Coronavirus – now a phishing scam
Coronavirus is turning into a global health problem, and unfortunately scams have followed its reach. There have been multiple social engineering attacks using this scare to drive action. One of the most alarming attacks is an email that purportedly comes from the CDC (Centers for Disease Control) – providing a link to new cases “around your city” and advising the recipient to “go through the cases above for safety hazard.”
The link, obviously, is not going to the CDC’s website, but rather to wherever the bad guys want you to go.
Here’s our recommendation: make your users aware of this type of phishing (it’s great to have something topical to really make people think). Send an email alerting your users that the spread of the new Coronavirus is being leveraged by the bad guys to scare people into clicking on links, open malicious attachments, or give out confidential information. Be careful with anything related to the Coronavirus – social media, texts, emails, attachments.
And… we’ve seen with other tragedies that scammers will immediately look to capitalize with phone calls to raise funds for the “victims.”
What is the NFL facing now that the Super Bowl is over?
Fifteen NFL teams (including the San Francisco 49ers and the Kansas City Chiefs) had their social media accounts hacked – and the NFL’s official Twitter account was hijacked.
There is still more information coming out as to how the hacker collective got in, but the recommendations in this article (from We Live Security) ring true: look at 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) as an extra security layer against these types of attacks. 2FA or MFA is not foolproof, but it’s a step in the right direction.
Stay safe out there—Mike