Tag Archives: social media

If You Get An Email From This Company In Your Inbox, DELETE It!

Cybercriminals can be very sneaky when coming up with their attacks. They go to great lengths in finding ways to rip us off.

A popular tool for criminals these days is the phishing email. A successful phishing scam can lead to your gadget being infected with malware, or ransomware, or your credentials to multiple accounts being stolen. Now, customers of a popular transaction service provider are being targeted with these malicious emails.

What you need to know about the latest phishing scam

We’re talking about the company DocuSign. It provides electronic signature technology and Digital Transaction Management services for facilitating electronic exchanges of contracts and signed documents.

The company has discovered a new phishing campaign that began last week, targeting its customers, and others, with malicious emails. It’s possible that DocuSign’s database of customer emails has been breached as well. Even if you don’t use the service, you could receive one of these malicious emails in your inbox.

What’s happening is, the cybercriminals behind this phishing attack are creating fake emails with the DocuSign logo. Be careful, the fraudulent emails look very official and they contain malicious links that lead to a macro-enabled Word document. If you click on the link, your gadget could be infected with malware.

DocuSign is detailing what to look for and urges everyone who receives this malicious email to follow these steps:

  • Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.” These emails are not from DocuSign. They were sent by a malicious third-party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://docusign.net.
  • Ensure your anti-virus software is enabled and up to date.

As I said earlier, you don’t have to be a DocuSign customer to receive phishing emails. Always be prepared by taking the following precautions.

How to defend against phishing attacks:

  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
  • Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
  • Set up two-factor authentication Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
  • Check your online accounts The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
  • Have strong security software – Having strong protection on your family’s gadgets is very important. The best defense against digital threats is strong security software.

More stories you can’t miss:

How to protect yourself from ransomware

How to turn your phone into a personal Wi-Fi hotspot

Retail giant hit by year-long credit card data breach

Apple’s latest service is FREE! Here's how to sign up

Previous Happening Now

Apple’s latest service is FREE! Here’s how to sign up

Your bank's about to make paying your bills a whole lot easier

Random Happening Now

Your bank’s about to make paying your bills a whole lot easier

Phishing Attack Hits Another Huge Company

I’m sure that you have heard us warn about the growing number of phishing emails. Scammers go to great lengths to generate emails that appear to be from someone you trust, like your bank or insurance company, hoping to trick you into clicking on a malicious link.

A successful phishing scam can lead to your gadget being infected with malware, or ransomware, or your credentials to multiple accounts being stolen. A major U.S. corporation recently fell victim to one of these hideous scams and we should all be worried.

Is anyone safe from phishing scams?

What we’re talking about is the American media holding company, Gannett. It’s the largest U.S. newspaper publisher and owns the USA Today and 109 local news outlets across the country.

Gannett recently sent a letter to its employees, letting them know that some of their personal information may have been stolen. The company’s HR department was compromised by hackers who gained access to Gannett’s email accounts. The hack was discovered when the criminal tried using compromised email accounts to authorize wire transfers.

The letter to employees said the HR department was a victim of a phishing attack and possible data breach. Employees’ personal information that could have been stolen include work history, bank information and Social Security numbers. The number of potential victims has not been disclosed.

If a major corporation like Gannett can fall victim to a phishing scam, what chance do we as individuals have? Your best chance at staying protected is knowledge. Knowing what to look for is a great defense.

Here are some ideas to stay protected from phishing attempts. Keep reading and I’ll also tell you how to respond after a data breach.

  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It’s better to type the website’s address directly into a browser. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Typically, there are signs that give away the fact that an email is fake. Can you spot one? Take our phishing IQ test to find out.
  • Do an online search – If you get a notification about something that seems suspicious, do an online search on the topic. If it’s a scam, there are probably people online complaining about it and you can find more information.
  • Use multi-level authentication – When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts. Click here to learn more about two-factor authentication.

What you need to do after a data breach

  • Investigate your email address  Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
  • Close unused accountsHere’s an easy way to manage all of your online accounts at once.
  • Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check email security settings – Make sure the email account associated with the hacked site has updated security settings.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.

More stories you can’t miss:

Millions of smartphones and tablets wide open to hacks

How to spot disguised malicious files before they infect your computer

Do hackers really have millions of usernames and passwords? And should I be worried?

Microsoft stuns fans with new 'Surface Laptop' unveiling

Previous Happening Now

Microsoft stuns fans with new ‘Surface Laptop’ unveiling

Next Happening Now

Amazon’s next “on demand” service is something you have to see

How to avoid the Google Docs phishing attack and what to do if you fell for it

Google customers have been targeted with a scam that gave hackers access to the contents of emails, contact lists and online documents of victims.

The scam asked users to click on a link to a Google Doc that appeared to come from someone they knew.

On opening the link, Google’s login and permissions page asked users to grant the fake Docs app the ability to “read, send, delete and manage your email”, as well as “manage your contacts”.

The sophisticated scam, unlike more common attacks, worked through Google’s system. Most phishing scams seek to glean personal information from victims such as usernames, passwords, addresses and financial details by leading them to fake versions of real websites from an email.

Google has now shut down the attack. “We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts,” the company said. “We’ve removed fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing happening again.”

But it is possible that users could still have unread versions of the scam emails in their inboxes or that it could return in a different form. Here are some tell-tale features that give the scam away, ways to avoid similar attacks and what to do if you fell victim to the attack.

How to avoid the scam

First of all, users should be suspicious if they have been sent a link to a document that they weren’t expecting to receive. If in doubt, they are advised to send a separate message to the person the link purports to have come from and ask them if they sent it.

The scam emails also contain a give away in the recipients section, which shows they have been sent to “hhhhhhhhhhhhhhhh@mailinator.com” with others BCC’d.

Another sign of the scam is the extensive permissions it asks for. Most applications, especially Google-run ones, will not ask for the ability to delete and send email addresses on a users’ behalf. Users should make sure they always read what is being requested before granting permission.

Google has asked customers who receive such an email to flag it to them by clicking the downward arrow in the top right hand corner of the message and selecting “Report Phishing”.

What to do if you opened the email

If you have already given the scammers access to your account, you can still revoke the privilege.

Go to the permissions section of “My Account” on a device you’re logged in to. Here you will be able to see all of the apps that have access to your Google account and what they can do.

The scam app will be in this list under the name “Google Docs” and will look legitimate. However, when you click on it it will have a recent authentication time and will say that it has permission to “manage your contacts” and “read, send, delete and manage your email”.

Google here gives users the option to “Remove” permissions. Click this, read the terms and select “OK”.

Victims are also advised to change the passwords to their online accounts to protect any information that may have been compromised.