisticated. Some of the largest data breaches in the last year happened because someone responded to an email or clicked on a bad link causing a virus to be installed on a machine or allowing a "bad actor" to gain access through to a desktop and many times to an entire network. And yes, it happens here.

There are two parts to this article - We start with what is Phishing, how to spot it and defend against it.  The second part talks about the "Tech Support" Phishing Scam which may involve an faked phone call or email from Norton by Symantec. You can replace Norton's name with any legitimate software or hardware maker.  

A phishing email is a malicious attack that attempts to obtain your sensitive information by tricking you into believing the message is valid and opening it. Phishing attempts masquerade as legitimate or trusted entities, which makes them difficult to detect. Here are some warning signs you should be on the look out for:

  •  The "From" email address is unofficial-looking, misspelled, or contains typos. The "From" email may also be different if you look into the email's info, rather than just the display name.
  • Urgent action required. If the email is trying to scare or intimidate you, or rush you into action, be wary.
  • Vague salutations. The email may be addressed to "Valued Customer" or another generic salutation.
  • There are misspellings, typos, or grammatical problems.
  • A family member, friend, or business colleague needs someting out of the ordinary.  This can be the begnning of a Spear Phishing attack. This can be a phone call, email, or even a text. 

Always hang up the phone and never respond to an email exhibiting any of these charateristics, no matter how convincing they seem. Call the person back using a known phone number or better yet - email them or message them using a different device. You'll quickly learn whether the initial contact was legitimate or not. 

This  happened last month to one of The Computing Center employee's spouse. He received what appeared to be an unsolcited phone call from the Social Security Administration about their Social Security benefits. He immediately hung up, looked up the phone number online and discovered that it was indeed a reported scam number. The phone number, date, and time were reported to the SSA Fraud Department

Protecting yourself from Phishing Scams

used with permission from Norton by Symantec

A tech support scam is a form of Internet fraud that is currently gaining momentum on the Internet. The scam implements social engineering and fear tactics in order to get the victim to take the bait. There are three main ways this scam is executed- via cold calls, pop-up messages on the computer and incorrect search engine results.

Cold Calls

Tech support cold calls are when an individual calls the target, claiming to be from a reputable company and states that they have found malware on the computer. The criminal will then try to get the user to install a type of remote desktop software under the pretext of removing the infestation, which would allow the attacker access to the computer in order to install real malware. In addition to attempting to install malware on the machine, these scammers will often ask for a fee to fix the issue.

Pop-Up Warnings

Tech support pop-up warnings occur when a user is browsing the Internet. Usually, the target is viewing a website that contains links to related content, and when the user clicks on one of those links it will redirect them to a website hosting the pop-ups. These pop-ups can be terribly intrusive, making it difficult for the user to close the window. The pop-ups will then display a message stating that the computer is infected with malware and offer a phone number for help with removing the malware. Often, these pop-ups will look like they come from a legitimate source, such as our own Norton products.

Advertising/ Paid Search/ Confusing Search Results:

Fraudulent companies frequently use paid search to advertise their support services. When searching online, it is possible to receive different search results based on the search engine you are using. The following are examples on how to make sure that you always select Official Norton Support:

Motivation:

The main motives behind these scams are to extort the victim to gain money as well as installing malware such as keyloggers or backdoor Trojans in order to gain access to personal information.

How to Identify and Avoid Pop-Up and Cold-Calling Scams:

Pop-ups:

Examine the message closely- look for obvious signs of fraud such as poor spelling, unprofessional imagery, and bad grammar:

You can also do an Internet search for the phone number that is listed in the pop up to verify its legitimacy:

There are many websites out there where people report scammers. If it is indeed a scam, there will be an abundance of search results, often on the first page of the search, that clearly point out the scammer:

Cold-call telephone scams:

You will never receive an unsolicited call from Norton Support (or The Computing Center) to fix issues with your computer for money. You will only receive a call if you request it:

The Official Norton Support webpage is located at https://support.norton.com.

If you are not sure that a you've received a call from The Computing Center, call us or email support@compcenter.com.  We NEVER make unsolicited phone calls.

If you do happen to get a pop-up on your computer from an official Norton product, it may look like the examples below, depending on what product you may have. Keep in mind that when the software detects a threat, it will never ask you to call support via a toll-free number:

What to do if you’ve been scammed:

  • Change your passwords: to your computer, to financial institutions, to your Norton Account and any other password-protected websites that you visit.
  • Run a Full System Scan for viruses on your computer.
  • Contact your bank to report that there has been fraud performed on your account.
  • Use Norton Power Eraser, which uses a more intensive method to scan your computer in order to detect more complex threats that a traditional antivirus program can’t detect.
  • File a complaint with the appropriate anti-fraud bureau:

USA Federal Trade Commission (FTC)

Canada Canadian Anti-Fraud Centre

UK - National Fraud and Cyber Crime Reporting Centreunsolicited calls

TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Comments are not allowed for this entry.