What they're up to

Lee este artículo en español

As a start to this month’s series on Cybersecurity, because October is National Cybersecurity Awareness Month, and following the spirit of the STOP.THINK.CONNECT campaign, today I bring you the latest in scams, frauds, phishing, trojans and malware. These are what experts have seen in the past 4 months.

Mobile Banking threat

One of the greatest errors a person can make nowadays is to download apps that don’t

come from their official store (as in the Apple Store or Google Play). There’s a nasty bit of malware making the rounds by the name of Tordow.a and victims are acquiring it by downloading illegal copies of the apps DrugVokrug, Odnoklassniki Pokemon Go, Subway Surf, Telegram and VKontakte, among others. This program detects the presence of mobile banking apps, copies them to mimic them perfectly and then takes their place on the victim’s phone. Then, it waits for the person to access mobile banking, and proceeds to steal the login; the owners of the malware then steal the victim’s money in any way possible through his/her mobile banking system.

Ransomware from Brazil

Arriving to the victim via emails and links on social media, there’s a ransomware (here we

An actual image from the ransomware.

explain what it is) called Trojan-Ransom.Win32.Xpan, which targets small businesses and hospitals, quarantining portions of their data and demanding payment for their rescue. Most of these kidnappings have taken place in Brazil but now they are expanding horizons to other countries. The kidnappers demand 1 Bitcoin (about $611) as ransom.

Brad Pitt is dead

One has to be quite cynical to come up with a press-release lookalike claiming that Brad Pitt has killed himself over his separation from his wife and actress Angelina Jolie to plant a bit of malware. Yet someone has, and it proceeds to steal all sorts of user IDs and passwords from those who make the mistake of clicking on that bit of news.

If you see a notice anywhere that Brad Pitt is dead, don’t fall for it, don’t click! Make a screenshot instead and contact that website’s administrators so they can detect the user who posted it and take care of the matter.

iTunes cards … to pay the IRS?

I have to say these struck me as some of the oddest. There are a series of payment

Seriously?

request/demand emails and text messages, claiming to be from many different sources such as: the IRS collecting a debt, the US government offering disbursement of a large scholarship once a processing fee has been paid, or (last but, by far, the worst) a claim that some person’s grand-kid is in jail and they have to bail them out.

None of these sources would ever, ever request payment using iTunes cards. If you or someone you know has received one of these messages, please have them inform the Federal Trade Commission here.


That call from the IRS

This is not an online fraud but is serious enough for me to want to mention it. If you receive

Collection calls are serious, but
nobody can threaten with jail.

a call or get a message from the IRS informing you that you owe them and they are going to take you to court or arrest you, be aware that this IS a scam. The scam consists in asking you for a payment, under threat, using a prepaid card or bank wire. Always remember that the IRS always send actual letters and you should know that by federal law nobody –not even the government- can make threats about lawsuits or arrests in order to collect a debt. Here’s an infographic on the subject from the FTC.

Help for the Louisiana flood victims

These scams are taking place on social media, via email, text messages and even phone calls. It’s very easy to scam someone using their sympathy for the victims of a recent natural disaster: floods, hurricanes, earthquakes. It’s perfectly laudable to want to help, but the best thing to do in that case is to donate to an organization that you already know. If you receive one of these false donation requests please report it to the FTC. And remember, never open links in these phishing emails, as they likely come with the added gift of malware.

If you want to find out if a non-profit requesting a donation is for real, you can check with the Better Business Bureau here.

The car skin/wrapping scam

The victim receives an email or notification on social media of a “job offer” involving the use

A car with a skin ad.

of their vehicle as outlet for a commercial ad. The victim gets a shrink-wrap skin on their car with an ad in exchange for a few hundred bucks. They are told they are being sent a check and specifications for obtaining the skin from a local provider, and that’s the start of a very well-known scam: the check arrives for a lot more money than what was agreed. The victim is told it was “a mistake”, to please deposit the check, keep his/her “salary” and the cost of the skin and wire the difference back to the company. A week later the check comes back unpaid and the victim is out the money he/she sent via wire.


Please remember that this is a public blog and don’t hesitate to share it with anyone you think could benefit from this. Our intent here to help people by keeping them informed.