- Security TWENTY
- Women in Security
Hackers are using fake admission tickets for cancelled London events as the bait to hide malware in Microsoft Word documents, according to a cybersecurity firm. The cybercriminals hope that people, desperate for new information around an event they’d been looking forward to but was cancelled due to lockdown, will click thoughtlessly and infect their devices with the malware, says Zscaler.
Sudeep Singh, researcher on Zscaler’s ThreatLabZ team of analysts and network engineers said: “Hackers love to take advantage of major events, popular brands, the hottest games — anything trending around the world — to give their malware a better chance of success. Sadly, they’re not above preying on people’s hopes and dreams, as well as fears and uncertainty.” The cyber firm adds that cancelled events, which have been a major source of disappointment for consumers, have not been the only source of recent hacker tactics; in the UK, the Chartered Trading Standards Institute (CTSI) reports that UK internet users are receiving bogus emails from fraudsters offering fake business grants. The emails, dressed in UK government branding.
Businesses in the leisure and hospitality sector may be more likely to fall for that phoney grant, Trading Standards warns. In the UK, it’s Scams Awareness Fortnight.
Sudeep Singh added: “Consumers must develop a heightened state of awareness, as cybercriminals will continue to use the current global crisis as an opportunity to target and compromise. If you’re unsure about something you see online or receive in your inbox or even SMS, you should immediately reach out to your employers’ IT security teams for help, and if this isn’t available to you, here’s some tips and tricks for on how to protect yourself from these targeted cyberattacks:
– Stick with reputable sources for COVID-19 information
– Be wary of requests for emergency funds via email (call the sender to confirm, even if it appears to be from a known contact)
– Do not open links or attachments from unknown sources
– Try to enable two-factor authentication across their devices and accounts
– Patch operating systems and apply security updates whenever prompted
– Activate SMS/email notifications for any financial transactions.”
For more from Zscaler on cyber attacks, using social engineering methods, visit their blog.