Informational Security Updates
A recent phishing scam says you won $2.5M for using Google's services. You didn't, so don't fall for this scam that's trying to steal your personal information.
A new phishing scam is offering Gmail users a prize of $2.5 million as a thank you gift for using Google services. To add legitimacy to the message, the phishers state that the message was sent by a Managing Director on behalf of Google CEO, Larry Page.
Attached to the email is a form entitled "Official Winning Letter by Google and mastercard visa 2019.pdf" stating that the recipient won a Google Visa/MasterCard (GVMC) Award with a cash prize of the aforementioned amount. Recipients are encouraged to fill out the claims form and send it back in order to receive the prize. The document states that the recipient will receive additional emails after the scammers get the claims form, which will most likely be requests for more personal information.
A Trend Micro fraud researcher discovered a new tech support scam that uses iframes and browser-specific popups to trap its victims, making this scam relatively more sophisticated than other scams of its kind. Details on this scam are available at https://www.bleepingcomputer.com/news/security/tech-support-scammers-freeze-browsers-using-iframes/
It is very easy to find any information you need in today’s connected world. Have you ever Googled yourself to see what information about you is online? A search can often provide your address history, phone number, age, birthdate, employment information, public records, and social media accounts. Consider what can be done with Personally Identifiable Information (PII) from the perspective of a cyber criminal looking to commit identity theft or other crimes. Read more at https://www.cisecurity.org/newsletter/share-your-information-with-care/
Mobile devices, such as smartphones, smart watches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as frequently as every year. Unfortunately, people often do not realize how much personal data is on these devices. See the latest OUCH! newsletter from SANS for assistance in this sometimes overlooked task.
As people seek to file their tax returns this year, cybercriminals will be busy trying to take advantage of this with a variety of scams. Citizens may learn they are victims only after having a legitimate tax return rejected because scammers already fraudulently filed taxes in their name. Read more at the Center for Internet Security.
Cyber criminals continue to come up with new and creative ways to fool people. A new type of scam is gaining popularity— personalized scams. Cyber criminals find or purchase information about millions of people, then use that information to personalize their attacks. Below we show you how these scams work and walk you through a common example. The more you know about these scams, the easier it is for you to spot and stop them.
Read the details in this month's OUCH! newsletter from SANS.
On Friday, February 1, major DNS (Domain Name System) software and public DNS providers will remove support for workarounds accommodating authoritative DNS servers that don’t follow published operational standards. UNI's DNS servers are compliant with the necessary standards, however, sites using authoritative servers that don’t meet standards may find their resources unreachable by large portions of the Internet. To be clear, the solution for an unreachable site lies with the unreachable site, not with UNI. Additional information is here.
January 28 is Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This year's DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus around the theme, A New Era in Privacy.
The NCSA Stay Safe Online website will feature a live stream of the Data Privacy Day 2019 - Live From LinkedIn event, which includes presentations on opportunities and challenges and the future of privacy, as well as a TED-style talk with the Amazon Web Services Global principal security architect.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review NCSA's tips on Managing Your Privacy and the following NCCIC tips:
Caribou Coffee chain announces card breach impacting 239 stores, including the Cedar Falls store
"All customers who used a credit or debit card at one of the affected stores between August 28, 2018, and December 3, 2018, should consider their card details compromised and take precautions such as asking for a card replacement, reviewing credit card reports, and enrolling in identity protection programs. Users can consult the list of impacted stores via the company's data breach notice, posted on its homepage. Caribou Coffee officials said they detected that something was wrong last month, on November 28, when its IT staff was alerted of "unusual activity" on its network via its security monitoring processes."
To read the complete article see: https://www.zdnet.com/article/caribou-coffee-chain-announces-card-breach-impacting-239-stores/
Many people mistakenly believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home, trust us - you have value to the bad guys. But, you are in luck. You already have the best defense there is against these cyber attacks - you. SANS OUCH!