• HX Weekly
  • Posts
  • The List: Fidelity, American Express, Microsoft, Dropbox

The List: Fidelity, American Express, Microsoft, Dropbox

This week's incidents seem to cover everything tech and finance - since criminals are now using technology to scam money out of us more than ever before. Read the report about malvertizing, etc.

AuthorAuthorAuthor

Daniel Masterson, Ai Courtrie Buson & Bard Gee
March 15, 2024

☝️ TOP STORY

The list continues: American Express, Microsoft, Dropbox, Fidelity

Anonymous computer hacker in white mask and hoodie. Using laptop computer for cyber attack and calling on cellphone. Special photo processing film grain, noise. Subscribe my channel: https://www.youtube.com/@earthzoom | Donation: https://fantalks.io/r/bermixstudio - any amount appreciated 🤘

Gif by lifetimetv on Giphy

If you use any of these company’s products, this is what you can do for Fidelity and American Express (click here), Microsoft (click here) and for Dropbox, maintain a keen eye for phishing and malspam scams.

Meanwhile …
Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA), an office of the Department of Homeland Security.
Perhaps it couldn’t get any more ironic. It only goes to show that we really have to be on the vigilant 100% of the time because it only takes the threat actor to be successful once …

✍️ Noteworthy
couple standing in front of chicago's skyline at night

A rise in malware-as-a-service (MaaS) operators using malicious web advertising (Malvertizing) and search engine optimization (SEO) poisoning to infect victims.

“As well as being creative in their approach, attackers are experimenting with various ways to evade security detection tools, high messages in images, using QR codes, fake invoices – but the all-time favourite is still the humble compromised PDF file.” - Cyber Security Today

BONUS CONTENTS + HOUSEKEEPING
📌 Reminder of the Week

Watch out for tax scams

We are in the middle of tax season. Wherever or whenever a lot of people gathers, you can be sure that threat actors will join the crowd. Here are some useful tips for the season.

IRS Telephone Scams: These phone scams involve fraudsters posing as IRS agents. They will request payment via gift card or wire transfer. Scammers will then threaten the victim with arrest, suspension of a driver's license or deportation if they do not comply. The IRS will never call to demand initial payment using a gift card or wire transfer. 

Pay Day Money GIF by Hello All

Photo by LYCS Architecture on Unsplash

Questions? Contact the IRS directly at (800) 829-1040.

Phishing: Phishing scams increase during tax season, as many crooks will send emails or text messages acting as the IRS, tax software companies or tax preparers. If you do not recognize the email address or phone number, do not reply to the message or click on any attachments. 

Tax Refund Scams: Refund scams are commonly done by mail, as swindlers will send letters with IRS letterhead seeking sensitive information "in relation to an unclaimed refund."

Scammers have perfected their craft to make their scams seem legitimate. If you are questioning a message you received, contact the IRS directly at (800) 829-1040.

Information in this section is from an email newsletter sent by San Diego County Credit Union.

📱TEC TIP ✍️
Use your guts, wisdom and trusted sources when facing AI, deepfakes.

Title for the Editor's Note to talk about this edition.

about this edition and Inside Hexagon

This week, we dropped the “Awareness” section of the newsletter. From the 11th edition (this edition) onward.

And here’s another reminder of the week - malvertizing, vishing and tax season go together like ebony and ivory. So this edition couldn’t be more apt. Think about how else you can use this edition for this coming week.

Here’s another reminder of the week - malvertizing and tax season can go together. So

Glossary/Legend:

  • Breached - Data stolen

  • Hacked - System penetrated

  • Targeted - NIL used

  • NIL - Name, Image and Likeness. Usually the use of NIL for nefarious purposes.

  • Vishing - Phishing by calls.

  • Phishing - Sending fraudulent emails to trick someone into releasing sensitive data, permissions or funds.

  • Malspam - The delivery of malware via email.

  • Malvertising - Buying malicious search ads.

  • Ransomware - Malicious software (or malware) that locks your computer or system until money or a prize is paid.

  • search engine optimization (SEO) - the curating of a website to make it show up prominently in search engine results.

  • Deepfake - A synthetic media that has been manipulated to replace one person's likeness with another. Deepfakes are created by a special type of machine learning called "deep" learning. They can be videos, photos, or audio recordings that appear real but have been manipulated with AI.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
in the process of attaining 501(C)(3) status.

DISCLAIMER

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments.

Reply

or to participate.