Welcome to Cyber Insights. In this edition we highlight callback phishing scams, share the latest security breaches and explain how phishing attacks land in your inbox!
SCAM ALERT
While making a phone call may seem harmless, you should always consider who’s on the other end of the line. Cybercriminals can use callback phishing scams to trick you into calling them directly. Once you’re on the phone, cybercriminals will ask you to share sensitive information or grant access to your device.
In one scam, cybercriminals send you an email that says you’ve subscribed to a service with automatic payments. The email also includes a phone number you can call if you have any questions. When you reach the phone number, cybercriminals will ask for remote access to your desktop so that they can cancel your subscription.
If you grant remote access, the cybercriminals will attempt to change your permissions so they can access your desktop later. Then, they can use ransomware to lock you out of your desktop and threaten to release your personal information unless you meet their demands.
Don’t fall for these types of scams! Instead, follow the tips below to stay safe:
- Cybercriminals often use fake invoices to trick you into hastily clicking or calling. So always think before you take action!
- Never call a phone number provided in a suspicious email. Instead, visit the organisation’s official website from your browser to find their contact information.
- Never grant remote desktop access to any unverified agents or organisations. In most cases, legitimate support representatives will be able to solve your problem over the phone or via email.
BREACH UPDATE
 | 7-11 Stores: Convenience Store Chain The chain of 7-11 stores in Denmark was forced to shut down after a cyberattack disrupted stores’ payment and checkout systems throughout the country. The attack occurred on August 8th, and all stores remain closed while the company investigates the incident. No word on when they’ll reopen or the nature of the attack, although ransomware is suspected. Read more here >> |
 | DoorDash: Food Delivery Service DoorDash has confirmed a data breach that has exposed customer information. The vendor’s employees had credentials stolen from a recent incident at software company Twilio that were then used to access DoorDash’s internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering suspicious activity. DoorDash did not name the third-party vendor but did confirm the attack and that it was related to the Twilio hack. Read more here >> |
CYBERSECURITY TIPS
Have you ever wondered how phishing attacks get into your inbox? Most email clients, such as Outlook and Gmail, have built-in features to filter out potential threats. Additionally, your organisation likely has extra security measures to help protect your work account. Unfortunately, scammers have found clever ways to bypass this security and creep into your inbox.
Technical TacticsMost security filters work by looking for specific text patterns, file formats, or links to websites that are known to be suspicious. Unfortunately, scammers often bypass this feature by hosting a malicious file on a legitimate file-sharing service, such as Dropbox or Google Drive. As a result, your email filters will not see the linked file as a threat because it is hosted on a trusted website. Remember: Never trust a link within an email you were not expecting, even if it is to a familiar website. Social EngineersBad guys can avoid security filters by sending phishing emails that don’t include links or attachments. Instead, they use a technique called social engineering. Social engineering is when a scammer poses as someone else and tricks you into sharing sensitive information. Typically, the phishing email will appear to be from someone important, such as your manager or a member of your IT department. Then, the scammers try to use this disguise to trick you into replying with sensitive information, sending a confidential attachment, or even wiring money to them. Remember: Stop and think before you click. Were you expecting this email? Is this an unusual request? Is there another way that this person can, or should, securely gather this information? A Human TouchTechnology will never catch 100% of threats because the attackers are human. That’s why becoming a vital part of your organisation’s human firewall is so important. |
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
