Aug 1, 2020
Craig explains Hacker's new bag of tricks. They are buying pre-made COVID-19 templates to fleece unsuspecting users.
For more tech tips, news, and updates visit - CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] Hey, welcome back, everybody. Craig Peterson here on WGAN. It's our last half hour together today, but we'll be back again next week. One till three here on WGAN every Saturday. Of course, I'm on with Matt Gagnon during drive times on Wednesday morning at seven 34, as we discuss the latest in technology news.
You've probably been in the hearing warnings. I've certainly been talking about them with Matt, about all of the nastiness that's going on right now with the hackers. And we're talking about soup to nuts hackers here. We're talking about nation States. In other words, countries like Russia and Iran and particularly China and all of the things they're trying to do to really mess us up.
It's a shame to see that, but we
[00:01:00] also have just regular old hackers. Those people typically in Eastern Europe who are just hoping to get their hands on a hundred thousand dollars from some rich American who doesn't deserve the money, because then, wow, this is great. It's important to them in their family for years.
In fact, their extended family for years. So they're doing everything they can to get money from us. The number of hack attempts has gone way up. I've seen numbers as high a, 300% through phishing attacks and various other attacks, including direct attacks on our firewalls, our websites on basically everything that is facing the internet.
So it's a real problem out there and threat actors, these bad guys are trying to take advantage of people as part of this pandemic. They're pretending that they are the World Health
[00:02:00] Organization, the Internal Revenue Service, the Centers for Disease Control or some government agency or NGO, as they say, non-governmental organizations.
There have been a lot of them coming out pretending to be from the United Kingdom's government, the government of Canada and the government of France. That is a very big deal because they're being successful at. Unsurprisingly, the COVID-19 phishing campaigns have just taken off. I'm looking at a chart right now, different page deployments. So it hit a peak around March 26th and it's been dropping.
But here's what these pages are that I'm talking about. These are pages up on the dark web, just regular webpage type pages, and bad guys. These bad
[00:03:00] actors go there and they can download templates. Templates of emails, templates of the website. So instead of taking a day or two to come up with a great copy of a website that looks just like the World Health Organization, all they have to do is pay 10 bucks, $10. For a set of templates that they can now use to send out to you, and me, emails that look like the World Health Organization. If we click on it, take us to a website that looks like a World Health Organization or one that makes it look like your computer was infected.
A lot of these templates have multiple pages, as well as emails, malicious web domains that can be inserted. The bad guys can rent a web domain and use that. This is regular marketing.
[00:04:00] Where you might have an affiliate and you use an affiliate code in order to, track that was my lead I want to get paid if they buy.
Well, they have affiliate codes for these bad websites. It's absolutely amazing. Then these credential phishing attackers have our information that they've taken from some hack online. There are some huge databases of our email addresses, usernames names, and passwords that are out of their huge databases.
They're using these databases here to try and get you to click on something. Because they know the last four of your social security number, they know your email address, they know your name. In many cases, they might even know your bank because what they'll do is use the information that they've stolen from, whatever it is,
[00:05:00] a clothing website and use that same email address and that same password to try and log into a number of bank websites.
Are you using the same email address and password to using multiple sites? No, you're not, are you? Because that's what they're doing. That's called credential stuffing and credential fishing. We've seen these landing page deployments go down a little bit, which makes sense because again, most of the bad guys have been doing it.
So let's talk about some of these spoofed websites. What do they look like? the domain is usually a giveaway, if you're paying attention.
So for instance, they might have a wastewater treatment.co. Dot N Z. So that's particular site is a World Health Organization, branded
[00:06:00] credential fishing template.
So you go to that page, you verify quote, unquote, your email, and your password. And now you're in. Now we know that there was supposedly a hack of the World Health Organization's credentials. A hard to tell if that's absolutely true or not, but they're copying the WHO's logo, color scheme and they're trying to get you to enter in your credential.
Same thing with the United States Center for Disease Control and looking at a spoof site right now. It's cdc.gov dot Coronavirus dot secure dot server dot shorter-term rental.org. Obviously it's not really shorter-term rental. So people look at it okay. cdc.gov coronavirus. Okay. That makes sense. It says authenticate with your email provider to generate a vaccine ID. It has quick login links for outlook, g-mail, office,
[00:07:00] EA, AOL, and Yahoo. It's asking for an email address and a password. So you can receive a vaccine ID, whatever the heck that is. This is a broad web email credential phishing template.
Here's another one here. This is a see matters dot com. Of course, it's coronavirus is what they're trying to get at here. Financial aid, details. It says, after an accounting audit of our records, we discovered that you are eligible for an instant amount of $1079.83 cents worth of financial aid. Upon submission, your request will be further reviewed by our accounting team. And the amount in question will be credited to your confirmed financial institution in a timeframe of 48 hours.
Again, fake. Here's another one. This is a get my payment website that's out there. And again, these are all templates that they pay their 10 bucks and they
[00:08:00] get a set of templates.
It makes it look like it's the IRS, but again, it's not. They are, IRS is URL, and if you check the SSL key signature that's not them either. So this one is to get my payment. It asks for your social security number, your date of birth, your full name and your zip or postal code. Okay. All right there and the IRS site, how's that for fun?
if you want the real IRS site, by the way, go to irs.gov and you can click through on there.
Here's another one. Get my payment, the government of Canada it's even in French as well. Emergency Canada, emergency response benefit. These things just go on and on, Canada revenue L'Agence du Revenu du Canada de Aussi en Francais. The United Kingdom, her Majesty's revenue and customs, it goes on and on.
So the bottom line here be very careful. The bad guys are out there.
[00:09:00] They've got these ready-made COVID-19 themed websites that they're stealing. They're renting, they're putting online and they have really been making a lot of money.
All right. When we get back, we're going to talk about Britain's hard lesson about blind trust in so-called scientific data.
You're listening to Craig Peterson here on WGAN an online Craig peterson.com.
Stick around. We'll be right back.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: