Cybersecurity Scam of the Week

Feb 28

Phony Utility Ads

Posted on February 28, 2024 at 12:22 PM by Jackie Kolb

SCAM OF THE WEEK:

Phony Utility Ads

Search engines, like Google, are so popular that many people use the search feature instead of typing a URL. For instance, people may quickly search for their electricity provider's name to find the online payment portal. And for this week's scam, that's exactly what cybercriminals want you to do. This scam tries to trick you into clicking on a fake ad instead of the billing portal that you’re trying to find. The scammers purchase a variety of fake utility payment advertisements, and you see those ads during your searches. They know that they can trick you more easily if you contact them instead of them reaching out to you.
 
 If you click on one of these ads, you will be prompted to dial a phone number. Dialing the number puts you directly in contact with a scammer. They may try to scare you by saying your bill must be paid immediately. Or they may tempt you with an offer to help you save money—but only if you act now. Neither the advertisement nor the person you are talking to is legitimate. Paying them won’t help with your utility bills, but the scammer might use you to help pay their own bills!
   
 Follow these tips to avoid falling victim to a utility bill scam:

  • Remember, anyone can purchase an advertisement. Be cautious when clicking on ads, even if they seem relevant to you.
  • Scammers often ask you to make payments using unusual methods, such as gift cards or money transfers. If something seems strange about a financial transaction, stop immediately!
  • If an offer seems too good to be true, it probably is. Always stop and think before taking action.

The KnowBe4 Security Team
 KnowBe4.com

Feb 21

Remote Desktop Robbery

Posted on February 21, 2024 at 12:13 PM by Jackie Kolb

SCAM OF THE WEEK:

Remote Desktop Robbery

In this recent scam, cybercriminals are trying to trick you into downloading software that they can use to access your computer. They start by sending you a fake email that appears to come from your bank. The email says that there is an issue with your account and that their team needs to investigate. Of course, there isn’t actually an issue, but the scammer offers to help you fix it.
 
 Scammers often use fake emails to trick you into downloading malicious files. But in this scam, they have you download legitimate remote desktop software that is normally used by IT professionals to assist you. In this case, even though the software you downloaded is legitimate, the person who is asking you to install it is a scammer. If you allow them to access your desktop, they have full control of your computer. Then they can request passwords or other login information from you to gain access to your financial accounts and data.
   
 Follow these tips to avoid falling victim to a remote desktop scam:

  • Be suspicious of any unexpected emails claiming that there is an issue with your account. If you have reason to believe the request is genuine, contact your bank using a verified number or email address.
  • Never give control of your computer to someone who contacts you, even if they claim to be from your bank or tech support.
  • Never share passwords or login information with anyone. This data is personal, and your bank will never ask you for it.

The KnowBe4 Security Team
 KnowBe4.com

Feb 14

Deepfake Deception

Posted on February 14, 2024 at 12:08 PM by Jackie Kolb

SCAM OF THE WEEK:

Deepfake Deception

AI scams are becoming more frequent, and they’re also becoming more sophisticated. In a recent scam, cybercriminals demonstrated just how convincing AI fraud can be by faking an entire video call. In fact, the scammers were able to steal over 200 million Hong Kong dollars by emailing an employee and pretending to be their organization’s Chief Financial Officer (CFO).
 
 The fake CFO asked the employee to make a secret financial transaction. He initially dismissed the email as a phishing attempt. But later, he was lured into attending what he believed was a video meeting with the organization’s CFO and other employees. The meeting attendees looked and sounded exactly like coworkers that the employee recognized, but they were all deepfakes. The scammers used AI technology to create believable video and audio of the CFO. After the meeting, the employee was convinced that the financial request was genuine and he sent the payment as requested. 
 
 As AI scams continue to become more realistic, it’s more important than ever to learn how to spot them! Follow these tips to avoid falling victim to an AI scam:

  • Always be wary of requests that are being sent in an unusual way. Receiving a secret financial transfer request, even from a CFO, isn’t likely genuine!
  • Trust your instincts. Immediately report any suspicious requests or emails to your organization’s security team so that they can investigate them.
  • Cybercriminals typically try to get you to act impulsively. Always stop and think before taking action.

The KnowBe4 Security Team
 KnowBe4.com