Photo credit: Getty Images
Can’t you attend Transform 2022? Check out all the summit sessions in our on-demand library now! look here.
Cybercriminals never like to waste a crisis. While people around the world are still mourning the passing of Queen Elizabeth II, threat actors are seizing the opportunity to exploit the sympathy of unsuspecting users.
Today, Kaspersky researchers warned of an increase in scams linked to the Queen’s passing, uncovering several investment projects offering users crypto tokens and even monarchs Named NFTs in exchange for “Salute to Your Majesty.”
The researchers also noted that users could purchase commemorative coins and T-shirts from the newly created website, allowing consumers of consumers Name, address and card data are not protected.
The emergence of a new scam surrounding the death of Queen Elizabeth II highlights that security awareness training is key to ensuring employees avoid being tricked into handing over personal information.
MetaBeat will be on October 4th at San Francisco brings together thought leaders to provide guidance on how Metaverse technology is changing the way all industries communicate and do business, CA.
Status of Queen Elizabeth II phishing scams
Kaspersky isn’t the only one expecting a surge in scams surrounding the monarch’s death.
Just last week, the UK’s National Cyber Security Centre (NCSC) warned that “as with all major incidents, criminals may seek to use Her Majesty to die for their own benefit. ,” and warned users to watch out for emails and text messages.
That same week, Bitdefender noted that, on September 12, there was a wave aimed at building “AI memory boards,” in the Queen’s name, by trying to trick users. Clicking the link takes the user to a fake Microsoft login page to obtain their credentials.
It is important to note that these scams can arise anytime a tragedy occurs, with one of the most prominent examples occurring at the height of the COVID-19 pandemic, in which the Internet Fishing incidents increased by 220%.
These latest scams, uncovered by Kaspersky and Bitdefender, try to exploit the sympathy of unsuspecting users.
“When buying from such sites, keep in mind that many of them are not secure and data entered on such pages may be at risk of leakage, so remember to use strong, Protect yourself with security solutions,” says Kaspersky Security Specialist Olga Svistunova. “Also choose to only buy from trustworthy stores and be suspicious of super low prices on items – it can be used by cybercriminals as bait to get your payment details.”
network Phishing: The real risk to the business
While many of these scams are consumer-focused, they also pose significant risks to businesses.
For example, if an employee tries to make a purchase on a phishing site through a personal account, they can hand over data and login credentials, which can then be reused by attackers to compromise their organization of the internal system.
When all it takes is one login credential to wreak havoc, the dangers of these scams cannot be ignored.
The dangers of phishing and social engineering were most clearly illustrated by the Uber data breach last week, in which an 18-year-old hacker posed as an IT support employee Trick employees into sharing their login credentials to gain access to an organization’s Slack and internal systems.
These types of phishing scams won’t be the last, which means security teams need to take an active role in continually educating employees about emerging phishing scams.
In practice, this means not only providing access to phishing mock tests to test their ability to detect phishing emails, but also sending regular communications campaigns, Notify them of newly created phishing scams and list best practices they can use to protect themselves from threat actors.
As part of these best practices, it is a good idea to recommend that employees use personal devices to only purchase physical goods and digital content from trusted suppliers.
In addition, Kaspersky recommends that users double-check the URLs of the stores they visit to check that the URLs start with HTTPS and HTTP, indicating that the connection is encrypted. Users can also enable a VPN to ensure their traffic is encrypted when visiting online websites.
It is also a good idea to create a phishing reporting process to clarify how employees can report suspected fraudulent emails to the IT department and other external organizations such as the Federal Trade Commission (FTC )
VentureBeat’s Mission will be a digital town square for technology decision makers to access transformative enterprise technology knowledge and transactions. Read about our newsletter.