More COVID phishing scams, more phony Android apps and more security updates.
Welcome to Cyber Security Today. It’s Wednesday March 10th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Scammers using the COVID-19 pandemic as cover for phishing continue to rely on the gullibility of victims. Here are the latest examples from security vendor Proofpoint:
Last week one crook sent out thousands of emails pretending to be from the U.S. Internal Revenue Service offering to help people apply for compensation under the $1.9 billion American Rescue Plan. Two problems: First, the plan hadn’t passed Congress yet. Second, some of the emails went to Canadians, who can’t qualify for cheques. Victims who click on the grammatically incorrect ‘Get apply form” button end up downloading malware that steals passwords.
Another email campaign claiming to have COVID vaccine news has a copy of the U.S. Department of Health and Human Services logo. You can only get the so-called news if you click on a link. There are also new emails going around that pretend to come from the World Health Organization about new variants of the virus. Again, there’s an infected document attached with supposed information.
With countries increasingly setting up appointments for vaccinations, crooks are taking advantage of that as well. An email seeming to come from courier DHL Express is asking recipients to confirm their delivery address for a COVID vaccine appointment. Victims who click on the link and enter their DHL credentials are giving away their password. Hopefully recipients of this message realize there’s no reason a courier company has anything to do with vaccine appointments.
Don’t trust email messages with attachments that promise information about COVID. And ask family and friends not to forward messages they get. If you want the latest and most accurate news, go to a trusted website, don’t click on a link.
A suspected partner of the former GandCrab ransomware gang has been arrested in South Korea. The developers contracted its use out to partners or affiliates and gave them a piece of the payouts. According to the news site The Record, the 20-year-old is suspected of being one of those partners, sending phishing messages in 2019 that pretended to come from police, a court and the Bank of Korea. GandCrab announced it was ending operations in 2019, but security analysts believe those behind it set up a ransomware service called R-Evil that focuses on corporations.
IT security administrators who use the IBM QRadar system information and event monitoring suite should install the latest security updates. This comes after Positive Technologies discovered a vulnerability in the software.
Despite Google’s best efforts crooks continue to sneak malware into Android apps into the Google Play Store. This week Check Point Software said it found nine mobile apps with ways of evading Google‘s security scans. Three are utilities that pretend to be virtual private networks, two are music players, one is a voice recorder and another is a QR and barcode scanner. These apps are no longer in the Play store. Always be careful and check the reputation of apps with others before you download.
Attention Apple device users: New security updates are now available for iPhones, iPads, Macs, and Apple Watches. There’s also an update for the Safari browser for Macbooks.
Finally, yesterday was Microsoft‘s monthly Patch Tuesday. If you don’t have Windows set to automatically download updates, go into Start, type ‘Windows Update.’ and make sure you have the latest patches for Windows and other Microsoft products. Adobe has also issued patches for a number of its applications.
That’s it for today. Links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.