Currently, many citizens receive SMS messages with package notifications that normally Special services of parcel services are. The curious thing is that the sender is Deutsche Post or DHL and the recipient is often not expecting a parcel at all. The link in the package notification can infect Android smartphones with a virus if you open it. Meanwhile, the virus message spies on online banking accounts and even DHL warns about these messages on its official Twitter channel.
It wasn’t that long ago, in May 2017, when the “WannaCry” virus infected thousands of corporate and personal computers and demanded ransom payments. The code sneaked into employees’ PCs and, once infected, encrypted the entire hard drive and blocked access to important data. Unfortunately, such dangerous and self-propagating computer malware happens all the time.
Below you will find 7 tips and advice on current dangers and how to deal with them.
1. social media becomes new point of attack
The threat landscape continues to evolve – rapidly, on a large scale, and less and less predictably. With the popularity of social media, sweepstakes are beckoning everywhere on Facebook or Instagram. Many of them are just data collection traps. Be wary of prompts like “Share this post,” “Tag your friends,” or “The first 50 will receive a gift card.” No one is giving away dream houses, mispackaged iPhones, or new Audi models with red ribbons around them. The goal is to collect data and, in the worst case, to steal passwords.
How does that affect companies? Behind every corporate social media profile are mostly personal and private accounts that manage the company’s social media presence. If access data should get lost here, arbitrary contributions can be written and thus false information can be spread. The most recent example comes from car manufacturer Mercedes-Benz, when their Instagram account “Mercedesbenz_de” was taken over by a hacker in May 2020. Among other things, the 6.4 million followers got to see requests for payment via Bitcoin and photos of vehicles from competitor BMW.
2. the latest trend: spy cable
Yes, we were also astonished when the first information about manipulated cables made the rounds. Equipped with web server and wifi connection and perfect camouflage, such cable allows remote access to the computer. What makes it special is that it looks just like a conventional white charging cable from Apple devices. Under the name “O.MG Cable” (“Offensive MG”), such manipulated charging cables are gaining popularity in criminal circles. Our tip: Always use original data cables from the manufacturer and avoid cheap alternatives from marketplaces like Aliexpress or Wish.
3. beware of USB sticks and “USB killers
Quickly downloading something, carelessly clicking on a link or inserting a foreign USB stick into the computer: malware often hides behind inconspicuous situations and usually spreads invisibly and automatically. Employees also often like to stow critical company data in briefcases and send it with them on their travels. The fact that a USB stick can quickly get lost is no secret. We recommend using encrypted storage media (hard disks or USB sticks) for offline data transfer in the company. Many manufacturers now offer biometric encryption features such as fingerprint recognition.
Reports about so-called “USB killers” are also becoming more and more frequent. USB killers attempt to permanently damage targeted electronic devices with an electric shock. This can be used to attack all systems that have a USB interface. They are not built like common USB sticks, but contain electronic components for storing and transforming electricity. This makes it possible to give an electronic blow to the electronic device into which the USB killer is plugged and permanently destroy it with overvoltage. Such attacks are dangerous not only for classic computers, but especially for important security systems such as alarm systems, surveillance cameras or production systems.
Our tip: Avoid connecting foreign data media to your work computer and secure freely accessible USB ports. A comprehensive antivirus program that scans the data media beforehand and denies access in the event of danger can provide a remedy for virus hazards.
4. beware of fake websites, so-called scareware
Scareware are websites that trick visitors into believing that their computers are infected. The goal is to scare the visitor into downloading or even buying a supposed antivirus software that is supposed to fix the problem. Only when it is opened does the actual infection happen. The most common scareware attacks follow the same pattern, in that repeated pop-up windows allegedly found dangerous files or illegal material on the computer. In this pop-up window, there are almost always buttons or buttons with labels such as “Remove all threats” or “Fix problem”. Clicking on these links installs the malware on your computer or smartphone.
We recommend: If you go to one of these pages do not click on any buttons or links. After that, disconnect your computer from the Internet and run a scan with your proper antivirus software.
5. supposed Microsoft or Amazon employees on the phone
Fraudsters pretend to be Microsoft or Amazon employees on the phone and try to gain access to your computer. In doing so, they claim that the computer is infected with viruses or that they want to help you upgrade to newer versions of Windows. With a similar scam, the criminal “Amazon support employees” try to steal credit card data or bank details. Since Microsoft ended support for Windows 7 in January 2020, such scam attempts have become more and more frequent.
With the request to upgrade to the latest Windows 10, the alleged service agents try to prompt the end user to install disguised malware via calls, emails or manipulated websites. If you have already had contact with a supposed employee who was able to work on your PC or if you have clicked on an unknown link, it is possible that malware has already been installed on your computer. In this case, we recommend disconnecting the suspicious device from the network and having it scanned by a professional antivirus program.
6. change your passwords regularly
Even if it seems annoying – but change your passwords regularly. In both the private and business sectors, data theft is the most common crime on the Net. An interesting tool is “have i been pwnd?”. On this page, you can enter your business or personal email address and instantly see if you have ever been a victim of a data leak.The longer a password is, the more secure it is. It’s human nature that you can’t always remember everything about letters and number combinations. For this purpose, there are useful password management tools that can be used on any conventional computer or smartphone. The password manager “LastPass” is one of the market leaders and is already used by many companies.
In summary: People play an extremely critical role in the corporate security chain. Criminal strategies now target human behavior more often than technical vulnerabilities. Be skeptical when you receive unusual emails from colleagues or supervisor, and ask once more rather than too little if there are dubious links or prompts in the message. It is important to remain calm for the time being and avoid hasty reactions. Contact your IT department or IT service provider and stop using the computer for the time being until the issue is resolved or clarified.