[2022 Issue 14] Key Cybersecurity News for H2 2022

zyxel_Lin

1. FBI: Cyber criminals create fake cryptocurrency investment apps to defraud US investors

Fast growing numbers of cyber attackers are making it clear that threat attacks’ skills are continuously improving. Cybercriminals seek to take advantage of the increased interest in mobile banking and cryptocurrency investing. The FBI has claimed 244 victims and estimates the approximate loss related to this activity to be $42.7 million.

What Is Cryptocurrency?

A cryptocurrency is an anonymous and digital currency produced by a public network, rather than any government. It uses cryptography to make sure payments are sent and received safely and anonymously. Multiple cryptocurrencies exist, such as BitCoin, Ethereum, and Monero.

According to FBI warning, hackers usually claim to provide legitimate cryptocurrency investment services and then convince investors to download mobile applications and use these apps to defraud investors. The main method is to use the information of legitimate US financial institutions to build websites, gain the trust of unsuspecting investors, and then download fake mobile applications.

Between December 2021 and May 2022, a criminal group impersonated a financial institution in the United States, persuaded investors to download an app that used the name and logo of an actual US financial institution, and asked investors to deposit cryptocurrency into the financial institution. When the victims attempted to withdraw funds from the app, they received an email asking if they had to pay taxes before making withdrawals. However, they were unable to withdraw funds after paying.

We recommend that investors must be wary of unsolicited requests to download investment applications, whether the company exists or is legitimate, and it is best to verify the identity of the other party before providing your personal information.

2. Common Types of Netflix Scams

The more popular a service becomes, the more likely it is that scammers will try to use it to trick users. Everyone knows that Netflix is the one of the top streaming platforms in the world. It is a popular target for scammers who send phishing texts and emails to Netflix subscribers to steal their login data and credit card information. Meet the most common Netflix scams - and learn how to protect yourself and your organization.

1. Payment / Subscription Issues

The scammers push you to update your account status by clicking on a phishing link in the message. These URL links will take you to a fake Netflix login page, where you'll be asked to submit your login or credit card information. Scammers can record this information and use it to hack your account or commit other cybercrimes.

2. Reward / Gift Online Survey

Netflix phishing attacks are also distributed via email. Scammers use exclusive rewards as bait to trick you into clicking an inline button to take a web survey. Of course, there will be no giveaways in the survey. The goal of scammers is to steal your personal information! They’ll record every word you enter on these fake pages and use it to commit cybercrime.

How to Keep Your Netflix Account Secured

1. Don't click a link when in doubt; go directly to the official website.
2. Never provide personal or financially sensitive information through email.
3. Check the sender’s address to see if it looks legitimate.
4. On a computer browser, hover over any links before clicking on them to see the full URL. Make sure the links go where you expect them to.
5. Install a cloud-based security application or have a security firewall to help guard your devices and personal information.
6. Report all suspicious activity: Netflix takes user data security and fraud very seriously. Therefore, if you encounter something suspicious, make sure to report it to Netflix.

3. LinkedIn-themed Phishing Email Impersonation Attacks Are on Rise

Phishing is not a new thing, we all known about it. Employees at all business levels can be scammed, no one should believe they are safe to being duped by the skilled phishers and scammers. As these tricks defrauders are constantly finding new ways to steal your personally identifiable information for financial benefit or to exploit company’s sensitive data. Recently, in a recent report by WeLiveSecurity has some important finding, one of these is that the LinkedIn phishing scams increase 232% since February this year. As report, LinkedIn tops social media brands used for phishing, the itweb notes that the top phishing brands in 2022 and highlights the emerging trend toward attacks leveraging social media:

1. LinkedIn (52%)
2. DHL (14%)
3. Google (7%)
4. Microsoft (6%)
5. FedEx (6%)
6. WhatsApp (4%)
7. Amazon (2%)
8. Maersk (1%)
9. AliExpress (0.8%)
10. Apple (0.8%)

How scammers use phishing attacks through LinkedIn?

LinkedIn now has 830 million members with over 58 million registered companies, which presents a bigger pool for potential victims. Also, one thing makes these LinkedIn phishing attacks having attention, is because its public perception as a safe space, a professional environment where users can drop their guards. These attacks utilize Email address with a LinkedIn display name spoofing and stylized HTML templates, including the official icons, brand logo and colors, to make the fake email more convincing, then they socially engineer victims into clicking on phishing links in Outlook 365 and entering their personal details into false websites. “They use targeted subject lines related to LinkedIn mentioning things like: ‘You appeared in 5 researches in this week,’ ‘Your profile matches this job’ to steered victims into clicking a malicious email.

Be careful! Here are some tips to stay safe

Scammers only need your name, email address and telephone number to rip you off. Thus, whenever you receive an email, we recommend you to follow below tips to confirm the message is legitimate:

1. Don’t forget to always pay attention to logos, branding and the email address, otherwise these tricky phishing emails address always seemed to came from LinkedIn security 
2. Check whether there are any slight changes in the letters, easy-to-find misspellings or unseemly language
3. Be careful with emails that are urgent-sounding or any email relates to change your password or includes suspicious links to take you to others websites
4. Think about it before you open the email attachment while receiving unsolicited emails
5. Use two-factor authentication (2FA) for robust security protection
6. Always have a reliable anti-virus, anti-malware or anti-phishing services updated and running on your devices