Cyber Security Today, March 24, 2021 – More tax scams, more COVID scams and why Microsoft SMB has to be locked down

More tax scams, more COVID scams and why Microsoft SMB has to be locked down

Welcome to Cyber Security Today. It’s Wednesday March 24th. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

More income tax scams in a number of countries are popping up. According to researchers at Abnormal Security one of them is an email that pretends to be from the U.S. Internal Revenue Service with the subject line “Recalculation of Your Tax Refund Payment.” Victims click on the link that says, “Claim your refund now.” One tip this is a scam is that the email is addressed to “Dear Applicant.” The link goes to a very official looking form with an IRS logo the victim is invited to fill out. The goal is to steal all the personal information entered, like a Social Security number, IRS account PIN number and driver’s licence number. That’s another tip-off this is a scam: Why would the IRS need your driver’s licence?

More COVID-19 vaccine and vaccination certificate scams are also appearing. Researchers at Check Point Software say there’s been a sharp increase in ads from crooks on the dark web. The price of a phony bottles of vaccine still runs between $500 and $600. But now there are thousands of ads for them. Also up are the number of ads for fake certificates verifying a person has been vaccinated. These may become valuable if countries demand proof of vaccination for travel, and businesses require certificates before entering a building. Some crooks fake the signatures of doctors on these certificates. Purchasers from these darknet sites will go to to try to sell vaccines and certificates to desperate health clinics, private doctors and ordinary people. Perhaps, the report suggests, governments will have to insist vaccination documents carry a bar code or QR code that can be scanned to validate the authenticity of a certificate.

More data compromises from organizations using the Accellion FTA file transfer software. A criminal gang calling itself Clop has begun publishing screen shots of files it says were stolen recently from the University of Miami and the University of Colorado. Publishing screen shots is usually an attempt at proving the claim of data theft is real as a hacker demands a payment. The gang says it has files including university and student documents. The University of Colorado has acknowledged its Accellion software was compromised. Also this week energy giant Shell admitted it, too, was compromised through its Accellion FTA server.

IT security professionals have a new reason to lock down their Windows Servers: A piece of well-known malware called Purple Fox by researchers has been updated to find new ways of squirming into computers. According to Guardicore Labs, hackers are now trying to enter systems by looking for Windows Servers with an exposed Microsoft Server Message Block network sharing protocol. That’s a capability allowing shared access to files and printers. If it isn’t closed off right an attacker can use a brute force password attack to compromise a network. Almost as bad is that the attackers are using perhaps as many as 2,000 compromised Windows Servers to distribute the malware from. The report says the majority of those servers run relatively old versions of Windows Server with lots of vulnerabilities. Two lessons here: Make sure Microsoft SMB is locked down to close off cyber attacks, and make sure you’re running fully-patched versions of Windows Server to avoid it being secretly exploited to host malware.

Finally, there’s a new version of the Firefox browser available for download. Among other things it improves blocking of third party-tracking capabilities.

That’s it for today. As always links to details about these stories are in the text version of this podcast at That’s where you’ll also find my news stories aimed at cybersecurity professionals.

Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today