A little over two weeks ago we posted about the first Hurricane Harvey scam emails that appeared in our spam traps.  The hurricane scams continue to persist without showing any signs of slowing down soon.

Scammers are now using Harvey and Irma references or just a generic email to encompass any hurricane assistance efforts.

Read More

Data Breach Image

Data Breach Image

 Equifax Breach Overview

While not the largest breach, it’s one of the most severe because of the data compromised.  Equifax, Experian, and TransUnion compiles the most sensitive financial information and safeguards it.  No company is immune to an attack, however, this garnered 143 million American’s most important records. Names, social security numbers, birth dates, and addresses all exposed to attackers.  In some instances the criminals were also able to obtain driver’s license numbers, credit cards, and dispute documents that contained more personal identifying information.  Due to a website application vulnerability the data was available from mid May – July 29, 2017 when discovered.  A ransom demand for nearly $2.5 million in bitcoin was posted on the dark web when the breach became public, however, the .onion site was fake and has been removed.

Read More

Harvey Scam Example

After every large news event or natural disaster we see the associated scam emails.  The first Harvey scam email we’ve seen showed up the afternoon of Aug. 30.  It is a bit surprising it took that long for it to appear, we’ve been watching closely.  Unfortunately many more scam emails and registered domains will shortly follow suit.  The example below is very simple but shows predators are out there waiting for any opportunity to pounce.  This email originated from South Africa but the phone number is a Fort Lauderdale, Florida number.  The address is a legitimate one the scammer could simply find utilizing any search engine.  Redcross.us redirects to the real redcross.org site, however, this example’s info@redcross.us address is forged.  Replies go to donations@uymail[.]com, which is a free email address service.  At AppRiver, our SecureTide spam and virus filtering team works 24/7/365 to block these attacks.

Donation & Safety Tips
  • Navigate directly to the legitimate sites or charities you may consider donating to. Type in the address manually instead of clicking links.
  • If you aren’t sure about a charity, research them first using a third-party watchdog (give.org, charitywatch.org, guidestar.org, or charitynavigator.org).
  • Be extremely suspicious of any attachment or link you may receive via email. Contact the sender directly if there is any question.
  • If you are an AppRiver customer we will happily investigate any suspicious messages or attachments further for you, please contact us.
  • Utilize checks and credit cards for donations directly to the charity itself, not an individual and avoid cash if possible. This creates a paper trail for tax deductions as well.
  • Do not give out personal information such as drivers license information, social security number, birth dates, mother’s maiden name, etc.  This information is used by the bad guys for social engineering their way further into your accounts or ID theft.

Harvey Scam Email

***Updated 8.31***

Scam Example#2 – Originating from Kenya, usually this type will try to solicit more personal information from you before proceeding.

Harvey Scam Email

***UPDATE*** In the past 24 hours we have seen over 23 million messages sent in this attack, making it one of the largest malware campaigns that we have seen in the latter half of 2017.

Malicious email campaign

As many US workers were arriving to their offices, a massive malicious email campaign began attempting to reach their inboxes. A large spike in malware traffic began this morning just after 7 am CST. The emails were extremely vague in nature as you can see:

Read More