Scammers are increasingly using social media to target victims. They use social engineering techniques to persuade victims into giving their details or paying money.
A recently released Federal Trade Commission (FTC) report states:
"More Than 95,000 people reported losses of more than $770 million due to fraud on social media platforms in the period 2021-2021."
These losses are responsible for 25% of all fraud losses in 2021. This is an astonishing 18-fold increase on 2017's losses. Fraud losses are reported by all age groups. However, people aged between 18-39 reported fraud losses more often than older adults.
Over half of those who lost money in scams related to investment in 2021 claimed that they were fraudsters. FTC reports that scammers are using social media platforms to market bogus investment opportunities, and encourage people to invest.
Many people send money in crypto and promise huge returns but often wind up empty handed.
According to the report by the North American Securities Administrators Association, crypto-scams will be the biggest threat to investors in 2022. FTC recommends that users be more cautious while browsing social media sites.
Security experts recommend setting limits on who can view your posts, targeting advertising and taking advantage of more strict privacy controls.
This advice is sound for everyone, especially given the increasing number of attacks on social networks.
CSV Files Cause New Malware
Researchers discovered a new type of phishing.
Hackers used this CSV file to infect computers. They are using the BazarBackdoor malware. CSV, also known as "Comma Separated Values", a text format that can be easily imported into Excel.
When Excel is opened, the alphanumeric values are separated by commas. The headers will be the first line if you open the file using a text editor. Excel lets you divide your data into neat rows or columns by opening the same file.
CSV files are very popular in business. They allow you to extract data and then import it into other programs. Because the files contain only text, most people don't need to open them.
Microsoft Excel supports Dynamic Data Exchange. This allows you to execute commands that were entered into open spreadsheets, including CSV files.
Hackers are always looking for ways to exploit this feature. They issue commands to inflict malicious code on unaware victims' computers.
BazarBackdoor is a stealthy malware variant created by TrickBot. It can allow remote access to an internal device, which can be used for movement within a network.
The current campaign is centered around emails that pretend to be "Payment Remittance Advice" emails with links to remote sites that download a CSV file with innocuous names like "document-2196t6.csv."
These things can be prevented by being vigilant. Employees should be reminded not to open attachments from unknown sources or email messages.
Employee training and network monitoring is needed to ensure your data remains secure. Contact Integrated Technology Systems if you have any doubts regarding the security of your network.