Unlock Your Phishing Self-Defence Skills!
Welcome to week two of Cyber Security Awareness Month!
This week’s focus is on recognizing and defending against new forms of phishing and email fraud that the Laurier community has recently seen. Remember to test your knowledge by submitting the quiz at the end of this newsletter for a chance to win a prize!
Subscription Renewal Scams
How it works
Subscription renewal scams use fraudulent payment confirmation messages to trick recipients into calling a malicious phone number. Some common elements to look for in these scams include:
- Subject lines like ”Order Completed Successfully” and “Payment Confirmed: Invoice Number 12345”, which imply that an automatic renewal or payment was completed for a subscription service.
- Messages that claim you have a large amount of money charged to your credit card
- A fake customer support phone number listed in the message, asking you to call the number to dispute the credit card charge. Once the recipient calls the fake customer support number, the fraudster on the other end of the call will ask for the victim’s personal information or credit card details.
These subscription renewal scams have become popular among cybercriminals since they don’t use traditional links or attachments that would typically be blocked by most spam filters.
What to do if you come across it
If you receive notification of an unusual subscription charge, check your credit card to confirm that the charge actually occurred. Inspect the message for other common features of traditional phishing scams (for example, an email claiming to be sent by Walmart or Amazon but is actually being sent from a Gmail or Hotmail account is a surefire indicator of a scam).
QR Code Phishing
How it works
To combat security features like Microsoft 365 Safe Links and spam filtering, some cybercriminals have started using malicious QR codes in their phishing messages instead of direct links or attachments. Since QR codes need to be scanned by a mobile device with a camera, it shifts the phishing attempt away from your computer and often bypasses network firewalls and spam filtering (if a mobile phone is used on-campus at Laurier and isn’t connected to eduroam, it won’t be protected by our firewall or Microsoft Defender).
Despite this, QR code phishing attacks still rely on many of the features of traditional phishing messages (implied urgency, unusual sender addresses, unusual premises, or occasional inconsistency in grammar or branding).
What to do if you come across it
If you receive a suspicious QR code email, take a moment to consider why a QR code without any other links or attachments would be necessary for a message like this and forward the message to reportspam@wlu.ca if you have any doubt over its legitimacy.
“Attacker in The Middle" (AiTM) Phishing
How it works
Multi-Factor Authentication (MFA) has been very successful in preventing unauthorized account access. As a result of this, cybercriminals have had to find alternative phishing methods, such as Attacker in The Middle (AiTM) phishing.
AiTM attacks steal your username/password using traditional phishing methods but also steal your web browser's authentication token which is saved on your computer after you accept an MFA prompt.
The threat actor uses a proxy website which goes between your computer and the legitimate website you're visiting, relaying the information between the two. This also means that attackers can imitate legitimate login pages without having to design their own fake login page.
When an AiTM attack occurs, the address bar at the top of your web browser will show the address of the malicious proxy website rather than the address of the actual site you're trying to visit. For instance, if the site looks like an Amazon or Gmail login page but the address bar says www.sn3akyhacker.com, it might be an AiTM attack.
What to do if you come across it
If you spot any AiTM-related activity, report it to reportspam@wlu.ca. Spotting and reporting these attempts will allow us to block access to these AiTM proxy sites which will protect others from being victimized.
How cyber fit are you? Test your knowledge and win a prize!
Every week, we will be giving away a Laurier water bottle and magnet, courtesy of The Hawk Shop. Complete the weekly quiz for a chance to win! But wait, there's more – we're also giving away an iPhone 11! Complete all of our weekly quizzes for a chance to win an iPhone 11. The winner will be drawn at the end of the month.
Read our other Cyber Security Awareness Month newsletters: