The COVID-19 pandemic continues to shape the face of cybercrime in 2020 with ransomware and attacks on internet of things (IoT) devices seeing sharp increases in the U.S. for the first half of the year.
According to SonicWall’s 2020 Cyber Threat Report ransomware attacks are up, particularly in the U.S., where they have more than doubled year-over-year (up 109 percent). Meanwhile, malware targeting IoT devices has risen to 20.2 million, up 50 percent from this time last year — as cybercriminals target the massive influx of employees working from home.
At the same time, encrypted malware and cryptomining have seen resurgences.
Scam Of The Week: “Are You Human?” New Attack Uses A CAPTCHA As Camouflage
Have you ever found yourself staring at a wobbly letter trying to decide if it is an X or a Y, just to prove to a website that you’re not a robot? This funny little test is called a CAPTCHA and it is used to help prevent automated malicious software, known as “bots,” from accessing sensitive information. Unfortunately, cybercriminals are now using CAPTCHAs to make their phishing scams seem more legitimate.
In Netflix-themed attacks, scammers send a phishing email that claims “your payment did not go through and your account will be suspended in the next 24 hours.” To resolve the issue, you’re instructed to click on a link in the email to update your information. Upon clicking the link, you’re taken to a CAPTCHA page. Once you pass the CAPTCHA, you are redirected to an unrelated web page that looks like a Netflix login page. Here you’re asked to enter your username and password, your billing address, and your credit card information. Don’t be fooled! Anything entered here is sent directly to the cybercriminals.
Remember these tips:
- Phishing emails are often designed to create a sense of urgency. In this case, “your account will be suspended in the next 24 hours”! Think before you click, the bad guys rely on impulsive clicks.
- When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
- Remember, anyone can create a CAPTCHA web page, so don’t fall for this false sense of security.
Let us know how we can help you minimize security threats and safeguard your IT infrastructure. Contact Hartman Executive Advisors to find out more about our comprehensive Cyber Risk Assessment services.