Look Out for This Covid-19 Excel Phishing Scam

Loading

The Covid-19 pandemic has provided boundless opportunities for scammers since January at least. But a group of fraudsters known as Scattered Canary has reached new depths, ripping off state unemployment systems for millions of dollars just as funds are running dangerously low.

It’s not all bad news, though. For the last several months, the FBI had once again been pressuring Apple to undermine its encryption so that it could get into a mass shooter’s iPhones. And just as it did in 2016, the agency ultimately relented after it was able to determine the passwords on its own. Go figure!

Facebook also did good this week, managing to add safety alerts to its Messenger app to let people know when a scammer or worse might be on the other end of the chat, all without breaking the end-to-end encryption of its Secret Conversations feature. And while researchers concocted a dangerous new amplification technique for distributed denial of service attacks—one that could potentially have crippled large portions of the internet—the affected companies appear to have protected themselves against it before a bad actor got wise. And Chrome took a big step to shut down cryptojacking and other resource-draining ads.

We took a look at ShinyHunters, a hacking group that hit over a dozen companies at the beginning of May in search of dark web profit. A hardware wallet is still the safest place to stash your cryptocurrency, but new research is a healthy reminder that they’re not infallible. And if you’re tired of spam, consider using one of these apps that provides a burner email to duck it.

WIRED contributor Garrett Graff took a hard look at Secretary of State Mike Pompeo this week—and how deeply congressman Mike Pompeo would have disapproved of his behavior.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Yep, it’s another Covid-19 scam. Microsoft this week detailed a phishing effort that started on May 12. The campaign deploys emails that purport to be from the “John Hopkins Center”—the university’s Center for Systems Science and Engineering has maintained a popular Covid-19 tracker—and include an Excel attachment that presents itself as US cases of the disease. If opened, the file downloads a macro and runs NetSupport Manager RAT, a legitimate remote support tool that can be used for nefarious purposes, specifically to download malware on a targeted device. So don’t open any Excel files from Johns Hopkins! And if you want to see their Covid-19 map, go ahead and bookmark it.

Apple keeps unreleased versions of iOS a closely guarded secret; even when an iPhone 4 famously leaked before it launched, the software remained a mystery. But it appears that an early version of iOS 14 has fallen into the hands of the iOS jailbreak community, according to a report this week in Motherboard. There had already been some hints that iOS 14 was out there; Apple news site 9to5Mac reported that it had seen leaked code back in March. But the apparent extent of the leak means hackers have ample time to prod the update for vulnerabilities—which could be trouble when iOS 14 actually launches.

European airline EasyJet revealed this week that a cyberattack had resulted in the personal information of nine million customers being stolen. Over 2,000 victims also had their credit or debit card information accessed, further exposing them to theft or fraud. EasyJet said that “highly sophisticated” hackers were behind the operation, and that it suspects that the target was intellectual property rather than customer data, but it’s unclear what it’s basing that assessment on.

And another one! Wishbone is a site that lets you make an online poll; this week a hacker put 40 million of its user records for sale on the dark web. ShinyHunters (hello, again!) has taken credit for the breach, which appears to have taken place in January. Shortly after ZDNet first reported the dark web listing, the database leaked as a free download.


More Great WIRED Stories

Read More