I have subscribed to “CyberheistNews” at knowbe4.com and highly recommend this brief newsletter as an excellent source for current information on the latest scams that may hit your office and personal computers.
The news this morning was striking because it involves current events. Social engineering follows seasonal patterns, as we know. We have noticed in our business, that long weekends lead to attacks because of the extra day that we may not be sitting at our desks to keep computer systems and our wires safe. The newsletter cites holiday-themed phishing attacks between Thanksgiving and New Year’s Day.
The news today involves implementation of the European data privacy regulation going into effect on May 25. It’s called General Data Protection Regulation (GDPR) and the scam email looks as if it is from Apple and claims that if you do not take action, your account will be “restricted”. But in fact, as usual, the scammers will attempt to steal your identity and credit card information.
In addition to looking legitimate, according to CyberheistNews, the bogus website is more sophisticated than most phishing sites because the fraudsters correctly set the web directory permissions and encrypted the spoofed site using Advanced Encryption Standard (AES) in order to successfully bypass some anti-phishing tools used in antivirus solutions.
The victim is asked to “update payment details” in order to see their accounts return to normal. Taking this action sends the victim’s payment information to the scammers.
According to the newsletter, companies worldwide are, in fact, working on becoming GDPR compliant and trying to make sure the people whose data they have collected have consented to give them information. Criminals are aware of this and are using this turn of events to their advantage.
And, then, there is the royal wedding. CyberheistNews’ advice about that is that the wedding is a scammer’s dream, and computer users should be advised to seek news about it only from trusted websites.
Don’t click links in emails or social media links related to the royal wedding or open suspicious attachments that claim any kind of problem with GDPR. Delete these emails or forward them to you IT experts.