Skip Navigation Download Acrobat Reader 5.0 or higher to view .pdf files.
Merchants Bank of Commerce
picture of locks on a screen
 

Alerts & Scams

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim. 
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only
November 13, 2020: Bad Guys Teach You How to Enable Macros
One of the most common ways that bad guys sneak malware onto your computer is through macro-enabled Excel files. A macro (short for macroinstruction) is a set of commands that automate a process in Excel. When you open an Excel file that includes macros, you’ll see a security banner with the option to activate macros by clicking “Enable Content”.
 
Typically, malicious Excel files are attached to a phishing email. If you choose to open the attachment and enable macros, the file will automatically install the cybercriminal’s malware.
In a recent phishing attack, the macro-enabled Excel attachment is designed to look like a Windows Defender help page. The spoofed help page provides easy-to-follow instructions on how to click the “Enable Content” button. To establish additional credibility, the file includes logos of well-known security vendors like McAfee. If you fall for this trick and enable macros, a dangerous piece of malware is installed onto your computer and cybercriminals will have complete access to your system.
 
Follow these tips to stay safe:
 
  • Never download an attachment from an email that you weren’t expecting.
  • Don’t let your eyes deceive you. Bad guys use familiar logos from real businesses to appear more legitimate.
  • Before enabling macros for an Excel file, contact the sender using an alternative line of communication—such as by phone or text message. Verify who created the file, what the file contains, and why macros are necessary.
November 6, 2020: Watch Out for Sean Connery Related Scams
Over the weekend, news broke that actor Sean Connery, who is known for portraying James Bond and countless other roles, passed away at the age of 90. Bad guys will be sure to exploit this celebrity death in a number of ways, so be extra cautious of any mention of Sean Connery in emails, text messages, and social media posts.
 
Remember these tips:
 
  • Always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively.
  • Watch out for sensational headlines regarding the late actor. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
  • If you receive a suspicious email, remember to follow the reporting procedure for your organization.
October 30, 2020: Blue Checkmarks are the Perfect Phish Bait
Have you ever noticed the blue checkmark on your favorite celebrity’s social media profile? This checkmark shows that the person has provided documentation to verify their identity. Verification helps you know a real account from a fake—but this tool isn’t just for celebrities. Whether you have a personal social media account or manage one for your organization, being verified can be a great benefit.
 
To become verified, you are required to provide sensitive information which, unfortunately, makes this process the perfect bait for a phishing attack. Cybercriminals spoof popular social media platforms like Twitter, Instagram, and YouTube by sending out fake verification emails. The emails include a link that, when clicked, takes you to a convincing verification form. Here you’ll be asked for things like your username, organization, password, gender, and more. Anything entered on this page is sent directly to the bad guys.
 
Stay safe from this fake verification scam with these tips:
 
  • This attack exploits the feelings of excitement and validation that comes with becoming verified. Don’t let the bad guys play with your emotions. Think before you click!
  • Never click on a link within an email that you weren’t expecting.
  • When an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
October 23, 2020: Smishing Gains Popularity with Bad Guys
Many services, from grocery pickup to credit score updates, offer notifications via text messages or short message service (SMS). Typically, these notifications are short, vague, and include a link—which makes them great for spoofing! Bad guys use fake notification messages for SMS Phishing, or Smishing attacks.
 
In a recent smishing attack, the bad guys spoof shipping companies and send multiple fake text message notifications. The text messages state that you have an urgent notification regarding the delivery of a package. Each notification includes a link for more information. Clicking this link takes you to a phony Google login page that is designed to steal any information you enter.
 
It can be tricky to spot smishing attacks, but like a traditional phishing attack, there are steps you can take to keep your information safe. Follow these tips:
 
  • Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
  • Be cautious of a sense of urgency. The bad guys send multiple texts and use words like “urgent” to try and trick you into impulsively clicking a malicious link.
  • Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, contact the company another way, such as by visiting their official website.
October 16, 2020: Prime Target—Bad Guys Prep for Prime Day Scams
Once a year, Amazon, the world's largest online retailer, hosts a massive sales event called Prime Day. Usually set in July, the highly awaited two-day event was postponed until October 13th and 14th this year. While you get ready to shop Prime Day deals, the bad guys are getting ready to scam you any way they can.
 
There has been a large spike in phony websites using the Amazon brand. One example is a site that looks exactly like Amazon.com and claims to help with refunds and order cancellations. All you have to do is provide your order number and credit card information—or so they say. In reality, anything you enter on this page is delivered directly to the bad guys.
 
Follow these tips to safely shop the Prime Day event:
 
  • Go directly to Amazon.com to shop. This is the only way to be sure you are shopping on the real Amazon.
  • Never trust a link in an email that you were not expecting. The bad guys will be sending sneaky phishing emails that direct you to these phony Amazon pages.
  • Look for anything out of the ordinary. For example, Amazon will never ask you to re-enter saved payment information.
October 9, 2020: Watch Out for Trump-themed Cybercrime
Last week, the President of the United States, Donald Trump, announced that he and the first lady tested positive for coronavirus. This announcement and the status of President Trump’s health is currently dominating the media—both in the US and around the world.
 
Cybercriminals use high-profile news stories like this to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing President Trump's health in their phishing attacks and in their social media disinformation campaigns.
 
Here are some tips to stay safe:
 
  • Be suspicious of emails, texts, and social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.
  • No matter how shocking the news, always think before you click. Cyber attacks are designed to catch you off guard and trigger you to click impulsively.
  • Stay informed by following trusted news sources and do some research to check the accuracy of sensational headlines.
October 2, 2020: Infamous Twitter Hack Inspires a New Phishing Attack
This past July, Twitter fell victim to an infamous social engineering attack. The attack gave hackers control of over one hundred high-profile accounts—from politicians to celebrities. The hackers used these accounts to scam Twitter followers out of money. Now, cybercriminals are using this event as bait for a convincing phishing scam.
 
The phishing email uses text that is very similar to the official statement that Twitter made in response to the July attack. The email claims that due to a security breach, you must confirm your identity by clicking on a link in the email. If you click the link, you are redirected to a site that looks very similar to the real Twitter login page. The site is actually a look-alike designed to steal your login credentials. Any information that you enter on this page is delivered straight to the bad guys.
 
Don’t be fooled! Follow these tips:
 
  • Never click on a link within an email that you weren’t expecting.
  • When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-alike.
  • Email security filters can only do so much to protect you from malicious emails. Stay alert and help create a human firewall for your organization.
September 25, 2020: Trusted Third Parties Used as Phish Bait
Working with a third-party organization can be a great help, but what happens if that third party falls victim to a cybersecurity attack? Not only could your organization’s shared data be exposed, but you may become the target of a very unique phishing attack.
 
Once a scammer has access to a third party’s email account, they can use it to send phishing emails from a legitimate and familiar email address. Some cybercriminals take this attack a step further by forwarding or replying to real emails that were already in the third party’s inbox. Posing as the original sender, the bad guy sends a simple message such as “Here’s that document you needed.” and includes their own malicious link or attachment. Typically, the phishing email is completely unrelated to the original email but the attack can still be convincing because it appears to be part of a previous conversation.
 
Don’t be fooled! Here’s how to stay safe from third-party phishing attacks:
 
  • Never click a link or download an attachment from an email that you weren’t expecting—even if it appears to be from someone you know.
  • Read the prior conversation and compare it to the newest email. If you find that the information is unrelated or if the sender never mentioned a link or an attachment previously, this could be a phishing attack.
  • If you’re unsure whether or not an email is legitimate, reach out to the sender by phone. One quick call could save your organization from a potential data breach.
September 18, 2020: Training Notifications from Our Evil Twin
In early September, a phishing attack surfaced that imitates one of our security awareness training email notifications. The phishing email comes from our evil twin (the cybercriminals behind this attack) and claims that your training assignment will expire within 24 hours. You are directed to click a link to complete your training.
 
The link in the email shows the name of your training platform, but if you hover over this link with your mouse, you'll see that the destination domain is actually “msk.turbolider.ru”. Clicking on this disguised phishing link takes you to a phony Microsoft Outlook login page. If you enter information on this page, it will be sent directly to the bad guys.
How do you tell if an email came from the good twin or the evil twin? Follow these tips:
 
  • Remember that any site, brand, or service can be spoofed. Always think before you click, especially if you were not expecting the email.
  • Before you click, always hover over a link to preview the destination—even if you think the email is legitimate. Pay close attention to URL misspellings or unusual domain names.
  • If you are suspicious of an email that claims to be a training notification, reach out to your manager or training coordinator for help. They can find out if the notification is legitimate.
September 11, 2020: Scam of the Week: “New Approved Vaccines” Infect Your System with Malware
The COVID19 pandemic has led to many creative phishing attacks such as phony offers for free testing, claims that you have come in contact with an infected person, and even accusations that you have violated health and safety protocols. Scammers have come up with yet another Coronavirus-themed attack. This time, they are taking advantage of the worldwide race to develop a vaccine.
 
The phishing email uses the subject line “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES”. Within the email, you are directed to download an attachment to view this letter. The attachment itself is named “Download_Covid 19 New approved vaccines.23.07.2020.exe”. If you were to download and open this file, you would find that it is actually a piece of malicious software designed to gather data such as usernames, passwords, and other sensitive information.
 
Don’t be fooled! Remember these tips:
 
  • Watch for sensational words like “URGENT”. Remember, the bad guys want you to panic and click without thinking.
  • Never download an attachment from an email you weren’t expecting.
  • Don’t trust an email. Instead, visit an official government website or a trusted news source for information on vaccine developments.
September 4, 2020: Scam of the Week: Simple, yet Effective Vishing Scams
Voice phishing, or “Vishing”, is a phishing attack conducted by phone. This is a classic tactic that bad guys typically use to collect your credit card or financial data, along with other personal information. Here’s an example: You receive a call from someone claiming to be a customer service representative for a specific retailer. They say your order could not be processed because your credit card was declined. But not to worry! They are happy to help correct the issue. The caller claims that they need your credit card number, expiration date, and code on the back.

While this scheme is simple, it is also surprisingly effective. The bad guys catch victims off-guard with a pressing issue, like a declined payment. The victim is then relieved when the scammers offer an easy and immediate solution. If you don't take the time to stop and think about the situation, you could give away your personal data before you realize what is really happening.

Remember to stop, think, and follow these tips:
  • Don’t trust the caller ID. Phone numbers can be spoofed to look like a familiar or safe caller.
  • Never provide personal information over the phone, unless you are the one who initiated the call.
  • If you receive a suspicious phone call, hang up, and use the company's official phone number to call them directly.
August 28, 2020: Scam of the Week: “Are you human?” New Attack Uses a CAPTCHA as Camouflage
Have you ever found yourself staring at a wobbly letter trying to decide if it is an X or a Y, just to prove to a website that you’re not a robot? This funny little test is called a CAPTCHA and it is used to help prevent automated malicious software, known as “bots”, from accessing sensitive information. Unfortunately, cybercriminals are now using CAPTCHAs as a way to make their phishing scams seem more legitimate.

In a recent Netflix-themed attack, scammers are sending a phishing email that claims "your payment did not go through and your account will be suspended in the next 24 hours". To resolve the issue, you're instructed to click on a link in the email to update your information. If you click the link, you’re taken to a CAPTCHA page. Once you pass the CAPTCHA, you’re redirected to an unrelated webpage that looks like a Netflix login page. Here you’re asked to enter your username and password, your billing address, and your credit card information. Don’t be fooled! Anything entered here is sent directly to the cybercriminals.

Remember these tips:
 
  • Phishing emails are often designed to create a sense of urgency. In this case, “your account will be suspended in the next 24 hours”! Think before you click, the bad guys rely on impulsive clicks.
  • When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
  • Remember, anyone can create a CAPTCHA webpage, so don't fall for this false sense of security.
August 21, 2020: Scam of the Week: Cybercriminals are Getting Creative with Canva
Cybercriminals often use legitimate websites in their phishing attacks as a way to get around the security systems that your organization has in place. A recent example of this is the use of Canva, a popular graphic design platform. Canva provides users with a variety of ways to create and share visual content. Cybercriminals are using Canva to create an official-looking document that contains a clickable, malicious link. Creating and storing this document on Canva allows the attackers to get through security measures because Canva is a legitimate website.

Once the scammers have created and stored their file on Canva, they will send you an email that includes a link to this malicious file. The email claims the link leads to an important document that needs your attention. However, if you click this link, you are taken to the Canva file and prompted to click another link in order to view the document mentioned in the email. Clicking this second link will redirect you to a phony login page for your email provider. Any information entered on this page will be sent directly to the scammers. Don’t be fooled!

Remember these tips:
 
  • Never click a link in an email that you were not expecting.
  • Call the sender to be sure the email and link are legitimate. Do not call the phone number provided within the email as it may be a fake number.
  • When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.
August 14, 2020: Scam of the Week: Financial Relief Scam Targeting Organizations
The coronavirus pandemic continues to impact organizations across the globe. This hardship gives cybercriminals the perfect bait: a promise of financial relief. Currently, cybercriminals are impersonating the United States Small Business Administration (SBA) with a very convincing phishing email. While this specific scam targets organizations in the US, this tactic could be used in any country, for any kind of relief fund.

The phishing email states that your loan application has been approved and it includes a link to “start the funding process”. If you click this link, you are taken to a phony login page that is nearly identical to the SBA's official website for the relief fund. The bad guys are phishing for these specific login credentials to gain access to sensitive data, such as your organization’s federal tax ID and banking information. This type of information, in the hands of a cybercriminal, would be a disaster.

Here’s how you can stay safe from scams like this:
 
  • Never click on a link in an email that you were not expecting.
  • When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging in to the real website and not a phony look-alike.
  • Call the organization in question. Just be sure to look up the official phone number—do not call the phone number provided within the email.
August 7, 2020: Scam of the Week: Malicious Apps Asking for Extra Permissions
We live in an app-based world. From laptops to smart TVs, applications are used nearly everywhere. Learning which apps are safe can be tricky as cybercriminals continue to find new ways to exploit your trust.

The latest scam involves third-party apps that request unusual permissions. Users are easily fooled into downloading these third-party apps because they are registered on legitimate app stores and are designed to work in conjunction with popular products such as Microsoft OneNote or GSuite. The app is pretty harmless on its own, but shortly after downloading it you’ll receive an email related to this app, and the email includes a phishing link. If you click this link, it will cause the third-party application to request special permissions such as the ability to read and write to files on your behalf. If you grant the app these permissions, you’ll give the bad guys unlimited access to your sensitive information.

Don’t fall victim to this scam! Remember the following:
 
  • Never click on a link within an email that you weren’t expecting.
  • Only download apps from trusted publishers. Remember, anyone can make an application and scammers can use any image, text, or logo to make the app seem legitimate.
  • When using a work device, reach out to your IT department before downloading new apps or granting app permissions. They can decide if the application is legitimate and safe to use.
July 31, 2020: Scam of the Week: Sneaky “Service Desk” Scam
A new phishing attack is using a number of tactics to trick unsuspecting users into handing over their login credentials. The email claims you have unread emails due to your cloud storage being full. It then gives you options to resolve the issue. Clicking on either link sends you to a phony login page for your service provider. And any information on this page will be sent directly to the scammers.

What makes this scam so sneaky? First, the phony log-in page not only looks official, but also functions like a real login page. Only passwords that meet real requirements are accepted. If an acceptable password is entered, you are redirected to the actual website of the service provider you just provided credentials for. Second, the email is sent from a no-reply address using the domain “servicedesk.com”. Most of us are used to seeing emails from support desks, which makes this sender feel legitimate. Third, the email itself bypasses security filters that you may have in place by using a combination of factors that makes your email security filters think the link is secure.

Don’t be fooled! Remember these tips:
 
  • Phishing emails are often designed to create a sense of urgency. In this case, the idea that you’re missing important emails. Think before you click, the bad guys rely on impulsive clicks.
  • Email security filters can only do so much to protect your sensitive information. Stay alert and help create a human firewall for your organization.
  • When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.
July 24, 2020: Scam of the Week: Smishing for Access to Your Bank Account
Emails are a quick and easy way for cybercriminals to phish for your information—but it’s not their only tool. Smishing, or SMS Phishing, is another way the bad guys try to trick you. Many of us are used to receiving legitimate promotions, reminders, and security notifications via text message. These messages—both real and fake—are brief and often include links, so it can be difficult to spot a smishing attempt.

One recent example involves scammers posing as your local postal service while sending malicious text messages as part of their smishing attack. The message claims that you have a package waiting for pick up, but to see more information you must click the link in the text. If you click the link, you’re taken to a phony verification page. Here, you’re asked to enter your banking information in order to verify your identity. If you provide any information on this page, your data is sent directly to the cybercriminals—giving them full access to your bank account. Don’t be fooled!

Here’s how to stay safe from this smishing attack:
 
  • Think before you click. Are you expecting a package? Is this how the postal service usually handles things? Consider anything out of the ordinary a red flag.
  • Never trust a link in an email or text message that you were not expecting. Instead of clicking the link, open your browser and type the official URL of the website you wish to visit.
  • Go old school. Pick up the phone and call your local post office. Be sure to call their official phone number—not the one that sent you the suspicious text message.
July 17, 2020: Scam of the Week: Not So Fast! Is Your Zoom Account Really Suspended?
Whether you are commuting to an office or working from home, millions of employees rely on video conferencing apps like Zoom, to stay connected. If you were suddenly notified that your Zoom account had been suspended, how eager would you be to resolve the problem? Cybercriminals assume you’ll be quick to respond. In fact, they hope you won’t think twice about it.

A recent phishing scam spoofs an email notification from Zoom. The email claims that your account has been suspended and that you are unable to make or join video calls until you click the "Activate Account" button included in the email. Once you’ve clicked the button, you are brought to a convincing Microsoft 365 look-a-like login page. If you enter your details on this page, this information will be sent directly to the scammers. The bad guys could use your login credentials to gain access to your organization's network and sensitive information.

Keep you and your organization safe with these tips:
 
  • Never click on a link within an email that you weren’t expecting.
  • Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
  • When an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.
 
July 10, 2020: Scam of the Week: Exploiting the Coronavirus: A Sneaky Pandemic Relief Scam
A new phishing email—seemingly sent from your local government funding agency—is offering phony relief grants to those in need. What makes this scam especially sneaky is that the bad guys use a Dropbox link to disguise their malicious attachment. Dropbox is a legitimate and commonly-used file sharing service. Therefore, the email security filters that your organization has in place may not consider the link as a red flag–increasing the chances of this email landing in your inbox.

The phishing email urges you to click a Dropbox link so you can download a file that supposedly contains information about your relief grant payment. The link even includes an expiration date for an added sense of urgency. If you click the link, then, download and open the phony file, you’re taken to a look-a-like Microsoft 365 login page. If you enter any information on this page it will be sent directly to the scammers.

Remember these tips:
 
  • Never click a link or download an attachment from an email that you weren’t expecting. Even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • Be cautious of unexpected deadlines. Scammers often create a sense of urgency to spark impulsive clicks.
  • Get confirmation before clicking a Dropbox link. If you feel the file could be a legitimate resource for your organization, reach out to the sender another way—like by phone—instead of trusting the email.
July 3, 2020: Scam of the Week: Survey Says… It’s a Scam
Some retailers use online surveys to learn more about their customers. Completed surveys are often rewarded with small consolations, like a coupon. Sounds fun, right? The bad guys sure think so! Scammers are posing as well-known brands and sending emails that advertise extravagant rewards, like a new iPhone, for just a few minutes of your time.

Typically, the survey website displays a message claiming that there are only a small number of rewards remaining—this creates a sense of urgency to complete the survey. Usually, at the end of the survey, you’re told that you have won the prize and all that you have to do is pay for delivery. Of course, you didn’t actually win anything. The fake prize and request for your shipping details are just an excuse to gather your name, address, and payment information. Don’t let the scammers win!

Follow these tips when you are answering retailer surveys:
 
  • Always question a sense of urgency. Real companies want real results. If a survey is urging you to hurry, it’s because they want to get to the part where you hand over your personal information.
  • Legitimate retail surveys clearly outline the rules from the very beginning. If you’re suddenly asked for payment or other unexpected information, it’s a scam.
  • If it sounds too good to be true, it is! As lovely as it would be, no one hands out free iPhones (or other extravagant rewards) over the internet.
 
June 26, 2020: Phony LogMeIn Security Updates
LogMeIn is a popular remote access tool used by IT professionals to gain entry to their employees’ machines. These tools are especially popular right now with so many people working remotely. Unfortunately, with popularity, comes risk. Cybercriminals are impersonating LogMeIn in a new phishing attack. The phishing email claims that you need to click a link in the email to download an “urgent security update”. If you click this link, it takes you to a phony login page for LogMeIn. If you enter your credentials on this look-alike page, the information will be sent straight to the bad guys. If you fall for this trick, you could give attackers access to countless machines within your organization’s network.
Stay safe by following these tips:
 
  • Never click on a link within an email that you weren’t expecting.
  • If you are prompted to update any software on your work device, reach out to your administrator or IT department so they can check that the update is legitimate and safe.
  • When an email asks you to log in to an account or online service, log in to your account through your browser–not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
June 19, 2020: SpaceX YouTube Scam
Scammers recently hijacked three YouTube channels and used them to collect nearly $150,000 in cryptocurrency. They used these stolen channels to impersonate the official SpaceX YouTube channel. The hijackers played fake livestream interviews with Elon Musk, founder and CEO of SpaceX, while promoting bogus cryptocurrency giveaways. These giveaways are based on an old-school scamming tactic in which cybercriminals ask for a small payment while promising a large payout for the so-called investment.

This scam was successful for two main reasons: First, using existing YouTube channels gave the cybercriminals a large, trusting audience of subscribers. Second, the scammer’s “investment offer” appeared to be coming from the well-known, tech-savvy billionaire, Elon Musk–rather than from a random stranger–so it seemed to be more legitimate.
Here’s what we can learn from this scam:
 
  • If something seems too good to be true–like an unbelievable investment opportunity–it probably is! Question everything.
  • Whether it’s a phony website, a disguised email address, or a hijacked YouTube channel, anyone and anything can be spoofed.
  • Experts speculate that the scammers gained access to these YouTube channels through a data breach of a different website. This is a great example of why you must use a different password for every login.
June 12, 2020: Exploiting the Coronavirus: Massive Excel Phishing Attack
Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait. The phishing email looks like it is from the Coronavirus Research Center of John Hopkins University–a well known medical organization in the US. The email includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware.

If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely. Cybercriminals are using NetSupport Manager to gain complete control over a victim’s system; allowing them to steal sensitive data, install more malicious software, and even use the machine for criminal activities. Don’t be a victim!

Here are some ways to protect yourself from this scam:
 
  • Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
  • Never download an attachment from an email that you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.
June 6, 2020: Exploiting the Coronavirus: Massive Excel Phishing Attack
Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait. The phishing email looks like it is from the Coronavirus Research Center of John Hopkins University–a well known medical organization in the US. The email includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware.

If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely. Cybercriminals are using NetSupport Manager to gain complete control over a victim’s system; allowing them to steal sensitive data, install more malicious software, and even use the machine for criminal activities. Don’t be a victim!

Here are some ways to protect yourself from this scam:
 
  • Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
  • Never download an attachment from an email that you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.
May 29, 2020: Exploiting the Coronavirus: Malicious Zoom Installer
Whether you’re working from home or trying to stay in touch with loved ones, video conferencing apps like Zoom are becoming the new normal. Cybercriminals have exploited this type of application before, but their latest scam may be the trickiest yet.

Scammers are sending out phishing emails with links to download the latest version of Zoom. When clicked, the link takes you to a third-party website–not the official Zoom site–to download an installer. If you download and run the file, the program truly does install Zoom. The trick is, the installer also places a remote access trojan (RAT) on to your computer. This RAT gives cybercriminals the ability to observe everything you do on your machine. This includes keylogging (saving what you type), recording video calls, and taking screenshots–all of which can be used to steal your sensitive information.

Don’t fall victim to this scam! Remember the following:
 
  • If an email directs you to install or update an application, do not click on the link in the email. Instead, go directly to the official website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
  • When using a work device, reach out to your IT department before installing any software. They can check that the application is legitimate and safe.
May 22, 2020: Exploiting the Coronavirus: Phony COVID-19 Tracking
Countries around the world are developing COVID-19 tracking applications for mobile devices. These apps use digital tracking to help identify and notify users who have been in contact with someone diagnosed with the virus. Only a handful of countries have released this kind of app to the public, but cybercriminals are already using them as inspiration for scams.
 
The bad guys are sending phishing emails and smishing attacks (phishing via text messages) claiming that you have been in contact with someone diagnosed with Coronavirus. The message insists that you get tested and it includes a link that supposedly leads to a website where you can sign up for more information. The truth is, the link takes you to a malicious website that is designed to steal any information you enter and deliver it to the bad guys. Don’t be fooled!

Remember these tips:
 
  • Never click on a link from an email or text message that you weren’t expecting–even if it appears to be from a legitimate organization.
  • Think before you click. The scammers are expecting an impulsive click.
  • Stay up-to-date on local regulations and containment efforts through official government websites and trusted news sources.
May 15, 2020: Exploiting the Coronavirus: From Unemployed to Money Mule
Due to the Coronavirus crisis, unemployment numbers have skyrocketed. As usual, the bad guys are quick to take advantage of these hard times and are sending out phony work-from-home opportunities. Typically, these phishing emails contain grammar mistakes and offer minimal details about the hiring company and the job requirements. But the scammers still manage to grab your attention because the job opportunity includes a great paycheck.
Once accepted, these scammers ease the victim into their new "job", by asking them to complete basic errands, but eventually they’re given the task of transferring funds from one account to another. Typically, these are stolen funds and the unsuspecting "employee" is being used as a money mule. Even though these victims are unaware of the crime they are committing, they can still face hefty fines and prison time.

Remember these tips and share them with your friends and family who may be looking for work:
 
  • Be wary of emails with spelling or grammatical errors.
  • Never trust unusual requests or job offers. If something doesn't feel right, it probably isn't.
  • If you feel you have been solicited to be a money mule, contact your local authorities or report the situation to the appropriate federal agency.
May 8, 2020: Exploiting the Coronavirus: Netflix is More Popular Than Ever - Especially with Cybercriminals
Long before the COVID-19 pandemic, bad guys were spoofing Netflix emails in an attempt to collect your sensitive information. With more and more people looking for at-home entertainment, Netflix has gained over 15 million new subscribers. Cybercriminals are happily taking advantage of this larger audience!
Netflix themed phishing attacks can vary from phony email alerts accusing you of non-payment to offering you free streaming access during the pandemic. Both of these strategies include a link that takes you to a fake Netflix page designed to gather your information and deliver it to the bad guys.

Use the following tips to stay safe:
 
  • These types of scams aren’t limited to Netflix. Other streaming services like Disney+ and Spotify are also being spoofed. Remember that if something seems too good to be true, it probably is.
  • Never click on a link that you weren’t expecting. Even if it appears to be from a company or service you recognize.
  • When an email asks you to log in to an account or online service, log in to your account through your browser - not by clicking the link in the email. This way, you can ensure you’re logging into the real website and not a phony look-alike. 
May 1, 2020: Exploiting the Coronavirus: Smishing Violation!
Governments across the globe have created restrictions to help reduce the spread of Coronavirus. These regulations change often and vary by country, region, and city. So knowing exactly what is expected of you can be a challenge. It’s no surprise that the bad guys are taking advantage of this confusion!
 
Cybercriminals are using text messaging, or short message service (SMS), to pose as a government agency. The message says you have been seen leaving your home multiple times and as a result you are being fined. They urge you to click on their official-looking link to pay this "fine" online. If you click the link, you’ll be taken to a payment page where you can give your credit card details directly to the bad guys!
 
This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing because criminals know how to spoof their phone number to appear as though they're calling from an official source. Be careful!

Here’s how to stay safe from this smishing attack:
 
  • Think before you click. The bad guys want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
  • Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
  • Stay informed during this confusing time by following local news, government websites, and other trusted sources.
April 24, 2020: Exploiting the Coronavirus: Re-opening your organization? The bad guys have a plan!
Recently, some countries have chosen to lift restrictions that were originally put in place to control the spread of COVID-19. Beware! The bad guys are already taking advantage of this news. They have crafted a well-written phishing email that appears to come from the VP of Operations in your organization. The message claims that your organization has a plan for reopening, and it instructs you to click on a link to see this plan. Clicking the link opens what appears to be a login page for Office365, but don’t be fooled! If you enter your username and password on this page, you would actually send your sensitive credentials directly to the bad guys.
 
Here’s how to protect yourself from this clever attack:
 
  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.
  • When an email asks you to log in to an account, do not click the link in the email. Instead, go directly to the website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
  • This attack tries to exploit the restlessness and uncertainty of life in quarantine. Don’t let the bad guys toy with your emotions. Think before you click.
April 17, 2020: Exploiting the Coronavirus: Fear of Infection
During this storm of COVID-19 phishing scams, the bad guys love posing as your trusted Human Resources department. One recent HR scam started with an overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a mess of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.
 
The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. Who could it be? Wasn’t Bill coughing last week? I just have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to quietly steal data through your organization’s network. Don’t be fooled!
 
Remember these tips:
 
  • Watch for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
  • Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source. 
  • When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.
April 10, 2020: Exploiting the Coronavirus: Is the CDC Closing Your Facility?
As the COVID-19 pandemic rages on, the bad guys find increasingly creative ways to weaken your defenses. The newest phishing trend is an email that appears to be from the CDC (Centers for Disease Control and Prevention). The email has an intense subject line: “NOTICE OF CLOSING YOUR FACILITY AND DISINFECT NG THE AREA - BY NCDC WH 20982 COV-19 Due To Recent Corona Virus COVID-19 Pandemic.”

You’re instructed to download an attachment which is supposedly a letter from the CDC claiming that they will close your facility. If you download the file, you’d find that it is actually a malicious program designed to gain access to your company’s sensitive information. Don’t be tricked!

How to beat the bad guys:
 
  • Think before you click. These malicious actors are playing with your emotions and this threat relies on panicked clicking.
  • Never click a link or download an attachment from an email you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • If you receive a suspicious email that claims to be from an official organization such as the CDC or WHO (World Health Organization), report the email to the official organization through their website.
 
 
 
woman using an ATM

Lost your ATM/Debit card? We can help.