Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Spear phishing on the rise

Spear phishing emails are on the rise and should be closely monitored by your company. Keep an eye out for emails claiming to have good deals or offers or impersonating other people.

Below are some key points surrounding spear phishing attacks:

  • These are fraudulent emails either aping staff through similar looking email accounts or by hacking in and impersonating people leading to the theft of deployment of viral payloads
  • 3.1 billion spoofed emails are sent every day
  • Scam messages have cost businesses £23 billion since 2016
  • Phishing was used in 36% of cyber-attacks

These show the threat of phishing emails in the current landscape of cyberspace. With the development of new technologies and security measures, new techniques to scam people are also developed.

The main factor in a scammer’s attack is the human response to this threat. To keep this from happening, make sure your staff are trained up to understand what a phishing email is, what it looks like, and what to do when they receive one.

Make sure to enable MFA on your email account, keep an eye out for any spoofed email addresses, and make sure to block and report any fraudulent emails to ensure this does not happen to your business.

Easter egg scam hits the market

Cadbury customers have been warned about an online scam that lures victims with the promise of free Easter chocolate.

A circulating on WhatsApp claims to offer recipients a ‘free Easter chocolate basket’ from Cadbury and includes a link to a page where they are asked to give personal information.

Cadbury has confirmed that this offer is not legitimate, and they would not be offering such a deal.

The NCSC has published guidance to help people recognise scam messages, and advises that if a message feels suspicious or too good to be true, contact the organisation directly.

Scam messages can be tricky to spot but often include one or more of the following tell-tale signs:

  • Authority – does the message claim to be from someone or an organisation you trust?
  • Urgency – does it say you need to respond within a limited time or immediately?
  • Emotion – does the message make you panic, fearful, hopeful or curious, so you might click on a malicious link?
  • Scarcity – does the message offer something in short supply or make you fear missing out on a good deal?
  • Current events – does the message refer to recent news stories or specific times of year to make it more convincing?

Fake WhatsApp ‘voice message’ emails are spreading malware

Fake WhatsApp ‘voice message’ emails are spreading malware

A phishing campaign that impersonates WhatsApp’s voice message feature has been spreading information-stealing malware.

The attack starts with an email claiming to be a notification from WhatsApp of a new private voice message. The email contains a creation date and clip duration for the supposed message and a ‘Play’ button.

This is an actual email address, so it is not picked up as malicious or spam. Following the links in the email will download a piece of info-stealing malware.

This attack relies on people missing the signs, and voice messages are used in special or exciting cases, which may be why this attack is proving so successful.

The NCSC has published guidance on how to spot and report scams, including those delivered by email and messaging.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.