Archive for KnowBe4 Scam of the Week

KnowBe4 Scam of the Week: Fake Financial File Phishing

In a recent phishing email scam, cybercriminals use vague financial terms that attempt to make you curious enough to click the attachment in the email. The subject of the email is “Remittance Summary,” and the malicious attachment is named “Payment Advice.” The body of the email only says, “Find attached payment advice for remittance.. Kindly revert.” The sender of the email appears to be legitimate, but it is actually sent from a fake sender address. If you download the PDF file, the malware will begin installing on your computer.

The attached malware is designed to gather sensitive information from your device. It can find personal data stored in your web browser, such as login credentials. It can also install a keylogger, which is a type of malware that records every key pressed on your keyboard. Whenever you enter your username and password, the keylogger can record exactly what you’ve typed and send it directly to the cybercriminals.  
Follow these tips to avoid falling victim to a financial phishing scam:
Be skeptical. If an email looks suspicious or contains unusual grammatical errors, immediately report it to your organization.
Check the email address carefully. Cybercriminals will often use email addresses that appear very similar to legitimate senders.
Never download unexpected attachments. If you’re not expecting an attachment or the email is from someone that you don’t know, don’t open it.

The KnowBe4 Security Team

SCAM OF THE WEEK: Invitation to a Malware Party

Cybercriminals recently targeted European diplomats by impersonating representatives for the ambassador of India. They each received a fake invitation to an exclusive wine-tasting party. But, the invitation was actually a trick to install malware onto their devices. This type of scam could be used to target anyone, so let’s take a closer look at how it worked.

The scam starts with a simple phishing email that includes an attached PDF file. The PDF file is a convincing invitation to a party, complete with official-looking letterhead and contact information. The invitation asks you to complete a questionnaire in order to reserve your spot. If you click the questionnaire link, you are redirected to a website that automatically downloads malware onto your device. Once installed, the malware hides on your device and sends data back to the cybercriminals. 
Follow the tips below to stay safe from similar scams:

  • Be cautious of unexpected and exciting opportunities. Remember, if something seems too good to be true, it probably is!
  • When you receive an email or invitation, stop and look for red flags. Consider the timing of the invitation and look for any spelling or grammatical errors.

Never click a link or download an attachment in an email that you weren’t expecting. 

SCAM OF THE WEEK: An Early Tax Reminder From the IRS

Cybercriminals are preparing for the busiest period of the year, which is tax season.
It is important to remain vigilant and exercise caution before clicking on anything.

The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams.

Tax scams aren’t specific to the US. Around the world, cybercriminals are readying their phishing emails and text messages (smishing).

Handling your taxes is often a difficult task. So, bad actors use this sensitive topic to catch your attention or manipulate your emotions.

Follow the tips below to stay safe during tax season:

  • Know what to expect from your local revenue agency. For example, in the US, the IRS typically contacts taxpayers by mail, not email or text.
  • Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
  • Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed.

Stop, Look, and Think. Don’t be fooled.

Article provided by:

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering.

All branches will be closed Monday, May 27th, 2024 to observe Memorial Day. You can bank with us anytime, anywhere with our Mobile App or Advantage Plus Online Banking!