cancel
Showing results for 
Search instead for 
Did you mean: 

General Discussions

Covid 19 and Phishing Scams

Just wanted to share that my company is seeing a lot of Phishing Scams related to this pandemic. People sending emails that say stuff like, "you have been exposed to Corona Virus" please fill out the attached document and take it with you to the emergency room. 

They want you to infect your machine or supply information with that document. 

Remind co-workers, friends and family, especially the elderly that very little real notifications come in via email and text that has attachments that have to be completed. These are virtually all bad news. 

If you think it may be real then go to the website for the company yourself. DO NOT FOLLOW EMAIL LINKS, as they can lead to imposter sites that look real.  Then contact them if what you recieved is real or not. 

Amazing that these jerks use this situation to pray on even more people. 

0 Likes
19 Replies

Doesn't your company have Spam filters to prevent those type of emails?

Crooks use whatever opportunities to enrich themselves at the expense of the victims. No morals or ethics.

0 Likes

Yep 3 levels of them actually at the cloud server on the network appliance and on the workstations. However a lot of the new ones are not blacklisted by anyone yet so they make it in randomly. Luckily most of our workers are fairly on top of this. We have had in the past though people that have opened junk right out of the spam folder. If you know of a fool proof way to stop it, I am all ears! Unfortunately much of the time IT Pros can only play catch up to the bad guys. 

0 Likes

I would also guess that with the shear number of valid Covid 19 emails that are essential to go out right now from basically anyone you have ever dealt with electronically, that the filters are likely set pretty liberally right now in the cloud. That is where most of our stuff usually gets blocked. Far more than our local rules.  Most of them work of content recognition in the emails not just recognizing a problem attachment. You set that too aggressive and you start blocking legit emails too. 

It just sucks that people can't be decent enough to not try and profit from a situation like this.  

0 Likes

Sadly there's no way to prevent morons from being morons. My company sent out a company wide email again advising us about the Covid-19 phishing emails and such, and some moron actually opened one and compromised his system, though luckily our IT department was proactive and had already blocked all traffic outside the whitelist, as all traffic is routed through our own VPN. That's about the only way I can think to prevent it.

Unfortunately the truth is when it comes to malware the best prevention is just having people who remember to use safe practices and don't open attachments from people you don't know or from ones you do that you are not expecting something. Our CSR's are told to call customers and verify they sent email with attachments if we don't already know it is coming. My traffic all comes into our VPN tunnel too, however we don't have a local exchange server and the emails come from the cloud encrypted so the network appliance doesn't do much. We have a decent Sonic Wall device but I wish we had the resources to have way better setup. So basically when it comes to email it is down to the cloud, local rules and and black lists. We have such an influx of new customers all the time that white listing just had not been practical for our operation. However if this stuff escalates more it is a very good idea to whitelist, so thanks for the idea, and may prove the only way to further help things. Luckily so far we have not had an issue other than receiving a few of them. I just wanted to remind people and more so have the educated users in these forums remind people they know to be way more vigilant right now. 

0 Likes

I have noted that many phishing efforts are distributing ransomware.

This seems to be the way many companies are penetrated and hacked to death.

0 Likes

Yes ransomeware is about the scariest thing going. I started using encrypted local backups of this a few years ago just before the wanna cry outbreak. I had also just installed a couple levels of works station protection as well. I was very thankful I had just been to a security seminar talking about this right before and it seemed like something to take very seriously. I was very glad I had taken immediate actions. With all the people we have working remotely right now I have never been more worried about getting a local attack.

0 Likes

Another good time to plug the software I use, Macrium Reflect. It's a disk imager like Acronis. I use the free version which lacks the ability to do incremental backups and encryption, but it can still do differential backups. A good choice if you already use full disk encryption on your destination drives.

https://www.macrium.com/reflectfree

0 Likes

I've used both. Had spotty results with some of the others, but Macrium and Acronis to me are the best. Currently using Acronis 2020. They had a free Acronis ransomeware product that was standalone. I don't see it available to download on their site anymore and believe they rolled it into the 2020 paid product. I use the Macrium reflect free all the time to upgrade people to solid state drives. It's awesome for free. 

0 Likes

pokester wrote:

Yes ransomeware is about the scariest thing going. I started using encrypted local backups of this a few years ago just before the wanna cry outbreak. I had also just installed a couple levels of works station protection as well. I was very thankful I had just been to a security seminar talking about this right before and it seemed like something to take very seriously. I was very glad I had taken immediate actions. With all the people we have working remotely right now I have never been more worried about getting a local attack.

Unfortunately encrypted files are attacked by ransomware as are any and all network resources. some are even found to be hacking servers to try to spread into more systems.

0 Likes

I have seen spam galore from Appspot which Google runs and seems indifferent to the scams from them

makes google the king of spam

0 Likes

Pokester you might want to use this article from ZDNET that just came out as an example to your company's employees about opening unknown or strange email: Microsoft: How one Emotet infection took out this organization's entire network | ZDNet 

"Microsoft has detailed the plight of a customer whose entire IT network was brought down after one employee opened a phishing email that delivered the notorious Emotet banking trojan and credential-stealing malware."

0 Likes

Thanks for tip. I like the idea of two factor email verification. We however are using a cloud service that as it stands does not support this. However it being in the cloud instead of on a local exchange server by itself adds another layer of protection. We are looking into changing to another service before long that is what our parent corp has going in other operations. On thing nice about the sonic wall is that it emails me if there would be an unusual increase in outbound traffic such as a botnet. Sometimes however by the time you see that it could be too late as well, but there are some nice security measures built into these devices. There lower end devices are not to bad on price either and I have been thinking of getting one for home. On our work network my switches and access points are all new within the last 6 months and are the latest devices from ubiquity. I also have their cloud key gen 2. With their software I can literally see every bit of traffic from every device on the network, again though unless you are watching or going back through logs you certainly can miss things. I am glad that our company being a manufacturing company uses a lot of cloud services and not on-site services. Even our credit card payment is through the cloud. So no local customer information exist here. Obviously if the workstation that process this had a keylogger that could be an issue. However that machine is about the most locked down device in the building. Using only limit user account and an outgoing firewall that has to whitelist for new access. So you do what you can and thats about it. I always appreciate the shares on security stuff as I am sure I have still missed a lot I could be more proactive with so thanks again. It is a scary time with so many remoting in. 

0 Likes

On my site some time ago, I wrote a post on how a virtual machine was broken into and it was then systematically used to hack into other servers where it eventually was able to spread widely before a security detection system noticed it.

The attack was on an Azure server. Every server broken into was encrypted with ransomware and the mess was brutal.

0 Likes

Yes that is too bad. The reality is that sometimes the more security you through at a situation only creates even more opportunities for things to go bad. It is often a losing proposition these days. You just can't win. I fear the bad guys will continue to be one step ahead forever. 

0 Likes

Ironically it could be an increase in security which is allowing the security breaches, that is, companies relying on security features to keep them safe rather than a proactive IT department and proper employee training...Granted it could save quite a bit of money by having a more lax IT department, but one breach can cost many fold the savings in rectifying it.

0 Likes

This is pointed out in most of the security seminars. The best thing is users knowing what to do. 

0 Likes

pokester wrote:

Yes that is too bad. The reality is that sometimes the more security you through at a situation only creates even more opportunities for things to go bad. It is often a losing proposition these days. You just can't win. I fear the bad guys will continue to be one step ahead forever. 

I offer my security skills but so far not many inquiries. 2/3 of companies have been broken into.

0 Likes

This Chinese site has malware you linked to. Advertising websites in this forum is against forum rules. 

amdmatt

0 Likes