At times of crisis, such as right now in Bangladesh and Nepal, where some 1,200 people have died and millions have lost their homes, charity organisations call out for financial and material support to help them in their disaster relief efforts. These organisations have a lot of experience (unfortunately) in helping the less fortunate following these disasters and their collection of money and material is (usually) efficient and effective.

What also happens are well meaning people who want to help with fund raising for a disaster, they set up a page on a fundraising website or on social media and ask for donations, which they intend to go to the victims. This is very laudable, but how can you be certain of these people’s bona fides.

This has also given the bad guys a way of making easy money, by similarly setting up bogus fund raising pages and pocketing all the cash that comes their way. You can be absolutely certain that none of the monies go where they are most needed.

So treat any e-mail or Facebook message from a “charity” with the same contempt that you reserve for any unsolicited message (according to Commandment 5) and simply delete/ignore it.

If you want to give funds towards a specific disaster, the proper charities usually have a way of enabling you to specify where you want the donation to go. So go directly to their websites and donate there. Don’t click links from social media, text messages or e-mail.

So look up the big guys such as The Red Cross, UNICEF and Oxfam, donate to them and don’t fall for the Disaster Relief Charity Scam.

If you want to give to a lesser known/unknown charity then you can check them out with the likes of the Irish Charities Regulator, Wise Giving Alliance, Charity Navigator or Charity Watch.

The post Disaster Relief Charity Scam – watch out! appeared first on L2 Cyber Security Solutions Ltd..

Fortunately there was nothing destructive in this phishing campaign, but it did cause quite a lot of consternation because it could have been very nasty. It was quite clever in how it fooled it’s victims.

What the evil doers did was to create an app called “Google Docs” … not to be confused with the official one from Google called … errrrr … “Google Docs” ?.

They then sent out their phishing e-mail, which looked like this:

In later occurrences of the phishing campaign, the blurred out name in the image above, was probably somebody you know or at least you were on their contact list. If you click on the “Open in Docs” button above, you launch the app called “Google Docs”, which sounds like the right kind of thing to happen – right? Then you get the following pop-up, which looks fairly legitimate, because it is:

The reason it’s legitimate is because this is the standard screen from Google in regards to this “new” app that you want to execute. The app developers (the bad guys) had to specify what permissions their app needed to carry out it’s nefarious deeds on your e-mail, and so Google helpfully popped up this window to ask you to give permission to the app for the parts of your GMail profile that it needed. Don’t freak out, there could be genuine reasons an app needs these particular permissions, so this would not have been a red-flag to Google … the app name on the other hand … ?.

Anyway, if you click “allow”, the app goes ahead and uses your contacts to e-mail a new copy of the phishing e-mail to all your contacts.

Fortunately Google resolved the issue reasonably quickly. If you think you might have been a victim of this attack, you can check very quickly by going to this link https://myaccount.google.com/permissions and if there is something in the list called “Google Docs”, then left-click on it and hit the “Remove” button. You’ll then be safe again, for now.

This was really clever because the evil doers were able to create a sneaky app, with a ridiculously trusty name, which then fooled people into granting seemingly required permissions in the platform (Google in this instance) to enable the app to do something bad. There are other platforms that use a similar set-up – Facebook and LinkedIn, so be on the lookout for any messages which try to execute apparently genuine “apps” that may try to give you a very bad day. Treat all messages that want you to do something that is out-of-the-ordinary with great suspicion. Or you could go all biblical on them and follow Commandment 5.

BTW – Google didn’t reveal the number of affected users, they just said less than 0.1% of the GMail accounts were affected – a tiny fraction, right? Well given they had over a billion users this time last year, means the not insubstantial figure of 1 million is how many were affected. ?

The post GMail had a bad case of the phishers. appeared first on L2 Cyber Security Solutions Ltd..

I yearn for the days when evil e-mail was so easily identified “becuse it wuz ritten in, gud, inglish wit grate spellhng an pun.tation”. ?
In the last couple of days, the evil doers have been varying their scam e-mails fairly wildly and it’s bound to catch out some people.
I’ll run through three sneaky methods that have been attempted on others over the last 48 hours.

(1) Non-Delivery Receipt.

You know these e-mails. You get them when you send an e-mail, but you make a mistake and send it to an address which doesn’t exist or the mailbox has a size limit and your e-mail breaches that limit. This is the text of the Non-Delivery Receipt (NDR) in this instance:

Your message was not delivered due to the following reason(s):

Your message could not be delivered because the destination server was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.

Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.

There is a ZIP file attached to the NDR, which of course has some nasty software that does not have your best interest at heart. ?
Just delete the scam e-mail.

(2) A Microsoft Sharepoint Notification.

This is a particularly sneaky one, as lots of larger organisations depend on Sharepoint’s sharing abilities.
The e-mail looks something like this:

The Link in the body text would take you to a not particularly nice website. No doubt it might attempt to infect your computer. ?
Just delete the scam e-mail.

(3) Somewhat abusive attempt to get you to open the attachment.

Please be warned, there is a profanity ahead. I wanted to leave it in as it does generate something of a visceral reaction when you read it.

Subject: credit card charge from <your company’s domain name> 

What is this fucking charge on my card?
I never visited or bought anything from <your company’s domain name>.
I have attached a screenshot of my statement.
I want my money back!!!
I have attached my card statement, please get back to me ASAP.

Thank you

company name

person name

phone

fax

There is a Word document attached to the e-mail, which of course has … nasty ransomware, which will scramble all of your files and leave you with a very bad day ahead. ?
Just delete the scam e-mail.

Conclusion

I hope you noticed that I was pretty consistent in my recommended action … this is because it is from Commandment #5 in our Ten Commandments of Cyber Security.
If you wish to train your staff on how they can spot these type of e-mails, then have a read of this course outline and contact us on the number or e-mail address at the end of that. We’ll be happy to discuss your training requirements and provide a quotation to cover same.
And lets be careful out there.

H/T to the SANS Institute’s Internet Storm Centre @ https://isc.sans.edu/

The post There is a lot of variations in scam e-mail the last couple of days. appeared first on L2 Cyber Security Solutions Ltd..

For somebody who normally receives a LinkedIn connection request about once a week, yesterday I suddenly received 6! Wow, am I popular or what???

The post A slew of fake LinkedIn connection requests. appeared first on L2 Cyber Security Solutions Ltd..