Saturday, October 31, 2020

Facebook copyright infringement scams

Once in a while my organization receives an email suggesting we are in violation of copyright law and can expect consequences. The majority of these are fake. A real copyright infringement letter is more likely to be sent to an organization's legal department via U.S. mail or a proper courier.

Individual consumers have become targets of this scam. Threatening emails and posts accusing you of copyright violation may very well be fake, so don't panic if you receive one of these. Fear is exactly what the scammers want you to feel. Don't fall for it.

If you receive an accusatory email, remember that scammers create phony emails (and posts) designed to look like they are from Facebook. Sometimes these can be quite convincing, often threatening to deactivate your Facebook account. They may provide you a link for filing an "appeal." As always, do not click unexpected or unknown links. 

Here is just one example:



To view sample copyright infringement scam emails and learn more about this ruse, see https://nakedsecurity.sophos.com/2020/10/27/facebook-copyright-violation-tries-to-get-past-2fa-dont-fall-for-it/.

If you receive bothersome messages from Facebook, consult Facebook's online help page at https://www.facebook.com/help/199655413426788/?ref=u2u. Also, you can forward phony Facebook emails to phish@fb.com.


Saturday, October 10, 2020

FBI warns students about spear phishing campaigns targeting student financial aid accounts

College students beware. 

On September 29, 2020, the Federal Bureau of Investigation issued a private industry notification warning universities and students of ongoing spear phishing attacks that have allowed thieves to successfully redirect financial aid funds into various Green Dot* bank accounts.


These spear phishing campaigns usually coincide with periods where large volumes of financial aid funds are disbursed, such as at the beginning of a school term, and the attacks are expected to continue into 2021.


The phishing emails fraudulently obtain student login credentials, allowing cyber actors to gain access to and change direct deposit information. Funds are withdrawn and quickly transferred to accounts around the world. 


After the funds have been successfully disseminated by the financial aid provider to the "new" bank account, the student suffers a financial loss that results in insufficient funds to pay tuition or other student needs (i.e., books, housing, meal plans, etc.). 


Students, remember to never click links or open attachments in unexpected emails without first inspecting links and validating the sender. Do not enter credentials on a web page that you were redirected to from an email message—especially for sensitive accounts. 


As a rule, I ignore login links sent by my bank; instead, I go straight to my web browser to log in using the bank's known URL, not the URL provided in the email or attachment. 


*Green Dot Corporation is an American financial technology and bank holding company. It provides customers affordable debit accounts and offers businesses an all-in-one platform for building banking into their brand.

Thursday, October 1, 2020

This month's mantra: Friends don't let friends get scammed!

Welcome to National Cybersecurity Month in the U.S.! This is the time of year where cyber pros do our best to raise awareness about staying safe online. 

The best way we can get ahead of the bad guys is by paying attention, staying alert, being skeptical of hyperlinks and attachments to emails, and sharing information with each other.

As such, one of my favorite security outfits—Sophos, is promoting this theme: Friends don't let friends get scammed!

If you get scammed online, report it to IC3.gov or FTC.gov. Post about it on your social media page. Warn your friends and family and co-workers (without sharing malicious links). If someone hacks your email, warn everyone in your Contacts list and reset your password to a long passphrase (stored in password manager software instead of written on a sticky note) while enabling multi-factor authentication on the account.

Believe me, there is a lot at stake here. Pay it forward. 

For more information, see this article (https://nakedsecurity.sophos.com/2020/10/01/becybersmart-why-friends-dont-let-friends-get-scammed/) or listen the brief audio interview (https://soundcloud.com/sophos-audio/friends-dont-let-friends-get-scammed). Both offer some great advice that will protect all of us.