The Technology blog and podcast

The Security box, podcast 110: Paypal Phishing scams use paypal invoices to trick users in to clicking!

If you didn’t read the article about today’s topic, you’re going to get another copy with these show notes and the podcast.

I just uploaded the file to the RSS feed and here is the 124.97mb file.

Here are the show notes for those who want to review them, and we’ll see you on next week’s podcast! That blog post is already posted on the topic, but we’ll have more posting later.

---

Hello folks, welcome to the security box, podcast 110.

On this edition of the podcast, we’re going to cover news, notes and other things around the landscape.

Besides that, it seems like Paypal may be in some big time scam problems as their invoicing system is being abused. Learn about it as we talk about the article PayPal Phishing Scam Uses Invoices Sent Via PayPal which was written by Brian Krebs.

Besides all that, the news as mentioned above, and this topic, we’ll see what other topics might come up as the show progresses.

I hope you enjoy the program as much as I am bringing it to you! Thanks for listening!

Comments (0)

Ransomware attacks jump in July, should this be a surprise?

As we learned in our blog post talking about subscriptions, it may come with nasties like Agent Tesla (Check Point Software) and even others. But this isn’t the only nasty you can get, as that one is a Rat.

If you remember us talking about gangs like REvil, you know how back then it was just a single payment, if not a duel.

Now, there are more forms of payment they can use, not in the crypto currency aspect, but how many times you can get picked, or even what they want with each attack.

This leads us to the Cyberscoop article Ransomware attacks jump as new malware strains proliferate, research finds and ransomware is not the only malware out there.

As you’ve learned with Agent Tesla, it can do quite a number on your device, especially if you use a computer.

While I’ve not read the link thoroughly, we know that Trend Micro talked about that one some time back, so search it out.

Remember too, that malware can come in many forms, see all of our Android notices within the past month.

The Security Box and Throwback teams indicate that the total number of Android malware that was found to date in August alone was 201. That leads IOS with only 7 that we know of.

As we stated Saturday, it seems like a game of threes. IOS 7, Android 201.

Throwback RSS

The number of incidents were 135 in June to 198 in July. How they get these numbers, I don’t know, as in the throwback program we did last Saturday, I got three files alone in an email address we just don’t make public. Its specific to email list subscriptions that I’m on. That’s why I included a link in my prior article about this in the subscription aspect because it doesn’t matter what type of malware it is, its all bad.

We know that a French hospital was targeted

article

and that honestly doesn’t matter to the actors.

Hospitals have been the higher target ever since the pandemic, even though actors stated they “wouldn’t go after critical infrastructure” which included hospitals at that time.

Lockbit was associated with only 62 incidents which was only 20% higher than June. We know that Lockbit is probably not the most major threat because of Emotet coming back, but they all work together to get their wares out there.

Let me know what you think of this Cyberscoop article, and we’ll be on the lookout for comments. There are more links to groups covered and what is happening with them, and I don’t want to cover every single thing in the article.

Let the boards begin.

Comments (0)

Social Media attacks are on the rise, q2 report shows

In a Phishlabs article talking about the Threat Trends and Intelligence Report, we learn that social media and fraud are up.

The article from Phishlabs this time is Fraud, Impersonation Fuel Q2 Increase in Social Media Attacks and I don’t think I should be surprised about this one.

The most interesting thing I saw was a paragraph that states that organizations will experience 95 social media attacks per month on average. While I don’t know what the numbers were before, actors take social media and just abuse it. That paragraph says:

The average organization can now expect to experience nearly 95 malicious attacks on social media per month. This is a more than 100% increase in threatening incidents over the course of a year. The threat types in this dataset do not include the considerable volume of attacks solely targeting a brand’s reputation.

So not only do we have to worry about our social media, whatever brand we work for or use, but now we’ve got more attacks to deal with? Wonder if its time to get off of social media? I hardly use mine, although I’m glad I have it instead of someone impersonating me and taking my picture and making it their own.

I’ve created accounts for my network, the braille2000 accessibility pages and of course the Mix has their own twitter, but we’re small compared to other well-known single brands like Target and Walmart just to name two.

That doesn’t matter to actors though, they’ll go big, small and anything in between.

We haven’t even mentioned every service that Social Media could cover either, so the footprint could be covering multiple platforms.

Under top threats, the thing that jumps out at me is the first paragraph I think. It says:

The impersonation or spoofing of a brand or executive on social media contributed to more than 40% of share of all incidents in Q2. This is the second quarter Impersonation attacks have represented the majority of threats, despite experiencing a 6.1% decrease from Q1.

Of course, executives are not out of the loop, as the very next paragraph should make them sit up straight. It states:

Notably, Executive Impersonation has climbed steadily for four consecutive quarters to represent more than 15% of share of attacks. Impersonating a corporate figure on social media is unchallenging and effective for threat actors, as personal images and commentary are increasingly accessible online. A positive executive presence on social media is indicative of the health of a business, and misleading or malicious accounts tied to the face of an organization have the ability to cause lasting brand damage.

There’s plenty more, and if this interests you, please read it. You won’t be sorry, but yet maybe you won’t sleep either. I’m not responsible.

Again, the article is Fraud, Impersonation Fuel Q2 Increase in Social Media Attacks for your reading pleasure.

Before I go, please make sure you read the section on attacks by industry.

In Q2, the Financial Industry represented the majority of social media incident volume, fueled in part by increased fraud and impersonation attacks. Nearly 70% of attack volume targeted the group, consisting of National/Regional Banks, Other Financial Services, Credit Unions, Cryptocurrency and Payment Services.

Banks were the most targeted industry in Q2, contributing to 30.5% of share of incidents. National and Regional Banks consistently experience the highest level of abuse compared to all other industries. Other Financials (i.e. asset management and financial advisory firms) came in second, after experiencing a 6.2% increase over Q1 to represent 17.6% of incidents.

There are other details about credit unions, and computer software companies that are notable within this article.

Retail faired no different, althought they declined in q2, the number of incidents rose mainly because of brands and social media.

Other industries abused included:

• Cryptocurrency 6.2% (+1.8%) (rise)
• Dating 5.1% (-1.7%) (decrease)
• Payment Services 4.8% (-1.6%) (decrease)
• Staffing & Recruiting 1.4% (-0.4%) (decrease)
• All Others 2.3% (-) (possibly steady)

There are plenty of links that lead to other types of info, and a link to download the full report is also available.

Now, its time to go, so we’ll be in touch with each and every one of you on the podcast set, if not commenting on our blog or on the list. Keep safe!

Comments (0)

Subscription emails are on the rise, look out for these

Remember this email (blog post) that from 2020? We recently talked about it again in a recent podcast.

Also, remember this email (blog post) from this past year?

Both have similarities, and now its getting worse it seems.

Komando.com has recently sent an email about AntiVirus renewals that have really no merit. This is because they send an email or even according to this article send it through the post telling you that you have just paid for some sort of renewal.

Below, please find such an email, noting the glaring spelling mistakes and other characters. I’m leaving this in place to show you what I’ve seen. It isn’t an antivirus renewal, but it is a renewal just the same. Note, all spelling mistakes need to be left in place in the quoted material as this needs to be shown as it is.

---

Order completed successfully #SRD2016805
Subject:
Order completed successfully #SRD2016805
From:
“Hugh” <>
Date:
8/17/2022, 10:22 AM
To:
“jared” <>

Hello Exist?ng Customer 
 

?our In?oice ID  # 10982522NVUC 

We have received your order réquest to renew and re-activate the annual subscription plan as the last year pc services lapsed today (17 Aug 2022).

The sum amo?nt of $ 395.88 is being processed through your account funds against the device & netw?rk prôtection shìeld [ auto debit recurring charge ].

This charge will appear on your account statement in few hóurs and the same fee will be debited annually as you requested for a?to debit pa?ments last year.

In any circumstances you wish to change your updated payment preference or stop the automatic annual payments, please feel free to contact us within 24 hours.

For any kind of help/assistance – Call us –  # +1 (818) 477 4686

Thank ?ou In Ad?ance !

Donald R. Robinson
O?line Customer ??pport

---

---

As part of recent articles, Kim has mentioned some of these signs like very interesting characters within the text, mainly to try and get around spam detection. You can see with this email I got this past month that there are a lot of different characters and the email itself is not even making sense.

I got two others telling me about some type of bank transfer, and another subscription, and all of these were sent to an address of mine that is not public but used for other things. All of the files were a .rar file, and inside were executables.

Running those files through Virus Total told me that a majority of products detected this, and the top result was Agent Tesla.

(Check Point Software)

According to Check Point and other searches on this, it is a rat (Remote Access Trojan) that will do pretty big things to your device. It was the 6th most prevalent malware in 2021.

While I can’t pronise that the scams dealing with your antivirus will contain attachments for invoice remitance like another email I got, it all is pretty much the same. Click on the link or the attachment and you’re doomed.

Have you seen the article Got an email about your antivirus? It might be a scam from komando.com yet? Better get yourself ready for a read, because there could be some similarities. Make sure you’re as secure as possible. Thanks again for reading, learning and participating with us.

Comments (0)

Are you in to sports? Better read this one, especially if you stream football or other sports

While there are legitimate streaming service such as ESPN, Sirisxm and Yahoo, scammers are now turning to the sports field to try and get you to hand over personal info including SSN.

High schools never streamed games until the pandemic, and now they’re continuing this practice even after we’re now in full session once again. The problem is, parents still want to stream, but actors are wanting to take advantage by sending you to illegitimate pages to “stream” the game(s) they’re looking for.

For complete details, suggestions from the BBB (better business bureau) please read the article: Don’t fall for this clever streaming sports scam and please stay safe!

Comments (0)

Old Threats, new highs, Response based emails increase in quarter 2

In keeping up with the Q2 threats that were talked about as part of the report, Phishlabs talks about the fact that response-based email is going up.

This post is more in the corporate world, so consumers may not necessarily see these types of attacks, but we should know about them anyway.

With that being said, one of the headings may concern every single one of us. That is, credential threats such as stuffing and theft in general. The first paragraph of this section of the article says:

In Q2, Credential Theft incidents contributed to the majority of email-based threats, representing 54.5% of volume. Although Credential Theft activity declined 4.2% from Q1, it continues to be the top email threat to corporate users.

With that said, we may be targets if we don’t pay attention to what is out there.

Office365 is a great target, says the article. It is up 17 percent from last report. The paragraph talking about office365 says:

Attacks targeting Office 365 accounts are climbing, up 17.7% compared to Q4 2021. O365 incidents represented nearly 60% of all Credential Theft phishing attacks that contained a link, reaching a six-quarter high in share and volume. Account credentials associated with collaboration applications and tools are valuable assets to criminals, who use stolen login information to access multiple machines within a network. Malicious attachments such as Docuphish made up 15% of Credential Theft attacks, declining 5.2% from Q1.

Under response based email, the first paragraph talks about scams like the advanced fee scam “419” or the Nigerian Prince scam. I talked about getting such an email some time back when someone on twitter who ended up getting suspended sent me such an email..

That story, as sad as it was, was a message just asking me to email a particular address. I asked why, and I was just told to do it.

The 419 scam works like this. Someone claims they have millions stuck somewhere and they’re on the verge of dying, or having trouble keeping the money in the country. They want you to take a majority of the money, but for you to get it, you need to pay some type of fee.

Advanced-Fee Scams (419) represented the top Response-Based threat-type in Q2, contributing to more than 54% of share of volume. Advanced-Fee Scams are consistently the most reported threat-type within the group and so far have increased 3.4% in 2022.

Continuing, that section says:

Despite demonstrating a slight decline in share, hybrid Vishing attacks were the second most reported Response-Based threat type, increasing 625% from Q1 2021 to Q2 2022. This represents a six quarter high in volume. Hybrid Vishing emails use a unique combination of email lure and mobile number within the body to convince victims to call a fake representative. Once the parties engage, the victim submits their personal information, believing it is being received by a legitimate and familiar business.

This is the biggest stat I want to highlight and you heard in podcast 364’s audio that covered the report. I mentioned it both on the box and Throwback’s hour of security, and everyone just doesn’t know what to say about this one.

It puts every other number to shame, and that, i just don’t know what to say. While the vehicle calls seemed to have dropped, other types of phone calls might come to you. Nick told me that he got one by Amazon about some order that he never even ordered from them as an example.

I could continue to take this article apart, but I’ll leave you with that big stat, and if you’re interested to read more, the article again is titled Old Threats, New High: Response-Based Emails Increase in Q2 and it comes again from our good friends at Phishlabs.

Please take the time to read this article, some of it might affect you. Thanks so much for reading, participating and learning with us.

If you haven’t downloaded podcast 364 which covers the threat trends and intelligence report, go over to our podcasts category and find the blog post to download your copy. Its a must listen to podcast if you want to keep yourself as safe as possible and not be a statistic. Thanks Phishlabs for putting on these reports, and we’ll see you next quarter for q3. Its going to get very interesting.

Comments (0)

This week’s podcast topic, paypal, phishing, and legitimate invoices

Hello all,

On this week’s program, we’re going to explore a new phishing attack that could in theory affect your every day user.

Have you read PayPal Phishing Scam Uses Invoices Sent Via PayPal by Brian Krebs?

If you haven’t you should, and feel free to leave your own thoughts about what’s happening and what you think.

I look forward in hearing from you. I’d love to see what others think. The show notes are ready to go, and this one, may not be covered anywhere else. If it is, listen to it, hear what they have to say, and do let me know.

Comments (0)

Duck Duck Go email now up for all

Kim Komando is sending the email out about duck duck go email. There’s instructions and things you need to know.

One big thing you need to know is that it doesn’t replace your current email, rather, they strip trackers from your email and then forwards it to your existing email.

To learn more about it, How to set up and use DuckDuckGo’s private email service which comes from their site, and I hope this may be of use for people.

Comments (0)

The Technology blog and podcast, podcast 365: The U-Tec smart lock

This probably isn’t my best demo, but then again, there are parts of the app that are not that accessible, or crash with Voiceover running.

I give it my best as I give you a 6 in one lock I had installed here to replace the lock that broke when changing its batteries.

For those who don’t have RSS, you may download the 48.65mb file for you to enjoy.

Here are the show notes.

---

Welcome to podcast 365 of the technology blog and podcast series. On podcast 365, we talk about U-Tech and the recent new lock I got.

Its probably not the best demo I did, and there are some accessibility issues and crashes but I thought I’d put it out anyway.

I hope that you will enjoy the program as much as I am putting it together, and make it a great day!

---

I released the program to the RSS feed on Friday, but I’m releasing it to the blog today as I got involved in other things.

I hope you enjoy the program and thanks for listening to the series! Its been fun putting this one together.

Comments (0)

Carriers on average, keep our data for two years

Hello folks,

I don’t know about you, but is it really necessary to keep data for at least 2 years? In a way, I’m glad this article was published, but some of the companies keeping our data for 5 years is a little much. Although, the IRS says to hold on to stuff for 7 years, I think all this is extreme.

Let’s say you’re done filing your taxes. Once you get whatever you return is, you don’t need that data. If there isn’t any investigations in a certain area in a certain period, get rid of it. The problem is, you don’t have any oversite on whether the data is used as it should anyway, and its a good thing I don’t collect such data. If I did, it’d be 30 days for tracking data, and if you weren’t part of any investigation, I’d remove it. There is no need to keep GPS data to do day-to-day business, is it?

Most top mobile carriers retain geolocation data for two years on average, FCC findings show comes from Cyberscoop and it is a very interesting read.

May the comment boards await you.

Comments (0)

There’s a new ransomware in town, and its got an agenda

In a very detailed post titled New Golang Ransomware Agenda Customizes Attacks by Trend Micro, we find out that this ransomware thing is quite detailed in what it wants to do, and knows exactly how it is going to be doing things. This is definitely something you don’t want to have on your system, especially if you’re in this community I serve.

Trend Micro always does a great job on posts like this one, and we covered a similar article like this on the podcast, but I had to leave out a lot of detail. Instead of doing that, let’s let you read from their blog and have you know that this thing is something you just don’t want.

Thanks for reading, make it a great day.

Comments (0)

check your spelling before submitting

Hi all.
This is a friendly note to all content creators to try to check their spelling before the thing goes live or when it does if you read it back to make sure its actually ok.
I hate to gripe especially on a weekend, but this is the second time this month I have had to correct misspelt words.
Incident has no s in it.
I mean I don’t care to be picky and even I slip on this aging gaming board.
In fact I may hit a letter and it appears twice.
That can be a little annoying but when the mistake is intentionally made a couple times that is a little of an issue.
When things start not making sence.
Its not a big issue, except I need to correct them so it reads otherwise I get it sticking in my ass and I don’t care for it really.
Thats all.

Comments (3)

Watch Out for fake Adobe apps for PC

There are adobe products making the fake list

There are different apps making the naughty list on the adobe front as they pedal problematic problems if you download them. Not surprisingly, the TLD domains they’re using are .xyz and .cfd, the 2nd, I’ve only recently seen in Spam email through the JRN’s email directly if not through our contact form too.

We need to be careful on what we get, especially going to domains that may not be familiar to us.

For the details, please read the article Fake Adobe Acrobat downloads are infecting computers for all of the details.

Thanks for listening!”

Comments (0)

Have a Plex account? Here’s something for you

Going through email, komando.com is telling us that Plex is the next victim in the cybercrime statistic.

Not only do they offer streaming services, but you can take your things with you.

The good news, if you’ve used two-factor, you may not necessarily have to change your password, however, they’re recommending it because a small portion of a database was illegally accessed.

The investigation is still ongoing, but it is recommended on changing your password.

To learn more, please read this komando.com article: Have a Plex account? Change your password now for all of the details and steps you can take, today!

Comments (0)

Lastpass had a recent security incident, here are the details

Lastpass posted about a recent incident involving their developer platform. According to the blog post, no user data was ever accessed, and they hired an investigation team to determine what was going on.

Should they feel they need to send an update through the blog, or even send an email to you, the user, they’ll do so.

Notice of Recent Security Incident was posted to their blog today, and we’re wanting to get the word out.

Since there is nothing we need to do, according to the article, let it be known that anything is possible. Even actors are going after companies like this one because of the amount of data we share with them.

In the article, it talks about the zero-trust architecture of how they’re built, what it means to us and them, and describes what happened.

While it is an unfortunate event, the fact they’re letting the public know about such a problem is a good thing. It shows that even though there was a mistake somewhere, they were right on it, delbt with it, then sent out a notice within 30 days of the issue.

Great job, Lastpass! Please keep up the great work.

Yours Truly,
The JRN

Comments (0)

The Technology blog and podcast, podcast 364: The Threat Trends and Intelligence Report

Hello all,

We’ve been talking throughout the podcast series on TSB about the threat thrends and intelligence report from Phishlabs. On this podcast, we’re presenting this as a podcast, which was attendended on August 16th of this year.

You can read more about it by finding a link to the Phishlabs blog within the show notes below.

Before we do that however, the RSS feed will be getting a copy of the show.

Now, here is the 53.42mb file for you to have if you don’t have RSS.

Now, here are the show notes.

---

---

On this podcast, learn about what threats we face as part of the q2 report from Phishlabs. Go over to the blog for complete details in articles and ways to download the report. Enjoy!”>

Comments (0)

Police departments say, “we don’t have to tell you where we get our data”

In an article we posted to the TSB list recently titled House leaders demand law enforcement agencies provide details on use of private data we learn how bad it really is for a good number of people.

It seems as though law enforcement are buying our data, instead of going through the appropriate judicial processes we are supposed to enjoy in this country.

The letter follows a House Judiciary hearing last month in which witnesses testified about the rampant use of private databases by federal agencies in law enforcement investigations.

How many law enforcement agencies are involved? We honestly don’t have a count, and I don’t believe the article says, but the article does state that this is becoming a problem.

What made me think we should talk about this on the podcast was this paragraph. It says:

“Recent investigative reports indicate that many law enforcement agencies—including yours—have purchased data or licenses through relationships with data brokers, instead of obtaining it through statutory authorities, court order, or legal process,” they wrote.

The the ICE agency spent at least 400 million dollars on surveilance technology.

There are lots of links here, better read this one, its a world wide problem, and not necessarily a U.S. problem. Thoughts are welcome/.

Comments (1)

KNX says, Cosmetics giant Sephora settles customer data privacy suit

This is the first time I’ve seen news on this, but this knx article titled Cosmetics giant Sephora settles customer data privacy suit I saw when just spotting the news to see what was of interest caught my eye.

The company stopped short of admitting anything, but at the same time, we don’t really know the full story.

They said in the article that the company claims they don’t sell data, but eventually got caught. They then said they’d make things more clear and allow people to opt out.

A very interesting story I think, feel free to check it out.

Comments (0)

The USPS is being targeted now for Smishing

Smishing is basically phishing through text messaging. Today, komando.com is letting us know about this Smishing attack where someone is pretending to be from the USPS which is the United States Postal Service here in the states.

The text looks very real, similar to what we talked about yesterday on the box, the email from way back in 2020 which we talked about in podcast 18 of TSB’s podcast series.

If you follow the link given in the series of messages, the resulting page will ask you for personal information.

Want to read more about this attack? The komando.com article is titled Scam text alert: Click this and it will steal your login.

Be safe, be alert, be informed.

Comments (1)

The Security box, podcast 109: Our Court System is no different than everyone else

The question on this podcast is simple. What’s going on with the federal court system and personal data that we have to share with them in cases?

The 118.2mb file is available to download. The RSS feed will be getting the file soon.

I hope that you enjoy the show as much as we have bringing it to you.

The show notes with links follow.

---

Welcome to the Security Box, podcast 109. On this podcast, besides doing a recap of the news because of our tech problems, we’re going to cover some court news that probably doesn’t surprise some of us.

The article is titled Federal courts left Americans’ data exposed, senator tells Supreme Court chief justice and it comes from Cyberscoop.

We’ll also see who may be in clubhouse, brings up any questions to ask, and we’ll see what else the program has to offer.

Find something you’d like to have us talk about? Why not subscribe to our discussion list through the mix, or find a link on the blogroll for the security box email list. We would love to have you. Feel free to say hey!

Comments (0)

Older Posts »

go to sections menu

---