May 22, 2020
Welcome!
We are still locked down due to this Pandemic but the hackers and cybercriminals are hard at work and now they are using pre-made COVID-10 templates to speed up their dastardly deeds. Kick your feet up, enjoy the sunshine, and listen in.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Automated Machine Generated Transcript:
Craig Peterson: Hey, welcome back everybody. Craig Peterson here on WGAN. It's our last half hour together today, but we'll be back again next week, one til three here on WGAN every Saturday. And of course, I'm on with Matt and Gagnon during drive times on Wednesday morning at seven 34 as we discuss the latest in technology news.
[00:00:29] You've probably been hearing warnings. I've certainly been talking about them with Matt about all of the nastiness that's going on right now with the hackers, and we're talking about soup to nuts. Tackers here we're talking about nation States. In other words, countries like Russia and Iran, and particularly China, and all of the things they're trying to do to really mess us up.
[00:00:58] And it's a shame to see that, but we also have just regular old hackers. Those people typically in Eastern Europe who are just hoping to get their hands on a hundred thousand dollars from some rich American who doesn't deserve the money because then, wow. This is a great support to them in their family for years.
[00:01:21] In fact, their extended family for years, so they're doing everything they can to get money from us. The number of hack attempts has gone way, way up. I've seen numbers as high as. 300% through phishing attacks and various other attacks, including direct attacks on our firewalls, our websites on basically everything that is facing the internet.
[00:01:47] So it's a real problem out there and threat actors, these bad guys are trying to take advantage of people. As part of this pandemic, they're pretending that they are the world health organization, the internal revenue service, the centers for disease control, some government agency or NGO, as they say, nongovernmental organization.
[00:02:14] There have been a lot of them coming out pretending to be from the United Kingdom government, the government of Canada, and the government of France. That is a very big deal because they're being successful at it. And unsurprisingly, the covert 19 phishing campaigns. I have just taken off. I'm looking at a chart right now, a different page deployment.
[00:02:43] So it kind of hit a peak around March 26th and it's been dropping, but here's what these pages are that I'm talking about. These are pages up on the dark web, just regular webpage type pages, and bad guys. These bad actors go there and they can download templates. Templates of emails, templates of the website.
[00:03:11] So instead of taking a day or two to come up with a, a great copy of a website that looks just like the world health organization, all they have to do is pay 10 bucks, equivalent $10. For a set of templates that they can now use to send out to you and my emails look like the world health organization.
[00:03:37] And if we click on it, take us to a website that looks like a world health organization or one that makes it look like your computer was infected. A lot of these templates have multiple pages as well as emails, malicious web domains that can be inserted. The bad guys can rent a web domain and use that.
[00:04:01] This is kind of like. Regular marketing where you might have an affiliate and you use an affiliate code in order to track, yeah, that was my lead. I want to get paid. If they buy well, they have affiliate codes for these bad websites. It's absolutely amazing. And then these credential phishing attackers have our information that they've taken from some hack online.
[00:04:32] There are some huge databases of our email addresses, usernames, names, and passwords that are out there. Huge, huge databases. And so they're using these databases here to try and get you to click on something. Because they know the last four of your social security number, they know your email address, they know your name.
[00:04:58] And in many cases they might even know your bank because what they'll do is use the information that they've stolen from, you know, whatever it is, a clothing website, and use that same email address and that same password to try and log into a number of bank websites. Are you using the same email address and password to using multiple sites?
[00:05:26] Right. No, you're not, are you? Because that's what they're doing. That's called credential stuffing and credential fishing. We've seen these landing page deployments kind of go down a little bit, which makes sense because again, most of the bad guys have been doing it. So let's talk about some of these spoofed websites.
[00:05:48] What do they look like? Well, the domain is usually a giveaway if you're paying attention. So, for instance, they might have a wastewater treatment.co. Dot. N Z. So that's particular site is a world health organization branded credential fishing template. So you go to that page, you verify quote-unquote, your email and your password.
[00:06:18] And now you're in. Now we know that there was supposedly a hack of the world health organization's credentials. A hard to tell if that's absolutely true or not, but they're copying the WOA chose logo color scheme, and they're trying to get you to enter in. Your credentials. The same thing with the United States center for disease control and looking at a spoof site right now, it's cdc.gov dot.
[00:06:46] Coronavirus.secure dot server dot shorter-term rental.org obviously, it's not really shorter-term rental. And so people look at it. Okay. cdc.gov coronavirus. Okay, that makes sense. And it says, authenticate with your email provider to generate a vaccine ID and it has quick login links for outlook, g-mail, office, EA, AOL, and Yahoo.
[00:07:13] And it's asking for an email address and a password so you can receive a vaccine ID, whatever the heck that is. Right. This is a broad web email credential phishing template. Here's another one here. The course IRS is a big-time one. This is a see matters.com and of course, it's Corona is what they're trying to get at here.
[00:07:40] Financial aid details. it says after an accounting audit of our records, we discovered that you are eligible. For an instant amount of 1070 $9 and 83 cents worth of financial aid upon submission, your request will be further reviewed by our accounting team, and the amount in question will be credited to your confirmed financial institution in a timeframe of 48 hours.
[00:08:06] Again, fake. Here's another one. This is a get my payment website that's out there, and again, these are all templates that they pay their 10 bucks and they get a set of templates. It makes it look like it's the IRS, but again, it's not. They are IRS is URL, and if you check the SSL key signature. That's not them either.
[00:08:29] So this one is getting my payment. It asks for your social security number, your date of birth, your full name, and your zip or postal code. Okay. All right. There and the IRS site. How's that for fun? if you want the real IRS site, by the way, go to irs.gov and you can click through on there. here's another one.
[00:08:50] Get my payment. The government of Canada, it's even in French as well. Emergency Canada, emergency response benefit. these things just go on and on. Canada revenue. Is y'all still for the new Canada or C or Francais? The United Kingdom, her Majesty's revenue and customs. It goes on and on. So the bottom line here, be very careful.
[00:09:16] The bad guys are out there. They've got these ready-made, covert 19 themed websites that they're stealing, they're renting, they're putting online, and they have really, really been making a lot of money. All right. When we get back, we're going to talk about Britain's hard lesson about blind trust in so-called scientific data.
[00:09:40] You're listening to Craig Peterson here on WGAN and online. Craig peterson.com. Stick around. We'll be right back.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553