Security

COVID-19 Themed Templates for Hackers

Hackers use COVID-19 Themed TemplatesNew, Sophisticated Hacking Techniques in the Age of COVID-19

Hackers are using new methods to create very credible looking, fake websites to steal login credentials. Security firms are seeing an increase in the use of website templates to create phishing websites that look and feel like the real thing. These templates, available on underground forums and marketplaces, are a quick and easy way for criminals to create convincing, fake websites to steal information. The known templates mimic websites from the World Health Organization (WHO), Internal Revenue Service (IRS), Centers for Disease Control (CDC), the United Kingdom government, the government of Canada, and the government of France. Many of these templates have multiple working pages to make them look more realistic. The template that mimics the government of Canada even has English and French segments.

More than half of the phishing campaigns recorded since January are using these new spoof templates to fool consumers. Hackers are using normal phishing techniques, creating urgency by claiming recipients will lose benefits, or reporting a breakthrough on the pandemic. The difference is the use of these templates to create very convincing fake websites. This change in strategy has been effective, resulting in an increase in successful phishing attacks.

Below are some examples of the fake phishing site templates:

This fake CDC site is asking user to authenticate with an email service to generate a vaccine ID.

Fake IRS Page

This fake IRS website created from an available template goes a step further, asking users to enter SSN, DOB, and other private identity information.

Avoid falling prey to these new phishing campaigns by being aware of the links you click on in emails. If an email is creating urgency or preying on emotion (click on this link now or you will lose your vaccine benefits!), the email is probably a scam. Instead of clicking the link, go to the known government website and look for the information. The criminals are making it more difficult to differentiate the fake websites and using emotion to get users to click. Stay informed and think before you click.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Feature Newsletter

Quanexus Q-News

This week we are featuring our current newsletter. In this newsletter we focus on Security Awareness Training, Long Term Digital Photo Storage, How Data Security Resonates with Customers, and What We Learned from the Equifax Breach.

Click here for the Newsletter

You can also subscribe to our email list and receive the newsletters when they are published. Read previous Newsletters and subscribe to our email list by clicking here.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

Preparing for the Unexpected and Risk Management

Risk ManagementHow Much is Enough? (COVID-19)

Our economy has been devastated by the COVID-19 Pandemic. What could businesses and individuals have done differently to be more prepared?

The risk management process typically includes:

  • Identifying threats
  • Classifying risk based on threats
  • Determine the likelihood of a threat occurrence
  • Determine impact of the threat

Two approaches can then be taken for managing risk: low water mark or high watermark. The low watermark model states that if any part of the classification is low, then very limited resources should be spent to protect against the risk. An example, the likelihood is low, but the impact is high, the overall risk rating should be treated as a low.

The high watermark model states that if any part of the classification is high, then appropriate resources should be spent to protect against the risk. Based on the low and high watermark models, companies also add an amount of subjective input into the equation.

The biggest challenge with risk management is limited budgets. With limited budgets, companies spend most of their resources and incident planning based on scenarios that are likely to occur. Examples of this include recovering from ransomware, recovering from and management of breaches, etc. It is easy to second guess any organization once an incident occurs. Sad examples of second guessing include:

  • How many ventilators are reasonable for a hospital or the government to stockpile?
  • How much personal protection equipment (PPE) is reasonable to stockpile?
  • When borders should be shut down and travel restricted?

What about personal responsibility? How much should individuals be responsible for? Is it reasonable to expect individuals to always have:

  • A 60-day supply of toilet paper?
  • A 60-day supply of hand sanitizer?
  • Protective masks?
  • How much savings is reasonable for every family?

From a personal perspective, three months ago some of this might have sounded silly, but not now. When it comes to risk management, businesses make decisions like individuals do. Decisions are based on the likelihood and impact of potential events and limited resources, budget and money.

To exacerbate things, our memories are short. It will be interesting to see what really changes over the next five years, if there are no further outbreaks.

Stay Safe!

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business, Virtualization

IT Security and Risk Management

Jack talks through how we handle risk in the IT Industry.

 

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business