In the month of July, The Identify Theft Resource Center identified 110 data breaches. Of which, over 106 million records were exposed across the financial, business, education, government, and health care sectors. Whether you were affected by these breaches or not, you are still susceptible to phishing scams targeting post breach victims.
Capital One Breach Backdoor Trojan
With over 100 million affected by the recent Capital One breach, cyber criminals are trying to exploit the vulnerability with a phishing email scam using the windows security update as the bait. Clicking the link in the email will install a backdoor Trojan.
The phishing email could be spoofed as the targeted organization’s IT department. The language used is informal and slightly technical. These are common tactics used by hackers creating phishing emails.
Clicking the link in spoofed email will download a file named to resemble Microsoft patch files and security updates. This simple click will invite the hacker’s malware into your network.
Equifax Breach Fake Settlement Landing Page
Cyber criminals are also attempting to trick affected victims of the settled Equifax breach. Hackers are creating fake landing pages intended on resembling the FTC website. Scammers are sending phishing attacks that appear to come from Equifax, however, when the user clicks the link they are on a fake website that mimics the FTC claim website. This website then attempts to steal your personal information.
To file a real claim, go the legitimate FTC website at https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement and click on the blue “File a Claim” button. The website checks your eligibility for that claim and will then direct you to the current and legitimate steps to take.
It is important for employees to be able to decipher between phishing emails and legitimate emails. Employees are often the greatest weakness from a hacker’s point of view but can also be used as your greatest defense. This is just one tactic hackers use to target victims but there are endless other scams every day. Regular cybersecurity awareness training is crucial to prepare for your next attack.