Family First CU Blog

Zelle Users Continue To Be The Target Of Scams Intent On Fraud


Zelle Users Continue To Be The Target Of Scams Intent On Fraud

Stu Sjouwerman

The wildly popular payment app is a cybercriminals playground where users are easy prey for money laundering, scams, mules, and just plain old fraud.

We live in a world where yet another new popular app pops up and suddenly everyone is using it. So, it must be safe, right? In a word, never. The Zelle app connects individuals allowing easy payments to be sent right from the user’s bank account. It’s the inherent trust in an app that is the basis for Zell-related fraud. Take the example of a user wanting to pay for an item via Paypal – a vendor that provides protection against scams where paid-for items are never delivered, etc. The fraudster says they want to be paid via Zelle, and the assumption is that, because it’s a payment app like Paypal, it has the same protections. It doesn’t.

That doesn’t make Zelle a bad choice; it just means the individual needs to be aware of – and responsible for – what will and won’t happen once they send money to an individual they truly don’t know personally.

Zelle does have protective measures in place such as sending limits and real-time alerts, but ultimately it’s up to the individual to protect their money.

In the same way, organizations place users on the frontlines of cyberattacks where emails received are equally assumed to be legitimate (via social engineering tactics). However, instead of the user becoming the victim for a small amount of money, it’s the organization that pays the price via paid ransoms, remediating a data breach, and more.

So, like with Zelle, users need to understand their responsibility in helping to ensure organizational security. Through Security Awareness Training, users can be taught about the importance of good security practices, the need for vigilance when using email, the web, and apps, and how their actions can impact the organization.



Share: Share on Facebook: Zelle Users Continue To Be The Target Of Scams Intent On Fraud Share on Twitter: Zelle Users Continue To Be The Target Of Scams Intent On Fraud

Fraudsters Are Exploiting Newborns and Recently Deceased People


...since companies are still trying to figure out how to deal with this type of fraud, people need to learn how to protect themselves before it affects themselves or their loved ones.


Read More »
Share: Share on Facebook: Fraudsters Are Exploiting Newborns and Recently Deceased People Share on Twitter: Fraudsters Are Exploiting Newborns and Recently Deceased People

[Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data


[Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data

Stu Sjouwerman

Intrepid investigative Reporter Brian Krebs had the news first. "The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic."

You can count on other cyber organized crime gangs to follow this "innovation".

Krebs continued with: "Over the past 24 hours, the crooks responsible for spreading the ransom malware “REvil” (a.k.a. “Sodin” and “Sodinokibi“) used their Dark Web “Happy Blog” to announce its first ever stolen data auction, allegedly selling files taken from a Canadian agricultural production company that REvil says has so far declined its extortion demands.


The victim firm’s auction page says a successful bidder will get three databases and more than 22,000 files stolen from the agricultural company. It sets the minimum deposit at $5,000 in virtual currency, with the starting price of $50,000.

Prior to this auction, REvil — like many other ransomware gangs — has sought to pressure victim companies into paying up mainly by publishing a handful of sensitive files stolen from their extortion targets, and threatening to release more data unless and until the ransom demand is met.

Experts say the auction is a sign that ransomware groups may be feeling the financial pinch from the current economic crisis, and are looking for new ways to extract value from victims who are now less likely or able to pay a ransom demand.

Lawrence Abrams, editor of the computer help and news Web site BleepingComputer, said while some ransomware groups have a history of selling victim data on cybercrime forums, this latest move by REvil may be just another tactic used by criminals to force victims to negotiate a ransom payment."


Share: Share on Facebook: [Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data Share on Twitter: [Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data

Increase in BLM Domain Names Forecasts BLM Phishing Attacks


Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Roger Grimes

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious intent.

Social engineers and phishing creators love to use newsworthy events to foist new scams. They know that people’s interest in the latest events, natural or otherwise, makes potential victims less likely to be as skeptical when an unexpected email ends up in their inbox, especially if that email is enraging. Natural calamities like earthquakes, tornados, floods, and hurricanes have always been phishing draws. Pandemics, celebrity deaths, political upheaval, cultural unrest, and riots, are guaranteed to trick a higher number of unsuspecting victims into clinking on a malicious link or downloading a file that requires their password.

COVID-19 led to an extraordinary amount of new phishing. One vendor reported a 667% increase in coronavirus phishing emails in one month. One phishing campaign posed as a COVID-19 contact tracing app. Microsoft reported a malicious spreadsheet that posed as a COVID-19 death tracker. COVID-19 scams got so bad I published a blog article on how to tell the difference between legitimate and rogue COVID-19 emails with over a dozen examples of COVID-19 phishes.

Phishers Jump on the Bandwagon

A big indicator of whether or not phishers are going to jump on the current news bandwagon is how many DNS domains, legitimate or not, get registered with names related to the current news. A large number of newly registered domains indicates increased societal interest and the scam can more likely register their maliciously-inclined domain without drawing too much early attention. For example, over 20,000 domains related to COVID-19 were registered in just three weeks and 17% of them were related to maliciousness.

Blacklivesmatter Domains Registered

The current blacklivesmatter moment is another moment in history that spammers and phishers are sure to take advantage of. It’s newsworthy and will last for weeks. Cyber threat intelligence provider, WhoisXMLAPI, has looked at billions of domain registrations. They have noticed an uptick in domain registrations related to blacklivesmatter and George Floyd. The figure below shows a sampling of names.


Out of all of the names that are registered, how many are for purely legit reasons and how many will be linked to some nefarious phishing campaign – we do not know. Although the domain is certainly depending on mis typing to score a visit. But if we look at the COVID-19 reports, the 17% scam rate is probably not to out of bounds. Once you start seeing the domain registrations come, the scammers are not far behind.

Disinformation Involved

Successful scammers like to use “stressor events” and to induce emotional responses. Stressor events are fake descriptions like, “If you don’t make the payment now, we will lose the business we’ve been working on for the last two years!” or “If you don’t confirm your email address and password, we will delete your account permanently!” They want the user to feel stress and to be more likely to skip past their normal procedures. They want to make the potential victim will react right now. Fight or flight! The more time you give a victim, the more likely it is that they will check out the request another way to determine its legitimacy.

A very successful related tactic is that of emotional disinformation. For topics like BLM, where you have very strong emotions on both sides of the issue, scammers will pray on the intense feelings to motivate the person to respond, at all, and more quickly than if it was another topic that everyone agreed upon. In the COVID-19 phishing emails, scammers loved sending emails with topics like, “COVID-19 infection data was a hoax!” and “COVID-19 deaths significantly overstated” and “COVID-19 deaths significantly understated!” Disinformation campaigns don’t really care to be on one side or the other. They play both sides against each other. It’s not only scammers and phishers, but nation states and political groups. But scammers and phishers are certainly taking advantage of the disinformation campaigns that are sown into our digital world. News and social media sites are just now starting to deal with how to put down disinformation campaigns before they get widespread. And what they are finding out is that stopping malicious disinformation campaigns can be tough, especially in places where free speech and tolerance of extremist views are societally and legally protected.


So, what are you supposed to do? First, be aware and educate your employees that no ongoing news event will escape being used by scammers and phishers. It’s their life blood for getting people to click on emails and links that they otherwise would not. It has happened with every significant event before this year and has certainly happened with the COVID-19 pandemic. And it’s going to happen with the BLM movement and related controversies. Let your end users know to expect BLM-related phishing attacks, especially ones where their subjects try to elicit a quick, emotional response. In fact, we have a saying at KnowBe4: “If an email has a stressor event or emotional motivator in it, doubly Stop, and Think Before You Click on That Link!”



Share: Share on Facebook: Increase in BLM Domain Names Forecasts BLM Phishing Attacks Share on Twitter: Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Blog Categories
Blog Archive

Become A Member... Join Today!

Blog Categories
Family First Credit Union
Become a Member...Join Today!