Our San Francisco branch is now open! With this reopening, all 10 branches are open to serve you. We continue to observe state safety protocols in our branches. Please remember you can also bank with us online or through our Tech CU Virtual Branch.
Click here for branch locations and hours.
May 14, 2021
By: Team, Tech CU Team, Technology Credit Union
Recently, Microsoft issued a warning about new phishing scams that try to lure victims with fake COVID-19 news from the Centers for Disease Control (CDC). Phishing is a widely-used scam tactic that disguises emails to appear as if they come from a legitimate source to trick recipients into sharing sensitive information, such as log-on credentials, credit card or bank account information, or Social Security numbers. Phishing is so successful that it is responsible for billions of dollars of business and consumer losses each year.
Image via Microsoft
There's a good chance you or a member of your organization has been the target of a phishing attack. Phishing emails arrive in your inbox looking as they were sent from a reputable source, such as your bank, a service company, a government agency, or maybe even someone within your organization. In the email, that might include your name in the salutation, you might find an alert about an account that needs updating or a recent order you placed. The message is designed to get you to click on a link embedded in the email.
If you click on the link, you will be directed to a website that looks legitimate, asking you to enter your login credentials. If you do, the phisher has all it needs to impersonate you on the real website. With some phishing emails, clicking on the link unleashes a virus or malware that can steal your data or encrypt it to hold it for ransom. Worse yet, it also uploads a keylogger component, which can record computer users' keystrokes as they enter passwords and other confidential information.
Image via Shutterstock
The phishing campaign identified by Microsoft delivers a widely-used malware called Lokibot which, in this case, uses COVID-19 as the lure to click on a link. The email pretends to be from the CDC, with subject lines such as Business Continuity Plan Announcement for May 2020. When Lokibot is unleashed, it steals login credentials. Worse yet, it also uploads a keylogger component, which can record computer users' keystrokes as they enter passwords and other confidential information.
While Microsoft was able to detect the attack and update its anti-virus program, Microsoft Defender, to stop it, cybercriminals are working overtime to find new ways to deliver their malware. It's estimated that thousands of different malware attacks disguised as important COVID-19 information are launched each day.
You and your employees are your first and last line of defense against phishing attacks. To fortify your defenses, you need to educate everyone in your organization on what a phishing attack looks like and how to combat it. Here are six red flags to look for in suspicious emails.
There is no better defense against security attacks than becoming thoroughly educated about the risk and arming yourself, your family, and your employees with the knowledge to prevent them. It is also essential to boost your cybersecurity defenses with an upgraded firewall.
Posted May 14, 2021 by Team