Another telephone computer support phone scam, income tax scams, hackers in plain sight and check your router
Welcome to Cyber Security Today. It’s Monday April 8th. I’m Howard Solomon, contributing reporter on cyber security and privacy for ITWorldCanda.com
Telephone computer support scams keep on coming. One that a friend received last week was completely automated. It said: “This call is in regards to security software we installed on your computer last year. Now we see a red flag error indicating there is a security breach on it. Please call this 1-855 number.” This con tries to scare you by saying there’s an alert. If you call the number someone will try to trick you into buying security software or an online inspection you don’t need. And they’ll get your credit card. If you get one of these calls, ignore it. And warn your friends.
For Canadians, here’s advice on handling telemarketing scams
For many listeners it’s income tax reporting time — which also means criminals are looking for ways to trick you into giving them your passwords, social insurance or social security number. One goal is to get access to your government tax account so refunds go to criminals, not to you. You’ll see email with subject lines like “Notice of Outstanding Income Tax Demand,” “IRS Update,” or messages pretending to be from the Canada Revenue Agency. Attached to the email is a document, perhaps with a government logo but also filled with malware. Or there may be a link that goes to a web site with a government or tax department logo, with a place for you to log into. That’s where they capture your government password. There may be a place to add your credit card number for a promised tax refund. These email messages may have your name, or be addressed to “Dear Taxpayer.” Versions of this scam involve messages sent to accounting firms.
Security vendor Proofpoint offers this advice: Be careful of email claiming to be from the tax department. Sometimes the email address the message comes from is a giveaway to a scam. If it starts “Dear Taxpayer” that’s another giveaway. Governments will never contact you online with a request for personal or financial data. When in doubt go to the government web site yourself rather than click on a link in a message. If someone telephones you claiming to be from the tax department, hang up.
Hackers don’t always hide in the dark crevices of the Internet. Sometimes they’re on social media, advertising their capabilities for hire and stolen data for sale. For example, Cisco Systems has identified 74 groups on Facebook with names like ‘Spam Professional.’ and ‘Facebook hack phishing.’ How Facebook content overseers miss them is a mystery. Hopefully, Cisco has passed on the list and Facebook will shut these groups down fast.
Your home router is a valuable piece of equipment: It’s the way you connect to the Internet. But if it gets hacked it can also be used to send you to malicious web sites. These sites may look like ones you intended to go to. According to the Bad Packets Report this kind of highjacking has been happening lately to a number of owners of modems made by D-Link, Totolink and others. Make sure your router or modem is running the latest firmware to avoid being a victim. If your device is no longer supported by the manufacturer, it’s time to get a new one.
Attention web site administrators and cloud service providers: If you’re running Apache HTTP Server, make sure it’s patched. According to security vendor Rapid7, some 2 million are running older, vulnerable versions.
Finally, a few episodes ago I told you that Cisco Systems was working on patches for its Small Business RV320 and RV325 Dual Gigabit WAN VPN routers. Well, now those fixes are available on the Cisco Security Advisories site.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.