Keep a watchful eye on your email inbox. Our internal security team has been noticing an uptick in malicious email campaigns sent to TDS employee inboxes—and a similar increase in their personal inboxes as well.
These emails are phishing attempts. They’re designed to trick you into responding with action or information. Some might contain viruses or other malicious software, while others may steal your usernames, passwords, or payment information.
Here are two scams our experts are seeing a lot of lately:
Sextortion scams
Scammers claim to have compromised your computer to access email accounts and your computer’s webcam and microphone—controlling that equipment to take videos without your knowledge. The implication is that they have videos of you doing things you wouldn’t want share, including watching porn.
The scammers ask for $1400+ in Bitcoin or they’ll share the recordings with your email contacts. Krebs On Security says the email may even reference a real password previously tied to your email address to make it look legitimate.
It’s not likely a hacker has managed to install malware to control your webcam—and at least one source says there aren’t any reports of it actually happening. But, scammers are banking on you wanting to avoid any possible embarrassment in the off chance that it’s true.
Those targeted seem to have had email addresses and passwords leaked from various breaches. You can go to https://haveibeenpwned.com to sign up for notifications if one of your accounts is ever breached. Krebs says that, in many cases, the password mentioned in the email isn’t current—your first clue it’s probably just a scam.
To avoid these scams the FBI recommends that you:
- Never send compromising images of yourself—no matter what.
- Don’t open attachments from people you don’t know. Remember to consider the five signs of a phishing scam.
- Turn off any devices when you’re not using them.
Invoice Scams
This scam has been sent to personal and work email addresses. A scammer sends an email that appears to be an ApplePay or Apple Store invoice. When you click the link, download the invoice, and enable macros, a malicious Word document installs malware on your machine. This could be ransomware, keyloggers, or a Remote Access Toolkit (known as a RAT) which can control your computer.
A very effective version of this scam? You’re sent a notification that your subscription to a popular porn site has been processed. In your horror, you quickly click the link to report that you’ve received the email in error—downloading malware onto you computer.
Steer clear of invoice scams by never opening a link or an attachment you weren’t expecting. Instead, access your account securely from a new browser or installed app and check the status that way.