Recently there have been scams involving AnPost and others including DHL where they ask for small fee to get your parcel delivered, As said before this will not happen but the inclusion of what to look out for is lacking detail. Whilst they do have a warning on their site there is no information there as to what exactly to look out for should you end up getting this message.
Above is what you need to look out for even if you click the link in the text it is again quite similar to the recent DHL scam which gives you a legit looking page to fill but but with the alpha tag on the sms and the URL on the pages linked it is clear this is another phishing attempt from scammers.
Below is video how to check if you have a package or not from An Post this also applies to any courier, go to the website copy and paste the tracking number and see if it exists also check 17track to see if the tracking number exists and if it is life just to be sure. With the pandemic people are now shopping online even more and often the case might forget they had a package coming, also a shipment might have been split or you could be getting a package as a gift and this is the basis these work on..
It would be fair to say pretty much everyone has a pain in their backside with the scams that are going around now and there is plenty of them and it was only a matter of time before I got one of the latest banking scams and that landed this morning. Having a quick look into it there is several versions of the sms scam which comes up as BOI SUPPORT as the send which will be on top of your screen, if I get an sms from BOI it comes up as BOI and you should be aware of the identifier up on the top of your device and remove old messages if you have any as they can and do come up in the same thread and you might not stop and think about it, this happened me last year so it is something to take down and note.
Above is a sample of what I got and what you can expect to see land on your device so beware and delete and do not click on any links but for those that do (i do to check these things out). Anyway this is what to watch out for and just delete these from your device straight away.,. Check out more – bank of ireland security zone
We have a new company to watch out for which is British Essentials on the scam front and we have not seen the end of these scams by any means and we will doing a series about this and how to check out if your sms or email is real or fake as due to the pandemic people are shopping online more than ever and this is how these criminals try to catch you out, We will explain in more detail in a new post later on how to check if you have a parcel or if it is a scam and show you how to do so without getting caught.
This company is based in the UK yet it has an Irish Mobile in the identifier up top of message and after that it is just bad news for the rest, If you get this text message delete it immediately and do not click on any link in the message. I have reached out to the company… There is several numbers attached to this scam but the main thing that stands out is the company.
A new DPD sms scam is doing the rounds which will catch people out and that is what it intends to do and now they are using a new way to try con the consumer. This time around they are using the delivery management option to try get your cash. Most courier companies now offer this service to make life a bit easier for you and of course the drivers who have been working hard during this pandemic..
Many courier companies offer a service which allows you to change your delivery options by changing the date, leave with neighbour or in a safe place for example and this scam will ask you several questions on what your preferences are. If you select to pick it up on this scam you hit a dead end however if you want it delivered is where you will be caught.. At the end of the form you will see your charge. If you are in doubt feel free to contact us as I work in the logistics industry and get hounded with stuff like this and of course see DPD for more..
A new scam doing the rounds to watch out for claiming to be PTSB and beneficiary called SAMSON. The text has a PTSB identifier on top which most do to make it look real and here is when people panic and get caught out . As per usual you will be instructed to login to your account via the link given in the sms which brings you to a site near identical to the PTSB website and if you follow this you have just handed over your information and you know what happens after that.. Below is what to look out for and as usual report this and delete straight away and do not click on the link.
PTSB have had similar messages just recently but with a different approach you can find out more on that HERE
As per the PTSB WEBSITE
What should you do if you receive suspicious SMS?
Do not click on the link that is in the SMS.
Do not divulge any credit/debit card/account log-on information.
Do not respond to the message.
Regarding genuine authorisation codes received from permanent tsb via SMS please ensure that you read and fully understand the text message before proceeding
If you have already clicked the link and/or sent your details, contact us as soon as possible on +353 (1) 669 5851. We will cancel your Open24 number and arrange a new one for you.
Back in February this year there was a DHL scam doing the rounds via SMS which by no means is nothing new, However since then we have increased our online shopping due to the pandemic and this gives scammers a target to work on in some shape or form and it is not the last we will see of this either.
This time around the scam is via email and if you are a DHL customer or familiar with their emails you will see their email does not look like a typical email from DHL. On clicking the link seen in image 2 then image three all you need to do is look at the URL on top to see that this is a scam and just looking to get money from you by entering your credit card details, in short a phishing attempt for an apparent small fee., So as usual if you get an email like this just delete it and move along and let them keep trying..
We have contacted DHL and they have said “Hi Jim, thanks for your message and many thanks for sharing this with us. Our IT security team are aware of this matter. Many thanks.”
Phishing campaigns related to COVID-19 are becoming more targeted and difficult to identify as the pandemic progresses, a new report from privacy advocacy group ProPrivacy suggests.
The project, conducted in partnership with VirusTotal (Alphabet) and WHOIS XML, analyzed more than 600,000 domains to accurately track malicious activity throughout the pandemic. It found that the number of phishing domains being registered peaked in late March, but activity remains high with as many as 1,200 domains still being registered each day. To date, the project has identified more than 125,000 domains labeled as malicious, the vast majority of which are used for phishing activity.
The researchers noticed that as the pandemic progresses, phishing campaigns are becoming more targeted and potent, taking advantage of specific fears and concerns held by the public. For example, while there has been a marked decrease in the number of domains related to terms like ‘covid’ and ‘mask’, there has been a sharp increase in domain registrations related to unemployment, welfare benefits, and the US stimulus package.
Domain registrars have been proactive and effective in identifying generic domains related to the virus, but ProPrivacy’s research suggests that bad actors are now adopting a more nuanced approach. These focused campaigns are not only more likely to succeed, but they are becoming increasingly difficult for the threat intelligence community to identify using conventional broad stroke methods.
ProPrivacy tracked all domains registrations from January 1st, and each domain was checked against VirusTotal’s aggregated database of more than 60 threat intelligence partners. The team documented every domain labeled malicious and used a range of techniques to identify new themes that emerged throughout the pandemic.
“It would be easy to look at the overall trend and conclude that phishing activity related to the pandemic has simply fizzled out, but that’s not an accurate assessment,”
“These malicious campaigns have moved underground and are now addressing our most intimate concerns. When will my children return to school? Will I lose my job? It is these – truly human – questions that will fuel the ‘second peak’ of malicious activity. This is the next battlefront in the digital pandemic.” said Sean McGrath, lead researcher on the project.
According to a WhoisXML API researcher:
“We see a lot of niche registrations in our typosquatting data feed files. Registrants seem to target vulnerable groups. We suspect that these domains could serve as social engineering baits and trigger emotional responses.”
The study also found that GoDaddy was the most abused web host, hosting a disproportionately high number of domains used for phishing activity. The Scottsdale-based company is the largest hosting provider in the world, hosting an estimated 15 percent of all websites. However, 37 percent of the 80,470 IP addresses analyzed belonged to GoDaddy, with 3,285 resolving to the same IP address.
Last November I was the tatget of an elaborate paypal scam which Paypal had to investigate due to the numerous emails I got within the space of a few days which was dealth with eventually by the company, Now there is another one to keep an eye out for only this time comes in Dutch via email claiming there is unpaid fees to be paid and will limit my account Dutch would be a language not used often in phishing scams.
Once again this is a replica page that is trying to get your details and should be avoided and reported to Paypal straight away at spoof@paypal.com. Again these scams are not new but they change tack and can still catch people out so beware. On the opening text you see
Account Service heeft u een betaalverzoek gestuurd
translates to – Account Service has sent you a payment request.
After a review your account has been limited due to unpaid fees, please pay this invoice to cover your unpaid fees and remove this restriction permanently.
It claims I owe them 6.75 USD and then gives you a link to pay it and as mentioned looks genuine as seen above, Of course it is just out to get easy money in small doses but if you fall for it you have just handed over all your login information which is what they aim to do.. Remember to report the mail by forwarding it to spoof@paypal.com. We will see what they have to say about this one..
SophosLabs researchers have published a new Uncut blog, “Facing down the myriad threats tied to COVID-19.” that tracks how the use of “COVID-19” and “coronavirus” in domain names, spam, phishing attacks, and malware has skyrocketed. The article is a “live report” that SophosLabs Uncut will update as findings unfold.
Specifically:
The article shows that the volume of “COVID-19” and “coronavirus” email scams have nearly tripled in the past week – see the below chart (high res version attached).
Attackers are also increasingly impersonating the WHO (World Health Organization), CDC (Centers for Disease Control and Prevention, North America) and the United Nations (UN), as evidenced in scams tracked by SophosLabs.
“Cybercriminals are wasting no time in shifting their dirty, tried and true attack campaigns toward advantageous lures that prey on mounting virus fears. It’s easy to see, for example, that the attackers behind a new Chloroquine scam are the same as those behind a recent herbal Viagra scam,” according to Sophos Principal Research Scientist Chester Wisniewski.
“With global spam volumes estimated to be in the hundreds of billions, for 2-3% of those to be COVID-19 themed is significant. Similar to A/B testing of advertisements and web pages, criminals often dip a toe in the water when there is a new or sensational topic in the news. If the new topic proves a more effective lure than the previous scam bait they begin switching to new lures.
“In fact in one of the spam campaigns we tracked this week, there was evidence of exactly that. These particular criminals had been using fake shipping and delivery emails to convince unsuspecting victims into opening attachments and infecting their computers with the Kryptik Trojan. Now the main body of the email pretends to come from erecruit@who.int with “health advice” in the attachment, but when we carefully inspect the plain text body, we see it matches a previous spam campaign from this same criminal using a lure pretending to be about invoices and deliveries.
“The increases we are seeing are likely due to two important factors. First, as time passes more and more criminal groups are joining the party on using all this interest in COVID-19 to steal money from people. Secondly, it takes time. Any given criminal group has to handcraft the spams to convince the recipient to take an action. In the research community we call this the call to action. The call to action might be to open the attachment, visit the website or, in the case of the WHO Bitcoin scam (attached), to donate cryptocurrencies to criminal controlled Bitcoin wallets. Crafting these messages takes time, especially for those who are not native English speakers.
“Even the most innocuous mention of something by a politician or a celebrity can lend a scam credibility or present a new business opportunity. Two recent examples come to mind. One is a spam campaign offering to tell you about a government cover-up and attempting to sell you a COVID-19 survival guide allegedly used by the celebrity Gwyneth Paltrow as a lure in its subject line. A clue that the email is a fake is the incorrect spelling of her first name as Gwenith (attached), but this could easily be missed or glossed over. A few days ago President Donald Trump mentioned the possible efficacy of a drug called Chloroquine against the coronavirus, immediately leading to WordPress blog comment spammers switching from pitching herbal Viagra to instead attempting to sell you Chloroquine, which can be quite dangerous when not taken under the supervision of a doctor. And within only two days of the WHO creating a charity called the Solidarity Response Fund, criminals were soliciting Bitcoin donations pretending to be the charity, even implying your donation is fully tax deductible in the US or Europe.”
Additional Sophos Resources Related to COVID-19 themed cyber-scams:
SophosLabs has uncovered a variety of different malicious email campaigns connected to COVID-19, including:
Phishing scams impersonating the WHO, CDC, and other healthcare organizations to deliver malware via malicious documents disguised as official information on how to stay safe during the pandemic
Cybercriminals impersonating charities and relief organizations like the WHO’s COVID-19 Solidarity Response Fund to trick victims into sending them Bitcoin
SophosLabs is updating its Uncut blog with new findings in real time
Follow the SophosLabs Twitter feed for breaking SophosLabs discoveries: @SophosLabs
Sophos News is providing tips and free resources as people navigate the work-from-home tech/security gauntlet:
Cybersecurity guidance during the coronavirus pandemic
Naked Security is providing security tips and industry news:
Remote working during Coronavirus? Here’s how to do it securely
Extortion emails threating to infect families with the coronavirus
