Latest in COVID-19 scams, which Americans are cyber-safe and Google chops 49 Chrome extensions.
Welcome to Cyber Security Today. It’s Friday April 17th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Here’s more COVID-19 email scams to watch out for. These have been discovered by security vendor Trustwave. One is a gift card scam: The message says ‘You are one of my only hopes for help’ because the sender is now in self-isolation with coronavirus. Unfortunately, this sob story goes on, the sender can only use email because he left his phone at home and can’t make phone calls. Please, he urges, buy an iTunes or Walmart gift card of $250, take a photo of the numbers and email it to him so he can buy essentials.
Then there’s one that pretends to be from the head of your company: The situation because of COVID-19 is getting pretty crazy, it says. Let me know when you are available because I need you to take care of some transactions. Presumably, a follow-up email would have the unwitting employee transferring money to a bank account controlled by the attacker. There’s a similar email pretending to be from a senior company official saying they are working on a confidential file that’s late because of the pandemic, so the boss needs your help. Presumably a followup email would ask the employee to transfer money, again to an account controlled by the attacker. There are scams that work the opposite way: An email goes to someone in human resources pretending to be from an employee saying that because of the pandemic they need to update their salary direct deposit information with new bank details. Guess where that payment is going if the HR official falls for it.
These are just more examples of why you need to be careful with COVID-19 email that involves money. Even if it seems to come from your boss.
People in New York, California, Texas, Alabama and Arkansas engage in the riskiest cybersecurity practices in the United States, if a survey for an IT company called Webroot is accurate. The survey of 10,000 Americans found that respondents in Nebraska, New Hampshire, Wyoming, Oregon and New Jersey have the least risky lives. It’s a subjective survey based on questions like whether you use anti-virus software, understand what certain terms are and follow cybersecurity best practices. Only 11 per cent of respondents scored 90 per cent or higher. The average respondent scored only 58 per cent. Here are some interesting nuggets: Sixty-one per cent of respondents said their computer has been impacted by malware in the past year. One third said they’ve been victimized by phishing in the past year.
Only 30 per cent said they use a password manager. Now, maybe they have only a few accounts so it’s easy to remember passwords. Or they have a book beside their home computer with passwords and the only way a criminal will get at it is if they break into the residence. Still, I wish that percentage was higher.
Finally, Google has erased 49 extensions for the Chrome browser added since February whose promise to be helpful turned out to be phony. What they were really doing was stealing passwords to get money from cryptocurrency wallets. Browser extensions are plug-in app utilities. Adobe Acrobat is a common one. So is the grammar spelling corrector called Grammarly. And, if you have one, your password manager. But there are bad extensions. The latest batch was found by researchers at MyCrypto and PhishFort. Just because an extension in the Google Web Store — or an app is in the Google Play store –doesn’t mean it’s safe. Do your research: Is the developer a reputable company? Do the reviews look real or fake. Are the reviews only posted in the last month? Do you have any friends who use the extension or the app? Unfortunately, it’s too easy to get phony apps in the Google Web store. In February Google removed 500 of them. You can check your extensions in Chrome by opening a new web page and typing chrome:// extensions. Do you need all the ones you have?
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.