Posted by Michael Titens and Vlad Markovic - IS Security Manager
Over the last few months, many of us have been adapting to new work environments featuring less reliable wifi, videoconference cameos by our children and pets, and more casual dress codes. At the same time, cyber criminals have been adapting their methods to target us in our new environs. Here are a few of the latest threats:
Videoconference Vulnerabilities.
- There has been an increase in phishing e-mails and social engineering attacks, especially related to Zoom and other videoconference credentials. Beware of any email containing links and stating you missed your meeting, need to activate your account again, or that your web conferencing software is vulnerable.
- Malicious software can be sent using fake web conferencing invitations. The emails may appear to be coming from a potential client or other contact claiming to be available for a call via one of the popular videoconference services. In many cases, the invitation will contain a malicious Excel file supposedly containing the sender’s schedule.
- Cyber criminals are also registering look-alike domains to phish for videoconference credentials. Recommended precautions include only joining meetings from known contact, that you are expecting, and scrutinizing the videoconference link in your invitation – for example, a Zoom link should send you to zoom.us not zoom-meeting [dot] org or any other “strange” site.
Business Email Compromise (BEC) Scams
BEC scams include altering wire transfer and direct deposit instructions and efforts to divert escrow or other payments. Recently, BEC Scams have been incorporating COVID-19 into their fraudulent appeals. Some examples to look out for include:
- Using COVID-19 as an excuse to request a fraudulent switch or rescheduling of payments or a change to other business or government plans
- Fraudsters posing as clients requesting that all invoices be changed to a different bank account due to “Corona Virus audits”
- Attempts to exploit federal government stimulus plans and payment options
- Posing as a CEO asking to switch payments “due to the Coronavirus outbreak and quarantine processes and precautions.”
- Scammers using claims of positive COVID-19 cases in their area to start an “urgent” email conversation
If you receive a payment or other request that appears to be out of the ordinary, take additional steps (including a confirmation phone call to a person you know on a number you have used before) before making any payment. More generally, it is a good time to review existing relationships that provide for payment or receipt of funds by wire transfer to ensure multi-factor authentication is in place, identify which party is responsible for wire transfer fraud, and clarify insurance coverage for misdirected funds.
Other Malicious Activity
We have seen a spike in emails with malicious attachments that are disguised as invoices, purchase contracts, wire confirmations, and other documents that one would be inclined to open. One example of this type of a threat was a cleverly obfuscated document that stated it was a wire confirmation. In reality it was a new variant of a crypto-locker that at the time was undetectable by most antivirus tools.
The Weakest Link
Our home networks are only as strong as the weakest link. Potential attack vectors include ancillary devices, such as printers, and other devices (like routers) that still use the manufacturer’s default login (e.g., “admin”) and password. To strengthen cyber defense of routers, use strong passwords and select WPA-2 encryption. Also, disable UPnP (universal plug and play) and keep your firmware up to date (some routers can be set to allow for automatic firmware updates).
Other computers on your home network might also be the weakest link. All family members should be reminded to follow sound practices and view with suspicion any unexpected emails, attachments, or links. Also, all computers should be updated with the latest security patches to protect against newly-discovered vulnerabilities.
Based on reports from some large employers, a full-time return to the office may be weeks or months away for many of us. Maintaining good security practices and remaining vigilant will help protect our computers and networks from being compromised.
Comments