27 Jan 2021
Keeping an eye on cyber news and threats
Convincing NHS COVID-19 vaccine phishing campaign hitting inboxes
There is an ongoing phishing campaign taking advantage of the COVID-19 vaccines once again, this time it appears to be coming from the NHS, and convincingly so.
The email is from ‘firstname.lastname@example.org’ which appears genuine (the real NHS domain is nhs.uk) and asks the recipient to accept or decline a vaccination invitation.
The image on the right shows the format of the email, which includes two links to accept or decline, both directing to the same fake NHS website where it asks for details including name, address, phone number, mothers maiden name, credit card details and bank account information.
The NHS sent out this tweet in response:
As always, think before you click. The NHS will not ask for banking or card details, and you don’t need to apply for the vaccine.
New push notification adware growing in size
A new type of adware (malicious advertising software) has been discovered by leading cybersecurity company Indelible, that uses push notifications in your browser.
The adware manifests itself within the browser when users click ‘allow’ in the ‘allow notifications’ pop-up box when browsing certain websites. Once the user has allowed notifications a service installs itself into the browser which then spams pop-up adverts using the browsers push notifications and interacts with domains linked with activity tracking.
My advice is never allow notifications from sites you don’t know, and steer clear of ‘free content’ websites - they are an easy way to get people to download malware.
Malwarebytes also hacked by same group behind Solarwinds breach
The list of companies affected by this hack continues to grow, with Malwarebytes announcing they were also breached.
The attack was separate from the Solarwinds supply chain, however. Malwarebytes stated that they managed to gain access through a dormant email protection product in its Office 365 tenant. It was discovered when suspicious activity was spotted coming from the Office 365 security app by the Microsoft Security Response Centre.
After investigating the breach, they found only a limited amount of internal company emails had been accessed, and none of the Malwarebytes products are affected.
This week’s top tip – Secure your Wi-Fi
It’s fairly easy to hack into a router these days, particularly if it has just been plugged in and left with the default settings. Hackers will take advantage of a vulnerable router and could deny you access to your own internet connection, or even use your internet connection for illegal purposes. In this week’s top tip, I’ll go through three simple steps to help secure your Wi-Fi.
1. Change the SSID – This is the name of your Wi-Fi. Leaving it set as the default name helps hackers identify which make and model your router is. Using this they can find out the default credentials for that router on the internet.
2. Change the admin credentials on your router – These are the details used to log in to the settings on your router, and the defaults are easily available on the internet. A hacker can use these details to log in to your router and make changes, including changing the Wi-Fi password or disabling it completely.
3. Change the default Wi-Fi password – Again ISPs and router manufacturers use similar formats with their default Wi-Fi passwords that can be cracked. Change your default password remembering the advice for creating a strong password (three random words or a phrase you can remember, numbers and special characters). If it’s easier to remember, it will also save you checking the router every time you need to enter it again.
To make these changes, go into a web browser and type your routers IP address which you can find in the manual (it’s usually 192.168.1.1) and log in. If you haven’t already changed the username and password, you can find these in the manual, or Google the make and model. Once logged in you can make all the above changes there.
That’s all for now, see you next week.