Income tax scams, COVID-19 voicemail scams, protect your websites and do you remember Dooley Wilson?
Welcome to Cyber Security Today. It’s Wednesday April 15th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
There’s lots of COVID-19 scams going around, but criminals aren’t giving up the usual cons. That includes income tax fraud. A California accounting firm called Weber and Company says that last month the Internal Revenue Agency told it hackers had filed tax returns for the year 2019 for some of its clients. The hackers got large refunds. Weber hasn’t yet found evidence of a data theft, but it is notifying customers as if there was one. If you try to electronically file a tax return and it gets rejected, that’s a sign you’re a victim of stolen personal information. Watch out for email and telephone tax scams pretending to be from the IRS and the Canada Revenue Agency.
Speaking of coronavirus email scams, I came across a couple of new ones from a security firm called Cofense. In one, the victim gets a message that pretends to be from his company’s HR department. It says the manager called twice about a bonus that’s due because of the COVID situation. The person is asked to review the attached document to confirm everything is correct. That document is infected. A similar scam pretends to be from the company’s finance department about a discretionary bonus review. Then there’s the email sent to targets saying they missed a call about a COVID-19 update. To listen to the voicemail they have to click on a link. That, too, downloads malware. Other scams claim to offer coronavirus vaccines and phony company coronavirus prevention documents. A lot of these scams can be detected by spelling and grammatical mistakes in the text. Others will be exposed because the sender’s email isn’t right or when you hover your mouse over the link to a document it goes to an odd web site. These days you have to be very vigilant about coronavirus-related email, texts and social media postings. So far this year the U.S. Federal Trade Commission has received over 17,000 complaints of COVID-19 fraud totalling $13 million. And that’s just the people who bothered to complain.
There can be lots of tip-offs that an email is a phishing scam: The content of the message is addressed to “Dear customer.” There are spelling mistakes. Here’s another: The sender’s name is a famous movie actor. I’m telling you this because a security researcher has posted a blog comparing two email scam messages he’s seen separated by three months. Both messages try to trick businesses into opening a phony invoice that had malware. But their wording was identical. The only difference was the senders’ email address was different in each email. The researcher’s point was criminals often recycle their attacks with minimal changes. What he missed was significance of the name of the sender: Dooley Wilson. Movie enthusiasts know Dooley Wilson was the actor who sang “As Time Goes By” in the 1942 movie Casablanca. Sometimes evidence of a con is the first thing you see.
By the way, one of those phishing messages spoofed the email address of an Australian company that makes mining processing equipment. This is one of the ways criminals make their email look convincing. So the second lesson here is for organizations: Make sure your web sites and email systems can’t be used by criminals.
Here’s another example of poorly-protected web sites being hacked: San Francisco International Airport has admitted that two web sites used by employees and construction companies were compromised last month. Anyone who logged in using the Internet Explorer browser on a Windows computer could have had their username and password stolen. This week a security company called ESET said what would have been stolen was not the login credentials to the websites but the employees’ Windows passwords. How was this done? The attackers managed to infect the websites with password-stealing code.
Finally, yesterday was Microsoft’s monthly patch Tuesday for releasing security fixes. Make sure your Windows computer is updated.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon