Scam Of The Week: Equifax Settlement Phishing

ALERT: Internet bad guys are now trying to trick you into filing an Equifax claim and get a $125 payment because your personal data was in the Equifax data breach.  They are sending phishing attacks that look like they come from Equifax and when you click on the links, you wind up on a fake website that looks like it's Equifax, but will try to steal your personal information. Don't fall for it.

Here is an example of the phishing email:

 

if you want to file a claim, go the the legit FTC website and click on the blue "File a Claim" button. The website will check your eligibility for that claim, not everyone's information was compromised.  Here is the link to the FTC site: https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

Evite Data Breach

The data breach monitoring service Haveibeenpwned.com has added a database dump of almost 101 million Evite users who had their information exposed when attackers gained unauthorized access to their servers.

In May 2019, Evite posted a data incident notice that disclosed an unauthorized third-party had gained access to their servers starting on February 22, 2019 and were able to access member's personal data. No financial information or social security numbers, though, were part of the breach.

"Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses."

The original leaked database was being sold on the online underground market named Dream Market. This site has since been shut down, so it is not currently known where or if this larger Evite database is being sold online as well.

Due to the large amount of exposed users, anyone who has an Evite account is advised to change their password. Furthermore, if you use that same password at other sites, you should change it there as well to prevent them being used in credential stuffing attacks.

Scam Of The Week: Microsoft OneNote Audio Note Phishing Emails

All: Internet Criminals are sending phishing attacks where they try to trick you into listening to a fake "Audio Note". They show you screen shots and attempt to scam you into clicking on links or even log into a fake Microsoft login page. 

Security Forums are reporting that: "This campaign comes in the form of an email with the subject "New Audio Note Received" and claims that you have received a new audio message from a contact in your address book. In order to listen to the message, though, you will need to click on a link to listen to it.

Sample email screenshot

 

For Microsoft accounts and Outlook.com logins, it is important to remember that Microsoft login forms will just be on microsoft.com, live.com, microsoftonline.com, and outlook.com domains only.

If you are presented with a Microsoft login page from any other URL, avoid it and use your normal bookmarks to go to these sites.

Instagram Vanity Makes for Vulnerability

Scammers are targeting Instagram users with phony offers to verify their accounts in order to receive Instagram’s blue checkmark, Threatpost reports. Researchers at Sucuri came across a phishing page at “instagramforbusiness[.]info” that spoofs Instagram’s branding and asks users to provide the credentials to their Instagram account in order to receive a verified badge. 

After a user enters their Instagram credentials, the site prompts them to log in to their email account as well, “to verify” that the user is who they say they are. The researchers assume the attackers need access to the victim’s email account to avoid being locked out of the stolen Instagram account.

Like on other social media platforms, Instagram’s blue checkmark is meant to be a sign of credibility for accounts belonging to high-profile people and organizations. Only around 1% of Instagram users have verified accounts, so some see it as a sign of superior social status. For more enterprising individuals, the badge also makes it much easier to monetize an account. As a result, the verification badge is a tantalizing phishing lure for platform-specific targeting.

Luke Leal from Sucuri told Threatpost that the phishing page was probably being distributed on Instagram, presumably through phony posts or direct messages. He noted that attempts to hack social media accounts are on the rise because they offer an avenue for additional, more targeted attacks. 

“Phishing attacks against social media accounts continue to increase for a few different reasons, namely for its large user base and the potential source of personal information that can be stored on social media accounts (e.g. date of birth, first + last name, general location, phone number, email address) and this personal information can then be used for further malicious activity while the victim is unaware and just thinks their social media account was stolen,” said Leal.

Social engineering attacks use emotional hooks to prey on human weaknesses, but people can defend themselves if they know how attackers think.