PhishBowl

You may have received an email regarding completing a document or reviewing a file. These emails often appear to come from someone you know or a trusted source, but in reality, they may be phishing attempts designed to steal your personal information or compromise your account.

According to CNBC, millions of people have been victimized by Quishing as more and more bad QR codes appear in public places. Quishing refers to QR code phishing, which is scanning an unverified and malicious QR code.

In May 202th, a phishing campaign emerged which impersonated several U.S. state Department of Motor Vehicles (DMVs). The phishing campaign utilized SMS phishing (smishing) and deceptive websites to harvest personal and financial data. Victims may have received text messages regarding unpaid toll violations, and would be redirected to fake DMV websites that would take payment for a fake toll. These cloned websites would request personal information and credit card details to verify a victim's identity. These phishing campaigns have been analyzed to indicate that these attacks are coming from a China-based threat actor. 

The Department of Motor Vehicles has a public notice that Californians are receiving deceptive text messages that appear to come from the DMV. These texts warn that the customer has failed to pay a toll. The DMV will never send a text message to ask for personal or financial information. If one is received, do not open or reply to the message. 

As K-12 education increasingly provides more global learning experiences, schools increasingly send staff and students abroad for cultural exchanges, academic competitions, service trips, and more. While these trips offer incredible educational value, it also exposes the school staff, especially trip leaders and chaperones, to serious digital and data security risks.

FBI Denver Field Office agents have increasingly see a scam that involves a free online document converter tool. These free online document converter tools load malware onto a victim's computer and leads to incidents such as ransomware. 

The common pitches utilized by online scammers trying to get you to panic and click on a link, hand over personal information or money, or download an attachment has become ineffective. Per Kendall McKay, strategic lead for cyber threat intelligence at Cisco's Talos division, says that phishing email subject lines moved from phrases such as "urgent request" or "payment overdue" to terms like "request," "forward" and "report."

Scammers tell all kinds of stories to get you to send money or information. Scammers may impersonate a government agency and say you owe a fine, or may pose as a person you know who needs money for an emergency. A scammer may offer a fake job but say a fee is needed before you get hired.

KnowBe4's Threat Lab recently observed a phishing campaign targeting the educational sector. Over 30 days, 4,361 threats were reported, originating from 40 unique sender domains. 65% of these domains were compromised educational institution IDs. The intent of the attacks was to harvest credentials resulting in potential data loss, compromise, and further phishing emails. 

Bad actors are utilizing text messaging scams to trick victims into believing that they have unpaid tolls and fines.