Social engineering is at the heart of two main cyber scams plaguing businesses and individuals alike. Many of these scams stem from Ransomware and phishing. Ransomware is malware that encrypts files and demands a ransom to provide a decryption key. Phishing is using deceptive emails to get recipients to provide confidential information or launch malware.
Here is your update on the latest cyber-scams:
Fake HR Requests (W-2)
If you recall, back in February, we reported on a new phishing scheme where cybercriminals use various spoofing techniques to disguise emails to make it appear as though they were from an organization executive. The email will be sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 forms.
W-2 forms provide vital personal information – if this data falls in the hands of a criminal, it could very well be disastrous.
In some cases, the cybercriminal follows up with an executive email to the payroll or comptroller, asking for a wire transfer to be made. Although not tax-related, the wire transfer scam is being coupled with the W-2 scam email. Some companies have already lost both employees? W-2s and thousands of dollars due to false wire transfers.
Fake DMV Payment Demands
More recently, a new phishing scam has come to light. The latest scam involves emails that appear to come from the NY State Department of Motor Vehicles. Enclosed in the email is a phishing scam where drivers are being targeted, stating they have 48 hours to pay a fine or have their driver’s license revoked. The NY DMV alerted motorists that the scam is bait to entice drivers to click on a payment link that will in turn infect their workstation with malware. It will be vital to stay extra vigilant as we begin taking those long-awaited, summer vacations!
The malware being dropped came in two categories. The first was a tracking tool on the victim’s computer to see which websites were visited. The second attempted to get a variety of identifiable information, such as names, Social Security numbers, date of birth, and credit card information.
In both cases, recipients of these emails could avoid being victimized. With a mix of technical support from staff members and minor education on how to spot a phishing scam, employees can determine what emails can be trusted.
Clare Computer Solutions provides complimentary on-site training to Bay Area businesses. With the goal to educate network users to avoid being victimized by ransomware or phishing attacks.
See https://www.clarecomputer.com/resources/events/ransomware-survival-guide?and let us know your business would like to offer this training to your employees.