Fake

now browsing by tag

 
 

Beware of fake calls from COVID-19 scammers, Metro Health warns | #coronavirus | #scams | #covid19

SAN ANTONIO – The Metropolitan Health District is warning people in an Antonio to be aware of scammers who are posing as contact tracers for the city and trying to […] View full post on National Cyber Security

Scammers using fake antibody test to steal information, FBI warns | #coronavirus | #scams | #covid19

Scammers have found yet another way to take advantage of the COVID-19 pandemic, by selling fake antibody tests. A real antibody test will screen your blood for antibodies made when […] View full post on National Cyber Security

#nationalcybersecuritymonth | Hillicon Valley — Presented by Facebook — FCC fines mobile carriers $200M for selling user data | Twitter verified fake 2020 candidate | Dems press DHS to complete election security report | Reddit chief calls TikTok spyware

Source: National Cyber Security – Produced By Gregory Evans

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills).

 

FCC FINES TOP MOBILE CARRIERS: The Federal Communications Commission (FCC) is proposing more than $200 million in fines against the country’s top mobile carriers after a lengthy investigation concluded T-Mobile, AT&T, Sprint and Verizon improperly sold access to their customers’ precise location information. 

The agency is alleging the companies broke the law by failing to protect information about the geolocation of their hundreds of millions of customers. 

“The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information,” FCC Chairman Ajit Pai (R) said. “And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t.”

“Today, we do just that,” Pai said.

The proposed fines — which Verizon, AT&T, T-Mobile and Sprint are now allowed to contest — are some of the largest the FCC has proposed in decades. But since reports began emerging about the fines on Thursday night, consumer advocates and privacy hawks in Congress have accused the regulatory agency of holding back and letting the telecom companies off the hook with fines that amount to a “rounding error” compared to their significant bottom lines.

Sen. Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Presented by American Health Care Association — California monitoring 8,400 people for coronavirus | Pence taps career official to coordinate response | Dems insist on guardrails for funding Schiff presses top intel official to declassify part of report on Khashoggi killing Top Trump advisers discuss GOP need to act on health care at retreat with senators MORE (D-Ore.), who was one of the first to shed light on the companies’ unlawful information sharing, released a statement accusing Pai of going easy on the companies.

“It seems clear Chairman Pai has failed to protect American consumers at every stage of the game – this issue only came to light after my office and dedicated journalists discovered how wireless companies shared Americans’ locations willy nilly,” Wyden said. “He only investigated after public pressure mounted.”

“And now his response is a set of comically inadequate fines that won’t stop phone companies from abusing Americans’ privacy the next time they can make a quick buck,” Wyden said.

Verizon, for instance, boasted a total revenue of $31.4 billion in 2019 and is facing a fine of $48 million.

The FCC is proposing a fine of $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon and $12 million for Sprint.  

T-Mobile, which is facing the largest fine by far, said in a statement Friday that it intends to dispute the FCC’s conclusions.

“We take the privacy and security of our customers’ data very seriously,” T-Mobile said. “While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine.” 

Public Knowledge, a consumer rights group, said the FCC’s fines indicate the chairman is enforcing the law “to the barest degree possible.” 

Read more on the fines here.

 

SPONSORED CONTENT — FACEBOOK

Elections have changed and so has Facebook

Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.

See how Facebook has prepared for 2020.

 

TURN IT IN: House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonRussian interference reports rock Capitol Hill Intel officials warned House lawmakers Russia is interfering to get Trump reelected: NYT Top Democrats demand answers on DHS plans to deploy elite agents to sanctuary cities MORE (D-Miss.) on Friday raised concerns around the Department of Homeland Security’s failure to submit a congressionally mandated election security report on time. 

DHS was required under the 2020 National Defense Authorization Act to submit a report to Congress on successful and attempted cyberattacks on U.S. election infrastructure during the 2016 elections, along with any future cyberattacks on elections that DHS anticipates. 

The agency was required by the NDAA to submit the report within 60 days of the bill being signed into law. President TrumpDonald John TrumpThe Memo: Biden seeks revival in South Carolina Congress eyes billion to billion to combat coronavirus Sanders makes the case against Biden ahead of SC primary MORE signed the NDAA on Dec. 20, with Feb. 18 marking the deadline for the report to be submitted to appropriate congressional committees. 

Thompson, whose committee is among those that DHS is required to submit the report to, said Friday that the failure of DHS to submit the report “further obstructs Congress’ abilities to conduct proper oversight,” and noted this was “in direct violation of the law.”

“The threat to our democracy from foreign governments is real, and the Administration’s pattern of denial must stop,” Thompson added. “With President Trump in office, the American people cannot expect our elections to be secure and free from foreign interference or cyber-attacks with status quo measures in place.”

Read more here.

 

‘WALZ’-ING AROUND: Twitter earlier this month verified an account for a fake 2020 congressional candidate created by a teenager.

The account was for a fictional Republican congressional candidate from Rhode Island named Andrew Walz.

His Twitter bio claimed that Walz was a “proven business leader” and a “passionate advocate for students,” CNN Business first reported.

The owner of the account was a 17-year-old high schooler from upstate New York who, according to the network, made the account over the holidays because he was “bored.”

“During Christmas break I was kind of bored and I learned a lot from history class, but also on the news they were talking more about misinformation,” the high school student told CNN Business.

The teen said it took him about 20 minutes to make the website for his candidate and then another five minutes to create the Twitter account.

He got his profile picture from a website called This Person Does Not Exist, which computer generates realistic photos of fake people.

Then, he filled out a short survey with information about his fake candidate on Ballotpedia, the nonprofit “Encyclopedia for American Politics.” Twitter announced in December that it would be partnering with the nonprofit in an attempt to verify more congressional candidates. 

However, according to the student, neither Twitter or Ballotpedia asked for any further kind of identification to confirm that Walz was, in fact, genuine.

The social media platform has received flak from candidates who say it has been slow to verify them.

Read more on the incident here.

 

REDDIT DINGS TIKTOK: TikTok is under scrutiny from Reddit CEO and co-founder Steve Huffman for practices he calls “fundamentally parasitic,” referring to serious privacy concerns surrounding the app.

The app is a video-sharing social networking service owned by ByteDance, a Beijing-based company established in 2012 by Zhang Yiming. TikTok launched in 2017 for iOS and Android in markets outside of China.

Huffman said one of the suspicious practices the company partakes in is fingerprinting, a method of tracking devices for each unique visitor, according to The Verge.

“Maybe I’m going to regret this, but I can’t even get to that level of thinking with [TikTok],” Huffman said at the Social 2030 venture capital conference. “I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone.”

Research by data protection expert Matthias Eberl highlights the fingerprinting Huffman refers to as an aggregate of audio and browser tracking, allowing the company to know the types of content each user is following. TikTok parent company ByteDance claims the fingerprinting methods are for recognizing malicious browser behavior, but Eberl offers his skepticism, as the platform seemingly works fine without the scripts enabled.

“I actively tell people, ‘Don’t install that spyware on your phone,’ ” Huffman said of TikTok’s software.

Read more here.

 

SPONSORED CONTENT — FACEBOOK

Elections have changed and so has Facebook

Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.

See how Facebook has prepared for 2020.

 

SCHEMING: Advocates are sounding the alarm over online scams that leave senior citizens particularly vulnerable, urging lawmakers and administration officials to take more steps to protect unsuspecting Americans.

Experts say that threat is heightened during tax season as online options for filing have grown in popularly, opening the door to more scams aimed at obtaining sensitive information or money from victims.

“Consumers should be especially vigilant as we approach tax season,” said Bill Versen, chief product officer at Transaction Network Services, a data services provider.

While there are a slew of scams at tax filing season, experts say that the elderly face a higher risk of being ensnared and experiencing financial hardship.

The most common kinds of tax scams are phishing and calls where a scammer impersonates an IRS official, according to Monique Becenti, a product specialist at cybersecurity firm SiteLock.

Phishing is a tactic used by hackers to get access to private information using fake emails, text messages and social media posts.

These communications are designed to bait unaware users, often the elderly, into giving up their personal information or clicking on links that can download dangerous malware onto computers and phones alike.

But the most common scam between 2014 and 2018 was fraudulent IRS calls, according to a yearly report released by the Senate Committee on Aging.

In those calls, the scammer impersonates an IRS official, demanding payment or sensitive information. In some cases, scammers have been known to threaten to suspend licenses, close businesses or even arrest individuals if they fail to pay fake bills.

“The overall goal is cyber criminals trying to file taxes on behalf of that person,” Becenti told The Hill. And once an individual falls victim, scammers can run further schemes. “Ultimately, they have their Social Security number. … Now they have the ability to open up fraudulent accounts on behalf of that individual.”

Read more here.

 

CHANGE OF PACE: Facebook sued a marketing company Thursday, alleging in federal court that the firm “improperly” collected data from users of the social media platform.

The lawsuit, filed in the Northern District Court of California, claimed oneAudience paid developers to use a malicious software development kit, or SDK, in their apps.

SDKs are tools that let developers make apps more quickly.

OneAudience’s SDK collected data in an improper fashion from Facebook users who opted to log in to certain apps, the lawsuit alleged.

Facebook claimed the data included names, email addresses and gender, in limited cases.

Facebook said it sent a cease-and-desist letter to oneAudience in November, but claimed the company did not cooperate with a requested audit.

OneAudience did not immediately respond to a request for comment.

In a blog post, Jessica Romero, Facebook’s director of platform enforcement and litigation, wrote that the lawsuit was filed to protect the platform’s users.

“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she wrote. “Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies.”

Read more here.

 

CAMEO: Former Illinois Gov. Rod Blagojevich (D) joined an app where people can pay for personalized video messages after President Trump commuted his sentence on corruption charges earlier this month. 

Blagojevich is on the app Cameo offering personal messages for $100. 

“Hey it’s Rob Blagojevich. I’m very excited to connect with you on Cameo. If you want a birthday greeting, an anniversary greeting, motivation or any other kind of shoutout, I can’t wait to hear from you,” the former lawmaker said on his account. 

The app features a variety of celebrities and personalities that offer personalized messages for fans upon request. 

Former Trump White House press secretary Sean SpicerSean Michael SpicerRod Blagojevich joins app where people can pay for personalized video message Press: It’s time to bring back White House briefings Rapid turnover shapes Trump’s government MORE also has an account on the app, as does former Trump administration communications director Anthony ScaramucciAnthony ScaramucciRod Blagojevich joins app where people can pay for personalized video message Scaramucci thanks John Kelly for speaking up against Trump Trump lashes out over Kelly criticism: ‘He misses the action’ MORE, former Trump aide Omarosa Manigault and former Trump campaign manager Corey LewandowskiCorey R. LewandowskiRod Blagojevich joins app where people can pay for personalized video message The Hill’s Morning Report – Sanders repeats with NH primary win, but with narrower victory Trump campaign chief relocating to Washington: report MORE

Trump commuted Blagojevich’s sentence earlier this month. He called Blagojevich’s 14-year sentence “ridiculous” 

“He served eight years in jail, a long time. He seems like a very nice person — don’t know him,” Trump said.

Read more here.

 

A LIGHTER CLICK: Hope y’all are happy

 

AN OP-ED TO CHEW ON: Indictment of Chinese hackers is wake-up call for better public-private cooperation

 

NOTABLE LINKS FROM AROUND THE WEB:

Vatican joins IBM, Microsoft to call for facial recognition regulation (Reuters / Philip Pullella, Jeffrey Dastin) 

The World Health Organization has joined TikTok to fight coronavirus misinformation (Verge / Makena Kelly)

Walmart is quietly working on an Amazon Prime competitor called Walmart+ (Recode / Jason Del Rey)

Source link

The post #nationalcybersecuritymonth | Hillicon Valley — Presented by Facebook — FCC fines mobile carriers $200M for selling user data | Twitter verified fake 2020 candidate | Dems press DHS to complete election security report | Reddit chief calls TikTok spyware appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Coronavirus Scams: Phishing, Fake Alerts and Cyberthreats

Source: National Cyber Security – Produced By Gregory Evans

Wherever you turn for news coverage online, coronavirus alarm bells are ringing louder.

But users should not trust all of those bells, as fake news, phishing scams and even malicious malware is actively being distributed under the coronavirus umbrella.   

Sadly, a perfect storm may be brewing. As government officials and health experts appeal louder for calm, the public is actually getting more worried and searching the Internet for answers. For example:

On Friday, Jan. 31, fears slammed the U.S. stock market, according to Axios. “Stocks saw the worst sell-off in months on Friday: the Dow Jones Industrial Average dropped 603 points (2.1%), while the S&P 500 and the Nasdaq declined 1.7% and 1.5%, respectively. …”

Meanwhile, the BBC reported that the U.S. and Australia have joined Russia, Japan, Pakistan and Italy in closing their borders to all foreign nationals arriving from China. These actions were taken despite conflicting advice from global health officials. “Travel restrictions can cause more harm than good by hindering info-sharing, medical supply chains and harming economies,” the head of the World Health Organization (WHO) said on Friday.

At the same time, Bloomberg news reported that China Virus Cases May Be Undercounted Even With 3,000% Surge. “The number of confirmed cases of the new coronavirus in China has skyrocketed to more than 9,000, surpassing the official count during the SARS epidemic. …”

 
 

Coronavirus Is a Bonanza for Online Scams and Fake News

As expected, the rapid spread of the coronavirus, along with the expanded media coverage of surrounding events related to this global health emergency, has led to hoaxes and the spread of panic. According to CNN, “In Los Angeles County, public health officials warned residents Thursday that a letter claiming a potential coronavirus outbreak in Carson City (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Coronavirus Scams: Phishing, Fake Alerts and Cyberthreats <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Coronavirus Scams: Prepare for Phishing Emails, Fake Alerts and Cyberthreats

Source: National Cyber Security – Produced By Gregory Evans

Wherever you turn for news coverage online, Coronavirus alarm bells are ringing louder.

But users should not trust all of those bells, as fake news, phishing scams and even malicious malware is actively being distributed under the Coronavirus umbrella.   

Sadly, a perfect storm may be brewing.  As government officials and health experts appeal louder for calm, the public is actually getting more worried and searching the Internet for answers. For example:

On Friday, January 31, fears slammed the U.S. stock market, according to Axios. “Stocks saw the worst sell-off in months on Friday: the Dow Jones Industrials Average dropped 603 points (2.1%), while the S&P 500 and the Nasdaq declined 1.7% and 1.5%, respectively. …”

Meanwhile, the BBC reported that the U.S. and Australia have joined Russia, Japan, Pakistan and Italy in closing their borders to all foreign nationals arriving from China. These actions were taken despite conflicting advice from global health officials. “Travel restrictions can cause more harm than good by hindering info-sharing, medical supply chains and harming economies,” the head of the World Health Organization (WHO) said on Friday.

At the same time, Bloomberg news reported that China Virus Cases May Be Undercounted Even With 3,000% Surge. “The number of confirmed cases of the new coronavirus in China has skyrocketed to more than 9,000, surpassing the official count during the SARS epidemic. …”

 

Coronavirus is a Bonanza for Online Scams and Fake News

As expected, the rapid spread of the Coronavirus, along with the expanded media coverage of surrounding events related to this global health emergency, has led to hoaxes and the spread of panic. According to CNN, “In Los Angeles County, public health officials warned residents Thursday that a letter claiming a potential coronavirus outbreak in Carson City is (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Coronavirus Scams: Prepare for Phishing Emails, Fake Alerts and Cyberthreats <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Gangsters’ reliance on ‘fake’ numbers : The Tribune India

Source: National Cyber Security – Produced By Gregory Evans Bhartesh Singh Thakur in Chandigarh It’s a constant game of cat and mouse when it comes to tracking gangsters’ communication in Haryana but at the moment, the mouse has got a bit smarter. Gangsters whose numbers are usually under surveillance of police cyber cells are using […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Qatar- MoI warns against falling victim to scams and fake messages

Source: National Cyber Security – Produced By Gregory Evans (MENAFN – The Peninsula) Doha: In a bid to safeguard people from a mounting threat of cybercrime, especially phishing, the Ministry of Interior (MoI) has launched an awareness campaign to educate masses on potential ways and tools used by fraudsters. The MoI, in an ongoing campaign, […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Dropbox Phishing Scam: Don’t Get Fooled by Fake Shared Documents

Source: National Cyber Security – Produced By Gregory Evans

Hackers use familiar brands like Dropbox to steal login
credentials and spread malware

It’s funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I’m saying obvious because they target the most widely used services/platforms and lots of users know what they’re up to — not just security professionals, but many ordinary users know about these phishing scams and what to look for. Phishers might be predictable in going after big names but it’s the unpredictability in their approaches that makes them tick. Time after time, they come up with new ways that help them achieve exactly what they want and make them “successful.” The Dropbox phishing scam is a perfect illustration of this.

The Dropbox phishing scam surfaced around a
year ago and made headlines in many popular publications. It hasn’t gotten as
much attention recently, but even after a year, attackers are still targeting
users using this same-old trick. And therefore, you need to know about it.

Let’s hash it out.

Dropbox Phishing: It All Starts
with a Simple Email

This is how it all starts: You receive an
email (either text or HTML-based) from a person saying they have shared an
important document with you. The email looks a lot like an official Dropbox
email and has a link to access the document. To make it look authentic, some of
these emails include actual links to Dropbox in the footer of the email. These
are links to Dropbox’s Terms of Service, Privacy Policy, and Help Center.

Here’s a pretty simple example:

Check the “From” Details Carefully

As you can see in the screenshot above,
this phish email has “Dropbox” as its sender’s name. It’s easy to fall prey to
this as the sender name and the email style make it look like an actual Dropbox
email.

However, if you look closely, you’ll see
that the from email address and the embedded link are clearly not Dropbox.

However, if you’re skimming through your
email (as many of us do), it’s easy to fall for this Dropbox phishing scam.
Once you click the link, the URL takes you to a web page that looks almost
exactly like an actual Dropbox login page.

More advanced Dropbox phishers take the
scam to the next level…

Check URLs Carefully — Even If They Include “Dropbox”

Some Dropbox scammers are carefully picking
URLs that look official at first glance.

For example, they will include common keywords such as “Microsoftonline” or “Dropbox” in the domain or subdomain to make it look like a genuine domain:

  • dropbox.secure.somedomain.com
  • login.microsoftonline.com.someotherdomain.com
  • secure.dropboxsharing.somethingelse.com
Email Security Best Practices - 2019 Edition

Don’t Get Phished.

Email is the most commonly exploited attack vector, costing organizations millions annually. And for SMBs, the damage can prove fatal: 60% fold within 6 months of falling victim to a cyber attack. Don’t be one of them.

HTTPS URLs Aren’t Always Safe

And the cherry on the top is how phishers
use fake HTTPS URLs. So, the link that you’re being redirected to isn’t an
HTTPS link. It has HTTPS in the link text, but not as the protocol. If an SSL
certificate protects a website, it will look like this: https://www.(website name).com/. The
fake Dropbox URL looks like www.https-(fake website
name).com. See the difference?

Another trick that phishers have recently adopted is using an HTTPS website. No, the previous sentence doesn’t contain any technical error; it’s a fact that most phishing websites feature HTTPS now. In such cases, users are more likely to fall for it as they’re trained to look for that secure padlock.

Phishers are a Poor Man’s Magicians: Here’s How to Catch Them

What do magicians and phishers have in common? Well, they both take advantage of our psychological limitations to distract us and make us look where they want us to.

However, the silver lining here is that the
phishers are far from good magicians. A great magician can take their secrets
with them to the grave. But with a bit of concentration and training, you can
catch almost every phisher.

So, here’s how you can CATCH the PHISHers
(Got it 😉 ?).

Check the Email Address

First of all, you should always check the email address of the sender. Is the email sent by someone you know? Is the email coming from Dropbox’s (or any service provider’s) list of official domains? This is the first thing you must check, and you should not proceed further if the email is not familiar and/or it’s been sent from a domain that’s not been mentioned in Dropbox’s list of its official domains.

In my
experience, doing this one check will protect you from most email phishing
attacks as hackers shouldn’t have access to Dropbox’s official domains.
However, you should be cautious even if the email appears to be from an
official Dropbox domain as some email servers are not configured to check
SPF/DKIM records, so spoofed emails will be let through.

Check the Link URLs

If the email
passes the first security check, then you should check the links in the email:

  • View the web page in your
    browser and check for “https” at the start of the URL. It should look like https://www.(website name).com/. (Note: Google Chrome
    hides the https:// until you double click in the address bar.)
  • Once this check is done, you
    should again go back to Dropbox’s list of official domains and then check if this
    domain is on the list.
  • To double-check the
    authenticity of the website, you should also check the SSL certificate Dropbox
    uses. As you can see in the screenshot, Dropbox.com is protected by a DigiCert
    EV (extended validation) SSL certificate and this certificate has been issued
    to Dropbox, Inc.
Graphic: Avoid Dropbox phishing scams by checking validity of URLs and site SSL certificates

Extended validation
means that the certificate authority (DigiCert, in this case) did an extensive
verification of Dropbox, Inc before issuing the certificate. This way, you can
be sure that the website you’re on actually belongs to Dropbox.

Quite simple,
isn’t it?

What Could Happen If You Fall Victim to the Dropbox Phishing
Scam?

Dropbox stores
the data of more than 500 million users and 200,000 businesses, and it’s the
most significant cloud sharing and storage company in the world. Putting a
malicious file in just one employee account could be a brutal blow to the
privacy of an entire organization. And it’s not just the privacy, but the
existence of a business could be at stake—that’s a good enough reason to take
your Dropbox security pretty seriously, don’t you think?

Unfortunately, that’s not where it stops. A phisher who has taken complete control over your account and associated data using malware could demand a significant ransom if you want your account back. In technical terms, this is called ransomware.

The consequences of Dropbox phishing could be even more brutal if you’re one of those persons who uses the same password pretty much everywhere. Every bit of information you have on the internet could be in the hands of the attackers. Just think about it!

Hackers may also
scan your account to automatically find valuable data in your saved documents.
This could include customer data, payment details, login credentials for other
platforms, or anything else you might have that’s sensitive.

Last Word on Dropbox Phishing

All scammers — whether in the real world or online — take advantage of our human limitations. Either they make us see and feel something that isn’t there, or maybe they give us some lucrative incentive to distract us (we’ve all heard of the Nigerian Prince scam, haven’t we?). With a little bit of awareness and concentration, you can be a step ahead of all the phishers.

Tip of the day: Remember to look where you want to, not where they want you to.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Jay Thakkar. Read the original post at: https://www.thesslstore.com/blog/dropbox-phishing-scam-dont-get-fooled-by-fake-shared-documents/

Source link

The post #cybersecurity | #hackerspace |<p> Dropbox Phishing Scam: Don’t Get Fooled by Fake Shared Documents <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users

Source: National Cyber Security – Produced By Gregory Evans

/latest/2019/10/fake-tor-browser-found-stealing-bitcoin-from-darknet-market-users/

A fake version of the popular Tor Browser, used to access the deep web, has been found to be stealing the bitcoin of users looking to shop on darknet markets.

According to researchers, the malicious version of the browser has been promoted as its Russian version on posts published on Pastebin, optimized to rank on search engines for queries related to cryptocurrencies, drugs, censorship, and politicians.

The malicious browser is distributed through two domains, created in 2014, to Russian users as it if were an official version. The website’s pages mimic those of the Tor project’s official website, but add a warning to the user telling them their privacy is at risk because their browser is supposedly outdated.

A translated version of the message reads:

Your anonymity is in danger! WARNING: Your Tor Browser is outdated. Click the button “Update”


On the Pastebin and forum posts, the cybercriminals advertise various features the Tor browser doesn’t actually have, such as an anti-captcha system that allows them to bypass checks. In reality, users download a compromised version of the official Tor browser’s 7.5 version, released in January of last year.

Cybersecurity researchers at ESET further discovered the altered Tor version stops the browser from asking users for an update, as this would update them to a non-compromised version of the official Tor browser.

To get to users’ bitcoins, the browser includes a script that detects when users are about to fund their BTC wallets on darknet markets, and replaces thee destination wallets with their own.

The criminals’ three identified bitcoin wallets made a total of 863 transactions, and currently have 4.8 BTC (around $38,000) in them. The wallets have been active since 2017. Back in July, Chainalysis found that darknet markets were on pace to see $1 billion worth of bitcoin transactions this year.

As reported U.S. authorities recently took down one of the largest child porn websites on the darknet after tracing bitcoin transactions.

Featured image by Kaur Kristjan on Unsplash.

Source link
——————————————————————————————————

The post #deepweb | <p> Fake Tor Browser Found Stealing Bitcoin From Darknet Market Users <p> appeared first on National Cyber Security.

View full post on National Cyber Security