Text Message Scams on the Rise
Because of its ease of use, text messaging, the go-to method of communication for marketing and has benefited almost every industry in the business world. Most people always have their phone in hand, and, more often than not, sending a text is more useful than sending an email. Businesses and even our government have taken advantage of using text messages to get their messages to people quickly and more efficiently. Studies have shown that majority of incoming text messages are opened within 15 minutes of receipt. Hackers are well aware of this, and they too are taking advantage of this.
Text message or SMS (short message system) phishing is also called “smishing.” Smishing occurs when scammers use fake text messages to entice consumers into providing their personal or financial information. The scam artists that send smishing messages often impersonate a government agency, bank, or other company to lend legitimacy to their claims. Smishing messages typically ask consumers to provide usernames and passwords, credit and debit card numbers, PINs, or other sensitive information that scam artists can use to commit fraud. They also provide dangerous links in hopes the victim will click on it providing them easy access to their data.
These types of attacks are on the rise, and, like other scams, the goal is for it to look legitimate. Here are a few things to remember:
- No government agencies, banks, and other legitimate companies will ever ask for personal or financial information, like usernames, passwords, PINs, or credit or debit card numbers via text message.
- Never click on links in unsolicited text messages. Clicking the link may infect your mobile device with a virus or malware designed to steal the personal or financial information stored on the device.
- Don’t respond to smishing messages. Not even to tell the sender to stop texting you. Responding to smishing messages verifies that your phone number is active and that you are willing to open such messages, which may lead to an increase in the unsolicited text messages you receive.
- Be selective to whom you provide your cell phone number to in response to pop-up advertisements and “free trial” offers. This personal information can be easily bought, sold, and traded, and make you a target for smishing scams.
- Don’t be fooled by the sense of urgency in an unsolicited text message. Smishing scams attempt to create a false sense of urgency by implying that an immediate response is required.
Your cell phone essentially has the same capabilities as your computer or laptop and thus the same safety and security practices should be used. Always keep your security software and applications up to date and be extremely cautious of text messages from unknown senders.
Sources:
https://about.att.com/pages/cyberaware/ae/smishing
https://www.ag.state.mn.us/consumer/publications/TextMessagePhishing.asp
|
|
|
|
Phishing Campaign Uses Live Chat, Leverages PayPal Brand
|
Emails Contain Legitimate Links That Lead to Authentic PayPal Site
In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways.
The attackers' unusual techniques point to the need for organizations to ramp up defenses against these types of attacks, which eventually could target employees' credentials.
The researchers found that the campaign not only creates a typical “forms” page or spoofed logins, but also uses a carefully crafted email that appears to be legitimate unless a recipient dives into the headers and links.
Attack Analysis
The subject line notes that the email is trying to initiate a live chat to discuss a service notice related to the target’s PayPal account.
"This may rush the target into attempting to have the problem resolved quickly. Despite this, the threat actor made no attempts at masking the “from” address, which the PDC [Primary Domain Controller - a service in a Windows server that manages security for its local domain] identified as one that’s not associated with legitimate PayPal emails," says Alex Geoghagan, security researcher at Cofense Phishing Defense Center.
The malicious email also contains a “Help & Contact” link as well as a “Learn to Identify Phishing” link, both leading to authentic PayPal links.
But, Geoghagan notes, "when hovering over the button labelled “Confirm Your Account,” it does not lead to a PayPal URL. It instead leads to a URL at direct[.]lc[.]chat. A user familiar with PayPal may notice at this point that they are being taken to a domain outside of PayPal, while the legitimate PayPal live chat is hosted within the PayPal domain and requires that you log in to use it."
When a victim visits the fraudulent live chat, the threat actor utilizes automated scripts to start communication. The attacker initially attempts to get an email address and phone number from the victim. "It can safely be assumed that the threat actor is gathering this information to convey legitimacy or to collect sufficient information for authentication," according to the Cofense report.
"The attacker will continue to use this automated script, and then step in where the script fails in order to directly interact with the victim. This is probably to reduce their own workload throughout the attack," Geoghagan states.
Once the threat actor acquires the phone number and an attempt to verify the email address has been made, the attackers then will try to get credit card information from the target, the Cofense report notes.
"Finally, a verification code is sent via SMS to the target using the phone number provided earlier. By using this code, it can be inferred that the phone number given by the victim is live and the target is the individual who has access to the device," the researchers note. "After acquiring the right amount of information from the target, the threat actor will supposedly attempt to call their target. However, as they stated, they will only call the target if they are able to verify the entirety of information given to them."
|
|
|
|
Securely Using the Cloud
Overview
You may have heard of a concept called “the cloud.” This means using a service provider on the internet to store and manage your data. Examples include creating documents on Google Docs, accessing email in Microsoft O365, sharing files via Dropbox, or storing your pictures on Apple’s iCloud. While you access and synchronize your data from multiple devices anywhere in the world and share your information with anyone you want, you often do not know and cannot control where your data is physically stored.
Selecting a Cloud Provider
Cloud services are neither good nor evil. They are tools for getting things done. However, when you use these services, you are essentially handing over your private data to strangers, expecting them to keep it both secure and available. As such, you want to be sure you are choosing your service provider wisely. For work-related information, check with your supervisor to see if you are allowed to use cloud services and which ones are authorized. If you are considering using cloud services for personal use, consider the following:
-
Trust: Can you trust the cloud provider? Is this a well-known, public company that millions of people are already using, or is this a small, unknown company based out of a country you never heard of?
-
Support: How easy is it to get help or have a question answered? Is there a phone number you can call or email address you can contact? Are there other options for support, such as public forums or Frequently Asked Questions on their website?
-
Simplicity: How easy is it to use the service? The more complex the service is, the more likely you will make mistakes and accidentally expose or lose your information. Use a cloud provider you find easy to understand, configure, and use.
-
Security: How will your data get from your computer to the cloud service? Is the connection secured by encryption? How is your data stored? Is it encrypted, and if so, who can decrypt your data? As you migrate your data, remember security is a shared responsibility between you and the vendor.
-
Compatibility: Does the service provider support all of the devices and operating systems that you use or are planning to use?
-
Terms of Service: Take a moment to review the Terms of Service (they are often surprisingly easy to read). Under which country’s laws does the service provider operate? Pay particular attention to rights that you cede to your service provider.
Securing Your Data
The next step is to make sure you use your cloud services properly. How you access and share your data can often have a far greater impact on the security of your data than anything else. Some key steps you can take include:
-
Authentication: Use a strong, unique password to protect your cloud account. If your cloud provider offers two-step verification, we highly recommend that you enable it.
-
Sharing Files / Folders: Cloud providers make it very simple to share data - sometimes too simple. It can be very easy to accidentally share your information publicly. Protect yourself by only allowing specific people (or groups of people) access to specific files or folders. When someone no longer needs access, remove them. Your cloud provider should provide an easy way to track who has access to your files and folders.
-
Settings: Understand the security settings offered by your cloud provider. For example, if you share pictures, files, or a folder with someone else, can they share your data with others without your knowledge?
-
Renew: Do not forget to renew your subscription or you could lose access to your data.
|
|
|
|
|
Please Note: the following Adobe products are end of life and are no longer being supported by Adobe! Adobe will no longer issue updates or security patches for these products.
- Acrobat X Pro
- Acrobat X Standard
- Acrobat X Suite
- Acrobat XI Pro
- Acrobat XI Standard
|
|
|
|
Proofpoint is offering complimentary Awareness Training Kits. The kits give you the tools you need to engage your users and turn them into a strong line of defense against phishing attacks and other cyber threats.
And if you are interested in acquiring Proofpoint for your organization, please contact your Account Executive today!
|
|
|
|
2021 Company Holidays
Monday, September 6, 2021 - Labor Day
Monday, October 11, 2021 - Columbus Day
Thursday, November 11, 2021 - Veterans Day
Thursday, November 25, 2021 - Thanksgiving Day
Friday, December 24, 2021 - Christmas Eve Day (AaSys will close at 12:00 PM)
Saturday, December 25, 2021 - Christmas Day
Saturday, January 1, 2022 - New Year's Day
|
|
AaSys Group, Inc.
11301 North US Highway 301
Suite 106
Thonotosassa, FL 33592
(813) 246-4757 Phone
(813) 246-4576 Fax
|
|
|
|
|
|
|