This Week’s Cybersecurity News, 06/09/2022

Share on

Phishing attempts come in all varieties, but one I have not touched on in a long time is the blackmail scam. Android is doing massive patches lately. I also want to share some tips on hyperlinks.

Current Threats

  • Phishing Attack – Blackmail Scams
    1. I guess it’s no secret that bad actors think they are good liars.
    2. The email explains that the sender (the bad actor) has gotten access to your account, usually from one of three ways:
      • They set up malware on a porn site.
      • They used a “zero-click” vulnerability, usually on Zoom.
      • They got your email account and/or password from hackers.
    3. The email says that the sender now has access to all of your information, including other accounts, address book, browsing history, videos, photos, etc.
    4. The email says the sender has access to all your gadgets and devices.
    5. The email says they put a trojan on each of your devices and knows everything you do online.
    6. The email threatens to send all of your information to everyone you know and maybe even everyone on the Internet if you do not pay.
    7. The email says if you pay in bitcoin the payment cannot be traced and the bad actor will then delete everything they have about you.
    8. The email sounds a bit like ransomware, but the only thing they have in common is a demand for some sort of payment.
    9. Blackmail emails are basically nothing but lies made up to try to embarrass and/or scare you.
    10. Here are some key things to know about if you receive one of these emails:
      • Never, ever pay the blackmailer.
      • Never, ever open any attachment or click any lick, as these may contain malware.
      • If they show you a password that you are currently using, change it immediately and never use that password again.
      • If they show you an old password that you used in the past, a scammer likely purchased a dump of old email accounts and password on the dark web, so never use that password again.
      • If the sender tries to prove they have access by making it look like the email came from your own address, they have really just spoofed your address.
      • Always forward the email and its Internet headers to OIT Abuse and to me, using Reporting Phishing Attempts.
      • And please let me know if you have questions about this kind of email.

Massive Android Updates Released

  • This week Google announced that the latest Android patches will resolve a total of 40 vulnerabilities, with may of those rated as “critical.”
  • The most severe of the vulnerabilities impacts Android versions 10, 11,12, and 12L.
  • This vulnerability could lead to remote code execution.
  • Two other vulnerabilities of critical severity could lead to elevation of privilege, but are resolved with the updates.
  • The remaining 37 vulnerabilities could lead to elevation of privilege, information disclosure, or denial of service.
  • If you use an Android device, please check to make sure you have a security patch level of 22-06-05.
  • While you are checking your patch level, make sure your device is configured for automatic updates.

Cybersecurity Tips

  • When you encounter a hyperlink in your email, a document, or a website, always hover the mouse pointer over the link to verify the link is going to take you where you expect to go.
  • If not, do not click it.
  • When you look at a link, think about the domain the link is using.
  • Most commercial businesses use .com.
  • Organizations (e.g., charitable) usually use .org.
  • The US military uses .mil.
  • Technology and networking organizations most often use .net.
  • Most federal government sites use .gov.
  • Educational facilities will almost always be .edu.
  • Foreign countries will use links with top level domain extensions like .au, .ba, .ca, .uk, etc.
  • Avoid links ending in .cn (China), .ir (Iran), .kp (North Korea), and .ru (Russia), as these are the countries most currently known for acts of cyberterrorism.

Thank you for being so observant and I always appreciate questions. I am always here to help you. If I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number.