Scam Feeding Frenzy

Image courtesy National Geographic

Well corona viruses have certainly changed our landscape in a very short space of time. Last year I’d only ever read seemingly inconsequential bits and pieces about them. Now It’s impossible not to hear about them all day long.

One thing that hasn’t changed though is that criminals are still ‘crimming’ (yes that’s a word). In fact they have really upped their game in a big way. It’s almost a feeding frenzy out there at the moment. Every Crim and even Nation States are getting in on the action.
You see most scams work by getting the victim to act before thinking, and by misdirecting their attention. That is why getting people to click on a malicious link or open an attachment is so easy. All the Crim needs to do is find a topic that will get you to click (either link or attachment) without thinking.

Now nCOVID-19 didn’t create this situation, but it is certainly providing a very fertile ground for the criminals to operate from. FUD (Fear Uncertainty and Doubt) are great for getting people to act without the normal caution and forethought. Titles about the virus, or the effects, or the economic impact or… <insert current FUD topic here>.

But it’s not just FUD topics either. Opportunities for gain and wealth also play on people’s emotions and cause them to defer their normal precautions. “Earn Money from Home” , etc etc.
Brian Krebs has a good cautionary tale on this last topic, in one of his latest articles.

So what should you be telling your staff to do? Well in an ideal world you’d go through training all your staff on Cyber Security. But the world isn’t ideal, and we are where we are. So let’s look at a few things you can be doing to keep your staff and your data safe in this current situation.

The OODA Loop

The OODA loop is important. it is a great mechanism for having a simple framework to follow for people. The military use it extensively in pilot training. But we mere mortals can also take advantage of it. OODA stands for,

  • Observe
  • Orient
  • Decide
  • Act.

Observe what is going on; Orientate this with what you already know and what the current situation is; Decide on your course of action; Act.

What the criminals want you to do is observe (very fleetingly) then Act. Miss out the vital, orient, and decide steps. To act without thinking. Then it is easier to scam you. To send you to a link that will compromise your computer. Or to get you to open an attachment that you would otherwise think twice about.

What to do

So what is it that we can all do? (please be aware this is a greatly simplified list for a wide and diverse audience. Your case may well be more complex.)

Windows Best Practice

First and Foremost, have good EDR/AV system in place. EDR stands for Endpoint Detection and Response. AV Stands for AntiVirus. Basically EDR is modern AV. But you need something. On Windows systems it’s good to do these big 3 as an absolute minimum…

  1. Don’t be logged in as an administrator for everyday use. Only log in as an administrator when it is vital to administer the device
  2. Have Macros disabled in Microsoft Office, unless critical. If it is critical to use them, restrict where they can run from.
    1. Here’s a great technical guide.
    2. And here’s a good simple one
  3. Use at least Windows Defender for AV (Preferably Defender ATP)

MAC Best Practice

With MACs it’s a little simpler. The threats are the same, but there is far less MAC focused malware around. So your odds are better. But there’s still some good rules to follow.

  1. As with Windows, don’t be logged in as an administrative user unless necessary.
  2. Make sure your firewall settings are strong. (mine are maxed out. Everything is turned off, but the essentials.)
  3. Disable Macros in Office if you use it.

Vigilance

Be extra vigilant. Be suspicious of every link and every attachment at the moment (well always really). If you are at all suspicious or wondering why you have been sent this (attachment or link), don’t click on it.

  • Ring the sender and check if it is legitimate if you are really curious.
  • Or maybe take a screen shot of the details and send to your security team or IT provider and ask them.
  • Or simply, just delete it. If it really is critical, the sender will contact you again.
  • But don’t get caught by clicking links unnecessarily.

If you do inadvertently click on a link or attachment here are some warning signs to look for that it may have been malicious…

  • It takes you straight to a login page.
  • It opens up a few different sites (seen as URLs flashing in the address bar of your browser), before taking you to where you anticipated it should.
  • You see some windows open on your desktop then close again quickly. These are likely PowerShell windows if you are on a Windows PC.
  • It just doesn’t look right. (Logos are wrong, URL seems dodgy, Grammar is inconsistent)
  • Your browser “misbehaves” afterwards. (taking you to different sites or crashing unexpectedly)
  • “Odd” things happen on your computer over the next few days/weeks.
    • Files aren’t accessible (encrypted)
    • screens opening without you doing it.
    • Camera activity lights come on when you aren’t using it etc.

This is by no means a definitive list. This is just some symptoms that *May* happen.

Be quick to ask for help

If you do inadvertently click on a link or attachment that you think may be dodgy, be quick to call your security response team or IT team. Time is of the essence in these situations. Your security team will be able to assist to get things going for you again. You won’t be judged. Or if you are, ignore the judgement. You have done the right thing in alerting the response team.

Whatever you do, DON’T just hope that it’s all okay. That could be costly.

If you don’t have a Security Response Team,

If by chance your business doesn’t yet have a security response team, try the following…

  • Disconnect from the network.
    • If this is wireless, just turn your wireless off
    • If you are wired, just remove the network cable
  • Call someone who can do a scan on your computer for you. Get them to assist.
  • If you don’t have anyone,
    • try downloading MalwareBytes if you are on a PC
    • Run a scan yourself using a virus scanner of your choice

Conclusion

As I mentioned. It’s a feeding frenzy for criminals out there at the moment. Situations like this seem to bring out both the best and the worst in people. But that doesn’t mean you can’t be safe.

Check back from time to time and I’ll try to keep this post updated or if you have a specific question, Contact us to ask.

Stay safe, and the BIS and Ramtech teams wish you, your families and loved ones, safety health and prosperity.