In The News‎ > ‎

Scam email forecast

posted Jul 22, 2015, 1:00 PM by Craig Cox   [ updated Jul 27, 2015, 8:03 AM ]
There's been a lot of hacker activity this summer.  What's out there now, compared to what we've seen in the past, makes it feasible to try a few broad predictions.

What we've seen in general:

Cyber criminals tend to follow current events.  When the tsunami hit Japan, scammers registered domain names like "japanesetsunamiaid.org" to try to bilk charity dollars from concerned folks.  When a celebrity dies unexpectedly or endures some scandal, there is nearly always a wave of links on social media promising the autopsy report or the sex tape or whatever was making the news, but wasn't quite public.

What we've seen this summer:

Reports so far have mostly been the usual "your account is going to expire, click the link to put in your credentials" or an unexplained link that you should click on just because it came in.  Credentials harvesting is kind of obvious from the message, but the unexplained link could be anything from a web exploit that takes over your computer to a click-fraud operation.  However, things may get a bit darker for a while.

Update 7/27:  This morning I received forwarded suspicious email from an alert user.  The email claimed to be a notice to appear in court, and promised details in an attached zip file.  In truth, the zip file contained a trojan horse program that, if clicked, would have downloaded unknown additional malware.  Our Sophos antivirus product probably would have intercepted this, but I am delighted for the AV to be the fallback.  Alert people are the best defense!  Be skeptical of unexpected, urgent, scary emails!

TV News has a story about how prepaid card users were scammed into giving their login credentials to a phony web site.  Local station WBOC aired something like this, but no link was available as of this writing.  Unhappily, you have to allow Adobe Flash to run to see the video, but most of the information is also in the text.

What we expect:

The "Hacking Team" exploit covered in the "Summer of Patches" article will give the bad guys a new bag of tricks to try, until all those holes are patched.  Look for things that entice you into clicking before you think.  For example, the Ashley Madison hack might lead to things like "You'll never believe which celebrity / presidential candidate was an AM customer! Click here to find out!"  Scammers may also try to convince you that your own information was disclosed in the AM hack, and demand hush money to keep it quiet.

ID protection company Lifelock is in a dispute with the FTC over whether they're delivering services as advertised.  You may see emails with messages like "Tired of Lifelock? Try us instead!" that lead to shady websites that want you to input the data they'll be "protecting". 

PNI Digital Media, which provides online photo printing services for Costco, Rite Aid, CVS and others has suffered a credit card numbers breach.  This might also lead to false offers of credit monitoring.  Please check out businesses before handing over your banking or identity information!

This list is just a few examples; these kinds of events are constantly unfolding.

What you can do:

If nothing else, think before you click!  All of the "social engineering" come-ons share one characteristic:  They try to get you to act before your common sense kicks in.  Don't be taken in!

Check the website address -- is it spelled correctly?  The news story above emphasized looking for https in the address bar, which is good, but scammers are sometimes able to provide https on scam websites too.  If you already have a bookmark or favorites link to your bank, and you know that works, use that instead of a link in an email.

Have you seen new malicious email?  Please forward it to me at craig.cox@dtcc.edu.  Often I can get malicious pages taken down, if some other victim's IT group doesn't beat me to it.  Sometimes there's something in there that I can use to filter the emails before they reach more of our people, or something that ought to be a portal announcement.  (For ordinary spam, there's advice here for college accounts and home accounts.)

Edited 7/23 to add the prepaid card scam info & link.