The United States Computer Emergency Readiness Team (US-CERT) has issued an alert advising users to be aware of possible malicious activity that seeks to capitalize on recent tragedies such as the Texas school shooting. Criminals often use events like this to play on public sympathies and solicit donations to fraudulent “charitable” organizations. Regardless of the direct financial outcome, these scams can result in the criminals capturing contact information, login credentials, and a malware infection on the PC or mobile phone.
We have observed dozens of attacks pop-up around tragedies and other sad events. Earthquakes, tsunamis, the Boston Marathon bombing, and even the death of Robin Williams have all been used by cybercriminals. And they don't limit themselves to tragedies: major political news, holidays, and economic concerns are all on the table. It's a sick reality that these criminals will use everything they can and do anything they like to make you a victim.
Barracuda always advises companies to use a layered defense system to protect their networks and users from attacks like this. When combined with ongoing user training, technologies like Artificial Intelligence and DMARC will go a long way to keep people safe. As part of the user training piece, US-CERT recommends the following measures to avoid social engineering and phishing attacks:
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don't send sensitive information over the Internet before checking a website's security.
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic, and take advantage of any anti-phishing features offered by your email client and web browser.
For more information on how to protect yourself from these attacks, see the resources on the US-CERT website here. For information on how Barracuda can help protect your business from attacks like this, visit www.barracudasentinel.com
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.