Don’t deliver this mail if it comes to your inbox, a text scam and beware of Mac synthetic clicks.
Welcome to Cyber Security Today. It’s Wednesday June 5th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
Email scams just keep on coming. The latest, according to news site Bleeping Computer, goes like this: You get an email with the subject line some like, “Notification: Undelivered Mail.” It looks like a list of messages that haven’t been delivered to you. And there’s a message that comes with it saying something like “Messages are pending to be deliver to Mailbox” and “You have below mails pending to be release.” Well, the poor grammar is one clue that this is a scam. What it wants you to do is click on a message or messages to either accept or delete them. But when you do that, it brings up a phony Outlook Web App login page, inviting you to sign in — that, of course, gives the crooks your password. As the article notes, if you get an email that leads to a login form, check carefully. There’s a good chance its a scam. Rather than click a link to login, you can always go to a site the way you usually do, making sure its a legit site.
Text scams get imaginative, too. One a friend received last week claimed to be from Canada Revenue: Just click on the link and you get your tax refund. However, my friend knew this was a scam because she OWED the government money. Click on this link and either malware automatically downloads to your phone, or you’d be asked to log in to see your account — and you’d give your password to a crook. You have been warned.
Mac owners like to think they have some of the safest computers thanks to Apple’s dedication to security and privacy. However, Wired Magazine carries an interesting article about a security researcher who found a bug in the operating system. It exploits a feature built in by Apple that allows ‘synthetic clicks’ — that is, it fakes macOS into thinking a user has clicked through approvals. One of the ways Apple tries to ensure security is by having users click on certain screens to approve security changes. But it also allows synthetic clicks for certain applications. That could be abused by a hacker under the right circumstances, who could install malware that automatically generates fake approval clicks on menus. The article makes interesting reading.
Finally, I was at a conference on Monday when a speaker said if we want to make cyber security work it has to be easy. Unfortunately, it still isn’t. I couldn’t use the new laptop I brought with me because it refused to recognize my fingerprint — which it had only 20 minutes earlier. It insisted I had to enter my new PIN number, which I had forgotten because I didn’t expect to need it. Attention laptop manufacturers: You still have a long way to go. Attention listeners: Be prepared.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon