Cybersecurity Alerts: Weekly Update for October 23rd
As part of a new series, join us each Friday to learn about the latest security scams that should be on your radar.
US Talk Talk Mobile Security Breach
UK Talk Talk customers are advised to change their passwords immediately, as a hackers group has claimed responsibility for an enterprise wide data breach. This data breach could potentially affect all of the organization’s four million customers.
WhatsApp Mobile Phone Scam
In the What’App mobile phone scam, you receive an email that appears to be from WhatsApp. The subject line reads “Incoming Voice Message” and has a time stamp. When you open up the message, you’ll see a “missed voicemail” alert and a button to play the message. Recipients who click on the button unknowingly start the download of a virus that is just as risky as malicious software written for other computers.
Keep in mind that WhatsApp does not communicate with customers via email unless they are replying to a specific customer request. Most apps communicate with you through the application itself when there are updates, enhancements and patches to improve the reliability and stability of the software. If an app suddenly communicates using a different method, it’s a red flag.
LinkedIn Hacking Scam
Investigators at Dell recently found that hackers set up an elaborate network of fake LinkedIn profiles, all designed as an elaborate scam to steal electronic intelligence. The 25 fake profiles cross-referenced each other, giving them credibility, and managed to trick hundreds of telecom workers and others into accepting connections. Dell’s research team believes an Iran-based hacking organization named Threat Group 2889 was behind the scheme.
LinkedIn can be a powerful tool for finding a new job or building a network of professional connections. It is also a powerful tool for hackers or scammers to get a foothold into your digital life and your personal information. LinkedIn users tend to be more open to accepting connections from strangers than users of other social networks, such as Facebook, because LinkedIn is perceived as less personal.
Skype Scams Courtesy of Malware Bytes
Here are some common Skype-related scenarios in which you should plan to exercise caution:
Skype Credit Generators: Everybody would like to recieve free Skype credit, but steer clear of using random downloads for this purpose. You can end up with PUPs, potentially unwanted programs that change system settings and gather personal information without your knowledge, or Malware.
Smileys and Emoticons: As with Skype credit generators, downloading smileys and emoticons may cause you to run into problems related to PUPs, browser extensions, and installers with standalone uninstaller programs.
Skype Spam IM Messages: Sent by compromised accounts, these spam messages will often make use of URL shorteners and / or encoded search engine links to disguise the bad intentions of the final destination. Random messages that appear out of the blue accompanied by shortened links should always be checked where possible, and you should contact the sender by alternative means if you’re still not 100% sure they are legitimate.
Chatbots: Chatbots have been around forever, but they still pop up across the board in Instant Messaging. Chatbots attempt to convince you to click a link, and provide payment information to “ensure you’re over 18 years of age.”
Email Spam: If you have voicemail enabled for any VoIP service, you should stick to checking your voice messages directly from the app or official website. Convincing looking voicemail messages that land in your voice mailbox are a popular tactic for multiple spam groups that utilize Malware and Exploit Kits.