Tag Archives: phishing. spear-phishing

PTJ 213: Server Loads and Angry Rogues

Another year, another Disney-generated Star Wars movie. And, like last year’s Star Wars: The Force Awakens pre-sales, the demand for advance  Rogue One tickets Monday morning knocked over the Fandango site like an AT-AT tripped up by crafty snowspeeders. But now that you’ve got your tickets, kill some time until the movie with Carrie Fisher’s new book — or catch up the recent tech news with El Kaiser and J.D., along with this week’s discussion of video streams and spam awareness. May the Force be with you!

Links to This Week’s News Stories

Spam Spam Spam

Thanksgiving is gone, Black Friday is over and even Cyber Monday is back there over the horizon. No denying it, the Holiday Season is here. But just as tax season brings a wave of specialized spam and scams, so do “the most wonderful time of the year.” In addition to the usual onslaught from botnets and the like, 2016 has even seen the emergence of so-called artisanal spammers, who target smaller groups of people in hopes of avoiding junk filters.

As always, beware the legit-looking spoofs, like fake order confirmation messages from Amazon or other online retailers asking you to log in from supplied email links. It’s a big problem and Amazon even has a guide to identifying bogus messages, dealing with them and reporting them. If you have any doubt, skip the message and log into your account directly on the retailer’s website. If you get mail about you didn’t order, check your order-history page to make sure nothing got charged to your card – or that you didn’t forget you ordered something in the first place.

Watch out for the messages with the fake invoice, fax, or other attachments sent to your inbox. If the subject matter seems unfamiliar (but the sender is not), call or text to confirm the situation. Otherwise, you’ve just opened that attachment and loaded malware or ransomware into your computer. Fake breaking news alerts are another delivery mechanism.

Be on guard for new types of spam. Junk mail sent in the form of iOS calendar invitations or iCloud Photo Library photo-sharing invites has increased lately. These messages can be tricky because you usually only have the option to Accept, Decline or reply Maybe to the invite — all of which sends a notification to the spammer that you have a good, working email address.

Apple is aware of the problem and is starting to block invites from identified spam merchants. In the meantime,  workarounds include turning off the iCloud Photo Sharing invite feature, moving spam invitations to a special iCloud Junk calendar and then deleting it in the iOS calendar app – or adjusting your iCloud settings to have calendar invitations sent instead to your mailbox for easy filtering and deletion.

Scammers never run out of ideas. A new category of fraud called whaling is also on the rise, in which thieves masquerade as senior-level executives asking junior associates to transfer corporate money on their behalf. The FBI noted an upward trend in this type of business scam earlier this year.

So, as we head to the end of the year, keep your junk-mail filters tuned, your computer’s anti-malware software up to date and trust no one.