Category Archives: Threats

This icon can ruin your iOS

Hackers are using the familiar Apple settings icon to trick users into hacking their own iOS devices. As I discussed in a previous post, this can permanently destroy your device. If you ever see the settings icon and a request to install, confirm or cancel, do not click any response presented. Rather, you should immediately close your app.… Read More »

USPS helps criminals read your mail

The U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. This would have been less of an issue before they released their latest service called Informed Delivery, which allows users… Read More »

Gift Card Scam

The Internet Crime Complaint Center received an increase in the number of Business complaints requesting false requests to purchase gift cards. The victims receive either a spoofed email, a spoofed phone call or a spoofed text from a person in authority requesting the victim purchase multiple gift cards for personal or business reasons.

Equifax 17’ Breach – The fallout starts now.

If you were one of the 143 million Americans that had their data compromised in the September 2017 Equifax breach you will want to read on. According to the FBI, thieves that steal personal data park the information until it can be used with the greatest likelihood of success. Then they sell it, and you become a victim… Read More »

Facebook 90M Hacked

Attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.

FBI: Remote Desktop Compromised

Remote administration tools, such as Remote Desktop Protocol (RDP), as an attack vector has been on the rise since mid-late 2016 with the rise of dark markets selling RDP Access. Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information.

FBI: Personal Data Used in Online Scams

The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties.

FBI: Tech Support Fraud

Based on new reporting, the Internet Crime Complaint Center (IC3) is providing updated guidance regarding technical support fraud. Tech Support Fraud involves a criminal claiming to provide customer, security, or technical support in an effort to defraud unwitting individuals. This type of fraud continues to be a problematic and widespread scam. In 2017, the IC3 received approximately 11,000… Read More »

Fake Security Alerts

Should you get a pop-up like this one. Do not follow the advice in the window, and in particular, do not call the number in the window. Just close the browser immediately. DO NOT click on any part of the window, as this can trigger a virus installation. If the pop-up is preventing you from closing the browser,… Read More »

FBI: Internet of Things Devices

Common Internet of Things Devices May Expose Consumers to Cyber Exploitation In conjunction with National Cyber Security Awareness Month, the FBI is re-iterating the growing concern of cyber criminals targeting unsecure Internet of Things (IoT) devices. The number of IoT devices in use is expected to increase from 5 billion in 2016 to an estimated 20 to 50… Read More »

FBI: Internet-Connected Toys

Consumer Notice: Internet-Connected Toys Could Present Privacy and Contact Concerns for Children The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments. Smart toys and entertainment devices for children are increasingly incorporating technologies that learn

iOS: Profile Hack

There is an extremely nasty hack that will brick your iOS device if you let it in. It installs itself as a Profile on your device.  In one particular instance, we discovered the Profile was named “Emergency Alerts” and had been allowed by the user clicking on a popup link that indicated these would help in the case… Read More »

FBI: Business E-mail Compromise

Business E-mail Compromise E-mail Account Compromise The 5 Billion Dollar Scam This Public Service Announcement (PSA) is an update to Business E-mail Compromise (BEC) PSAs 1-012215-PSA, 1-082715a-PSA and I-061416-PSA, all of which are posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center (IC3) complaint information and updated statistical data as of December 31, 2016. DEFINITION Business… Read More »

FBI: Tech Support Scam

The subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Recent complaints indicate some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received… Read More »

FBI: Spear Phishing

Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The e-mails are ostensibly sent from organizations or individuals the potential… Read More »

FBI: Avoid BEC Scam

In October 2013, the Internet Crime Complaint Center (IC3) began receiving complaints from businesses about about trusted suppliers requesting wire transfers that ended up in banks overseas—and turned out to be bogus requests. Since then, losses from the business e-mail compromise (BEC) scam have been significant. “For victims reporting a monetary loss to the IC3, the average individual… Read More »

PBX hacked

Make sure your phone vendor has a secure pin setup in your PBX, the strongest possible with more than 4 digits would be great. Also consider blocking international service through your carrier if you do not need it. Below is an example of what can happen. Someone gained access and had our calls being forwarded to a number… Read More »

FBI: Holiday Shopping Tips

The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing e-mails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being… Read More »