Cyber Security Today – Three email password scams to watch out for

Three email password scams to watch out for

Welcome to Cyber Security Today. It’s Wednesday December 11th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today’s news focuses on three phishing scams aimed at getting your passwords.

First, according to security vendor Malwarebytes, Playstation subscribers are getting fake messages on the platform from the developers of the game Elder Scrolls threatening to kick them off the game. The message says there has been some unusual activity with their account. To confirm they are the rightful owner the subscriber has 15 minutes to click on the alert, log in with their email address, password and date of birth listed on the account. Ignore this warning. If there is a real problem a game developer will email you; they won’t send a message on the gaming service. And no company will send a message asking for your password. If there is a real problem go to the company web site yourself and log in there — don’t click on a link in the email or message.

In the second report a security training company called the SANS Institute describes a new version of an old scam, the infected email attachment for stealing passwords. The victim gets an email with a message like: “Please find attached a copy of your payment notification.” Usually when the document is opened it goes to a fake website login page that the attacker has to take the effort to set up. Victims might deduce something is suspicious by an odd or unfamiliar Internet address. A new scam gets around that by making a fake login page that pops up after someone clicks on the document. Victims are asked to log in on the fake page with Gmail, Office 365, Yahoo, Hotmail or other accounts. It looks like the login goes well, but then the page asks for a phone number and recovery email as well. Then a low-quality phony invoice is displayed. Finally, the victim is sent to a real email site. The goal of all this, of course, is to steal usernames and passwords. Again, to protect yourself don’t log into sites from links in email or text attachments.

The third scam was discovered by security vendor Palo Alto Networks and is similar to the last one: The victim gets an email with an attachment. This one seems to come from their employer, with the subject line referring to an annual bonus or a payroll notification. The attachment is a letter about direct payment deposit to the victim. It asks the victim to click on a link, review the payment or bonus and sign it. The link really goes to an infected document that sends hidden malware from a criminal website. The malware steals user names and passwords every time the victim logs into a site. Note that in this scheme the criminals may target a specific person so the email is sent to a named individual within the right company to enhance its authenticity.

These three examples are reasons why you need to be careful with all email and texts. Slow down, read them carefully, make sure they really are legit. And, where you can subscribe to two-factor authentication requiring you be sent an extra login code in addition to a username and password.

In other news, over 100 Colorado dentists didn’t have proper data backup and have been stung after their technology supplier was hacked and used to pass on ransomware. The lesson: Any company that has access to your firm’s systems can be used as a door to an attack. Meanwhile in England a member of a Russian-speaking cyber gang sentenced earlier this year to more than six years in prison was told last week to pay the court about $350,000. If he doesn’t, he’ll have to spend to more years behind bars — and still pay the money.

Finally, yesterday was Microsoft’s monthly Patch Tuesday, when security updates for Windows and other products were released. If updates aren’t automatic for your machine, make sure they’re installed by going into Settings and then Windows Update.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast