10 Sep Phishing Scams On The Decline. Not. Gishing Anyone?
Cyberattacks that rhyme with “ishing” and don’t start with an “F” are rampant
–Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Sep. 10, 2019
Are you still waiting for a report that says the number of phishing scams is going down? Well, it’s going to be a while.
As if phishing isn’t enough for us, now there’s a rising tide of smishing and vishing attacks. There’s so many that we may need to add a category in order to track them.
Gishing for Gmail maybe.
Anyone been gished? Gmail’s companion, Google Calendar, has been Gished. I informed of this one earlier today:
Avoid getting duped by @GoogleCalendar #phishing scams! Protect yourself:
1. Report event as spamhttps://t.co/03nbkIha4F
2. Click Gear Icon (Settings)
3. Go to Event Settings
4. Under Automatically add invitations, select “No, only show invitations to which I have responded.” pic.twitter.com/mwZuiU9TRI— Steve Morgan (@CybersecuritySF) September 10, 2019
Given the recent spate of phishing incidents, perhaps the only useful word that rhymes with “ishing” – and doesn’t start with an ‘F’ – is wishing. You can do that, and train up your users, and see if your wish comes true.
Phishing Diary
The editors at Cybercrime Magazine compiled a smattering of recent phishing activity, just to give you an idea of the breadth and depth of the problem:
- Cybersecurity researchers warned recently of malicious software in text messages pretending to be from telecom carriers, opening a door for hackers to attack Android smartphones.
- Calgary police say they have received a number of calls from concerned citizens over the last few weeks who say they have been contacted by scammers demanding money.
- The Oregon Judicial Department is sending notices and providing credit monitoring services to 6,607 people after a phishing attack exposed their personal identifying information in July.
- Attorney General Ashley Moody issued a Consumer Alert warning Floridians about scammers attempting to steal consumer information using fake Equifax claims webpages.
- A new report by the Telecommunications Industry Ombudsman says so-called remote access scams have become the fifth most common scam reported to its Scamwatch service, and have cost Australian consumers more than $2.8 million so far this year.
- The IRS recently detected a new scam as taxpayers began notifying phishing@irs.gov about unsolicited emails from IRS imposters. The email subject line may vary, but recent examples use the phrase “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.”
- A new Instagram scam campaign is attempting to trick people into handing over their login details. Hackers use phishing emails to send fake Instagram login alerts claiming that someone has tried to access the target’s account.
- A British judge has ordered the confiscation of $1.1 million worth of cryptocurrency from a hacker who used phishing attacks to steal personal data and sell it on the dark web.
- A new scam involving your Social Security number is circulating. According to the Social Security Administration, the scam is fairly new with the same target of trying to steal your identity.
- U.K. police are warning members of the public to be vigilant, after receiving a number of reports of a telephone scam involving bogus callers claiming to be from HM Revenue and Customs.
- Sophisticated phishing scams are pretending to be part of Apple’s support team to get iCloud information. The calls are the typical phishing scam, similar to what you may get in your emails, where someone asks for your login information or other credentials to access your iCloud account.
- Officials with the N.C. Department of Information Technology urged North Carolinians to be cautious of cybercrime and social media phishing scams associated with Hurricane Dorian last week.
- The Better Business Bureau warns that scammers are taking advantage of default calendar settings that automatically add any event to a user’s calendar, whether they have accepted it or not. Scammers add a phishing link and a short description to entice targets to click. The link might point to a form that requests personal information or downloads malware to your device.
- Security experts have been warning of a sophisticated email scam targeting Telstra customers across Australia since early this year. The email-based cyberattack uses Telstra branding to trick customers into clicking a link that can infect their computer with a malicious file used to steal information.
- Scammers are posing as police officers to try and dupe people into handing over financial information. Phone calls even appear to come from a local police station, say officers from Camden Police Area Command in NSW (Australia), who have been warning the public to beware of the new tactics since early this year.
- Any human in their right mind should be at least a little freaked out by how easy it is to churn out convincing deepfake videos — which were recently used in what’s considered to be the first known case of an AI-generated voice of a CEO to bilk a UK-based energy firm out of €220,000 (USD $243,000).
- Kaspersky, a global cybersecurity company, has detected a total of 14 million phishing attempts against internet users in the Southeast Asia region for the first six months of 2019.
- Students awaiting their A-Level results recently were warned not to fall victim to online scams. Only one of the UK’s top 20-ranked universities was found to have adequate protection against phishing attacks, which could allow hackers to spoof internal communications to trick victims into handing over personal details.
- eBay has failed to shut down the scam where sellers’ PayPal email payment addresses are changed, diverting funds into scammers’ accounts. Last weekend, yet another seller contacted Tamebay, having fallen victim to the scam in what’s becoming a steady trickle of devastated small business owners.
This short list of phishing scams is not intended to drive anyone into a state of panic or to hype the problem. Rather, it’s designed to raise everyone’s awareness and to encourage more security awareness training in order to protect the world against cybercrime.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.
Connor Morgan, a freshman at Suffolk County Community College, and a part-time researcher at Cybercrime Magazine, contributed to this story.