Thank You for opening this week's email. A subscriber asked if I have a Patreon or Buy Me a Coffee account they could donate to as a thank-you for the effort I put into this newsletter. Nope. This is a creative outlet for me and I’m not seeking any financial reward. The best way to show your appreciation is to share the newsletter and get a few colleagues to subscribe.
Of course, I’ll gladly accept a beer once we get back to live training and conferences.
Tis the Tax season
The IRS issued a warning of a phishing attack that is targeting .edu email addresses. College students are a particularly vulnerable group because they fear trouble with the IRS could negatively affect their student loan and aid packages. Additionally, most students are cash strapped and rely heavily on that yearly refund check. https://www.irs.gov/newsroom/irs-warns-university-students-and-staff-of-impersonation-email-scam
And more troubles for students
The Accellion hack from a few weeks ago has resulted in the compromise of a large number of American colleges and universities. The dorper.me site has done a great job providing information on the data leaks. From the site “Hackers have stolen terabytes of student, prospective student, and employee personal information including transcripts, financial info, mailing addresses, phone numbers, usernames, passwords and Social Security Numbers.” Some of the largest and well known education institutions in America have been victimized. https://dorper.me/articles/unileak.aspx
Facebook, not only divisive…
Terrible at security too. Facebook has leaked the information of over 533 million users. This data consisted of user phone numbers, full names, location, email address, and biographical information. Facebook users should be on alert for spear-phishing emails. And phone calls, both targeted and just plain spam. Yes, someone has already aggregated those valid numbers into a telemarketer’s dream list. https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
Cleaning dirty money
Step one: create an account on a charity website and write up a sad story. Step two: donate to yourself with someone else’s money. From this Threatpost article, “Using stolen credit cards, fake accounts, and automated scripts to do the dirty work, this fraud ring repeatedly funneled small amounts of money to themselves by setting up fake causes on various giving sites in order to request donations,”. Do this for a few weeks and cash out before the credit company issues the charge-back. https://threatpost.com/fraud-lauders-money-charity-donations/165138/?web_view=true
And some crazy
I’ve never watched any of the “Real Housewives” shows so I don’t know anything about this lady, but apparently she wasn’t only a housewife. She was moonlighting as a telemarketing fraudster targeting the elderly. Sounds like an awesome show. https://www.forbes.com/sites/rachelsandler/2021/03/30/real-housewives-of-salt-lake-city-star-jen-shah-arrested-in-nationwide-telemarketing-fraud-ring/
Top ten
IBM X-force released their list of the top ten attacked industries. Financials win again but I suspect we’ll see education surging to the top for 2021.
The Rest…
The U.S. Department of Justice issued a warning concerning more Covid-19 pandemic fraud. The release warns “fraudsters are creating fraudulent COVID-19 vaccine surveys for consumers to fill out with the promise of a prize or cash at the conclusion of the survey”. https://www.justice.gov/opa/pr/justice-department-warns-about-fake-post-vaccine-survey-scams
Menlo Security reminds us that Microsoft Office 365 users continue to be a top phishing target. https://www.menlosecurity.com/blog/credential-phishing-themes-and-tactics
K-12 students aren’t safe either. The Broward County (FL) School District is under a ransomware attack and the groups claims it will release the data on 271,000 students if the 40 million dollar ransom isn’t paid. https://www.businessinsider.com/large-florida-school-district-hit-by-ransomware-attack-2021-4
Ironscales reports on a spear-phishing attack impersonating the MacKenzie Bezos Scott foundation. The foundation recently announced it plans to give away 6 BILLION dollars this year. Obviously people are going to open that email, especially non-profits. https://ironscales.com/blog/Mackenzie-Bezos-Scott-foundation/
The National Law Revue claims the U.S. DOJ is continuing to target Paycheck Protection Program fraud. https://www.natlawreview.com/article/doj-continuing-to-target-ppp-recipients-fraud
Cool Tool
https://mattw.io/youtube-geofind/location
Find Youtube videos by geo-location. It didn’t work for me when I manually entered the address but worked perfect when I dragged and dropped the pin on the map.
“Arguing with a fool proves there are two.” - someone smarter than me.
Thank you for reading this far. If you are a subscriber please share, if you just browsed by, please subscribe.
Matt