Security Bulletin 11/20/19
There have been a couple of items of note during the last week or so.
For those of you who may have shopped at Macy’s, they were hacked. Use caution viewing or responding to anything you may receive via Email and credit cards will most likely end up being reissued.
The following is a text message received by one of our technicians. This was NOT a legitimate text. There were also several that appeared to come from the Verizon network concerning payments and/or over usage. Again, text messages that contain links should be avoided, or, at the very least, carefully scrutinized.
A recent scan of the Internet found over 100,000 bogus websites impersonating well known shopping sites. These websites will look exactly like Staples, Amazon, Macy’s Penneys, etc. Many will be offering coupons for the store they are impersonating. Usually they will attempt to have the user enter Email or home addresses, phone numbers and/or credit card or account information. Scrutinize payment and offer pages carefully, especially the URLs. A typical example would be something like https://www.stapples.com/deals/Coupon-Details/BI1870517?icid=TOPHAT:15OFF60:11102019 A simple one letter mis-spelling could result in compromised credit card information.
A new take on password scams is making the rounds. Basically, a user receives an Email stating that they can keep the same password instead of having to change passwords periodically. Not surprisingly, the “Keep same password” does not lead users to an IT portal where they’re given the chance of keeping the same password, but instead asks the user to login to confirm their passwords. Currently this attack is using Email password resets as the primary target. Except for IMIS, our systems do not require a password reset and any password reset that would suggest that you may keep your current password is bogus.
A new phishing attack focused on HR departments is particularly effective and disturbing. A notice is sent to HR containing a fake sexual harassment complaint appearing to come from the U.S. Equal Employment Opportunity Commission. The Emails are highly effective because the complaint actually contains accurate information about the individual which validates the claim. Of course all of the information is actually public, but the information used would be recognized by the HR department and could be considered valid. To further complicate matters, some of these Emails warn, and rightly so, that the information is private and may not be shared with others and/or sharing the information could seriously jeopardize any defense the company may have against the supposed complaint.
17 iOS apps were found to contain malware. Please take a minute and double check the list. If you had any of these apps on your phone, open a ticket for IT.
As always, use caution on the Internet and stay safe!
Contact Us to Get Started
"Your passport to all things web."
To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.