In the past weeks Digital Arena have detected a number of threats presenting themselves in various forms. This update is to provide you with best practice policies that should be adhered to across your team, mitigating any risk.
Ransomware - This is a form of malware that can be covertly installed on a user’s computer, or find its way to business servers without knowledge or intention of the user. The infected computer's data then becomes encrypted using a sophisticated payload that can be almost impossible to crack. This is often followed by a ransom note for payments to be made in Bitcoin currency to the perpetrators. Ransomware packages are being delivered via email or downloads acquired through torrenting applications.
Torrenting software - Torrent software is used to download illegal or pirated files via the internet - often movies, music or software applications. Digital Arena have installed Casper agents on computer devices across your network to scan for torrenting applications. Upon detection they are automatically deleted. All detections are recorded and will be reported to you.
Phishing Emails - There has been a continued increase in the number of scams being delivered via email. Each becoming more sophisticated to get past antivirus and SPAM management applications. Ransomware packages are being delivered informing users that 'Your package has been delivered', prompting recipients to download the attached file.
There has also been an increase in emails requesting wire transfers or bank payments. These emails can appear to come from business owners, work colleagues or friends, displaying an authentic email address and with subject lines and or messages that appear legitimate. If you receive such an email do not act upon it without checking with the sender in person. If replying to the email you will see a different email address, which then will reach the perpetrator whom may carry on the email conversation.
Below is a copy of an email recently sent to a Digital Arena colleague, seemingly from myself.
On 24/06/2016, at 12:22 PM, Neil McGowan wrote:
Hi there I need you make an international payment of $43,596 NZ for me. Can you handle this right away?
Regards Neil McGowan
sent from my iPhone
What followed were additional instructions for the overseas bank account where payment was to be made. While this email was not legitimate, there was a risk if questions were not asked.
Invoice Email PDF Substitution Scam – Fraudsters are intercepting genuine PDF invoices emailed from suppliers. The fraudster then changes the bank details and re-sends the invoice using an email address similar to that of the supplier in order to go un-detected. This is a very real threat that we have observed in the past few months.
These scams are more common when purchasing services from other countries, where payments are made to an overseas bank account. If unsure always phone the supplier to confirm the account details and invoice amount before making payment.
Look-alike Invoice Scam – Invoice scams are not just confined to emailed PDF's. After completing a recent Trademark registration, Pageproof.com received a number of scam invoices sent to our PO Box. All information shown on the invoices appeared legitimate, and as the invoices were expected there was a risk of them being paid. These scams are being used for commonly purchased services including directory listings, office supplies or goods delivery.
There have also been numerous reports of false invoices for Domain renewals. As this information is publicly available, fraudsters have access to the contact person and postal address. These invoices suggest that prompt payment will prevent you from losing control of your domain name.
Awareness is your greatest line of defence for detection and prevention.
If you have any questions about any potential security risk, please don’t hesitate to call the Digital Arena mysupport team on 0800 327 362.