Scam of the day – November 8, 2017 – New banking malware threat uncovered

Researchers at Cisco Talos have recently uncovered a new method cybercriminals are using to trick people into downloading a strain of malware called Zeus Panda which steals banking information from the victim’s computer and uses it to steal from their bank accounts.

The first step in the process used by the cybercriminals was to come up with a long list of search phrases that people would use when they would search for banking information on search engines, such as Google.  They then used compromised web servers and Search Engine Optimization (SEO) tactics to make sure that the phrases appear high on a search engine search page.  Next the cybercriminals would use infected links that appear in compromised legitimate business websites appearing in the search to redirect the unwary victim to a malicious website where the victim would be prompted to download a document, open the file and click “Enable Editing” which  ultimately downloads the malware that steals banking and other sensitive information to be used by the cybercriminals.

TIPS

This scam is just another reason why it is important to remember my motto, “trust me, you can’t trust anyone.”  Merely because a website comes up high in a search engine search on Google or any other search engine does not mean that it is legitimate.  Companies and servers must constantly monitor themselves to make sure that they are not compromised, however, the key for us as consumers is to follow the rule of never downloading attachments or enabling macros unless we have absolutely confirmed that they are legitimate.  While many people know not to click on unverified links, few people think to confirm attachments from trusted websites before downloading them because they may be infected.

Scam of the day – January 10, 2015 – Scam videos of the Charlie Hebdo terrorist attacks

The fear and concern following the attack by terrorists that attacked the offices of the satirical magazine Charlie Hebdo and a Jewish supermarket in Paris is finally over after 53 hours.  The aftermath of the attacks include the deaths of twelve people at Charlie Hebdo’s offices and four more innocent people at the supermarket.  All three terrorists whose attacks were coordinated are also dead.  Much of the public around the world have been glued to their televisions and computers watching the events unfold.  Among the people whose attention has been focused on these events were scammers who are always looking to capitalize on events that capture the public’s interest.  If patterns follow, you can expect that you will be receiving emails, text messages or social media communications promising “shocking video” of these attacks.  Again, the familiar pattern is that you are told that these are exclusive videos that you can see nowhere else.  We have seen this type of scam following major natural and unnatural disasters in including Tsunamis and plane crashes.  Once you click on the links in the various communications, you end up downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.

TIPS

Regardless of the purported source of any email, text message or social media communication, you can never be sure that the source is indeed who it says it is or that it is legitimate.  Never ever click on links in any form of communication unless you have absolutely confirmed that it is legitimate.  The risk is too high.  Even if your electronic devices are protected by anti-virus and anti-malware software, the best security software is always at least a month  behind the latest viruses and malware.  If your curiosity gets the best of you, limit your search to legitimate news websites and, even then, make sure that you type in the website address correctly so you don’t get misdirected to a phony phishing website that appears to be the legitimate website that you seek, but actually is a scam website that will try to lure you into clicking on tainted links.  Google searches are also a dangerous way to look for “shocking video” due to the fact that merely because a website may turn up high on a Google or other search engine search, does not mean that the website is legitimate.  All it means is that the person creating that website was good at Search Engine Optimization (SEO) which is knowing how to adapt the makeup of a website to place high in the algorithms used by search engines to rank websites for searches.