KnowBe4 Security Tips - Don't Trust Pop-ups
If you're known to dabble in a little online browsing, odds are you've encountered a pop-up once or twice. There are times when a user may think, "Wow, that's a great deal!" and click on a pop-up. To those users: put down the mouse. Why? That pop-up could be malicious or dangerous.
There used to be a time when malicious pop-ups were only on questionable sites, but those days are gone. Hackers are smart and develop ways to inject malicious malware into pop-ups and online advertisements - even on the most trusted sites.
One of the most common attacks we see occurs when you visit a site and a pop-up appears that says, "Your computer is infected! Download our antivirus now!" If you click on this, a bogus virus scan will start. After the "scan" completes, you'll be asked to pay for a full-version of the software or to call a helpline to connect with a support representative.
Spoiler alert: The software is not real and the fake support representative will take control of your computer to try and "fix" the issue, but end up causing more damage.
How to prevent
Although hackers are smart, you can be smarter. Here are some tips to protect yourself from these types of attacks:
- Avoid clicking on pop-ups.
- Update your operating system regularly
- don't postpone or snooze updates!
- Use web-filtering software to warn you before accessing potentially harmful sites.
Remember, these attacks are only successful if we fall for them. Stay alert and be cautious!
Scam of the Week: Realistic Phishing Attacks Take Advantage of U.S. Tax Season
ALERT: Tax season scams are peaking. So, when you get any emails or phone calls about your taxes or W2 forms, verify whether the person sending the email or making the call is legitimate-whether you know them or not.
Here are some tips to stay safe this tax season:
- Manually type the recipient's email address into the "To" field. NEVER make the mistake of clicking on "reply" and attaching your tax information, because the reply email address might be spoofed.
- Triple-check that the email address you are sending it to is correct.
- If you want to be 100% safe, hand-carry your tax information to your preparer and do the tax return in person with them.
Visit the official IRS website to see more tax scams you should watch out for.
Scam of the Week: Fake Calls from the IRS
With taxes due in the upcoming days, you should be on high alert for fraudulent calls claiming to be from the Internal Revenue Service. These scammers insist that you owe money to the government. Then, they threaten you with loss of your driver's license, arrest, or even deportation. Once they've caught you off guard, they'll insist that you send the money using a prepaid card or wire transfer. Don't do it! Remember:
- The IRS will never require a specific type of payment.
- The IRS will generally mail a bill to any taxpayer who owes taxes, and you will always have the opportunity to question or appeal the amount owed before sending a payment.
- Do not share any type of personal information with anyone you don't know over the phone.
- If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.
Scam of the Week: Bad Guys are Moving to Mobile Phishing for Gift Card Scams
The bad guys are taking advantage of innocent employees by posing as one of your organization's executives or even your CEO. Using methods of urgency and authority, they intimidate you into buying gift cards for "business reasons". This trick has been around for a while, but recently these scammers are taking it one step further and requesting your personal cell number to communicate with you while you do what they ask.
Here's how it works: They send an "urgent" email that looks like it comes from an executive in your organization. They create a sense of urgency by using subject lines such as "QUICK RESPONSE", and they intimidate you by saying: "Give me your personal cell number. I need you to complete a task for me". Once the bad guy has your number they put even more pressure on you to complete the task before you have time to think!
Don't give in and hand these criminals your personal number and your organization's money! Stop and think before you respond:
- Do you recognize the email address? Even if the email appears to be legitimate, question it.
- Do you usually receive requests like this, or is this unusual? Call the executive or your supervisor to validate this request before responding or buying gift cards.
Scam of the Week: Boeing Airplane Crash Email Scam
Warning: There is an email scam going around about the recent Boeing airplane crashes. Be on the lookout for emails in your inbox from someone pretending to be a "private analyst". The subject line could be similar to "Fwd: Airlines plane crash Boeing 737 Max 8", and an attachment will be included in the email. They claim the attached file has leaked data and they warn you to notify your loved ones about other airlines "that will go down soon". Don't fall for scare tactics like this.
Even if attachments make it through email filters at the office or at home it doesn't necessarily mean they're safe. Remember to always be cautious with unknown email attachments, and never open an attachment unless you are expecting it from the sender and you've confirmed that the sender is legitimate.
Scam of the Week: Dangerous Office Attachments Bypassing Email Security
As always, you must be suspicious of all email attachments, because attackers are finding new ways to get around email security filters. The latest attack includes Microsoft Office attachments containing hyperlinks to dangerous websites.
If you unknowingly download one of these attachments and click on a link from within the document, you will be brought to a malicious website that steals your sensitive information. This particular attack is usually carried out with Microsoft Word attachments, but dangerous links are certainly not limited to files with .docx file extensions. This attack could occur with almost any file type.
Always remember the following to prevent this type of attack from happening to you:
• Never open attachments from people you don't know.
• Don't open any attachment unless you have asked for it, or have verified with the sender (through a channel other than email) that it is legitimate.
• Before clicking any link within an email or an email attachment, hover over it to see where it will take you.
Stop, Look, and Think. Don't be fooled.
Watch out for Tech Support Scams
Nowadays, you should be on high alert whenever you're browsing the web. The cyber scammers are counting on you to have an average (or below-average) level of knowledge about cybersecurity threats so they can trick you into downloading malicious applications.
The attack usually goes like this: First, you receive a fake Windows Alert pop-up message claiming "Your PC might be infected" and to "click OK to do a quick 10-second scan".
When you click OK, a very realistic-looking-but very fake-"system scan" runs within your browser. The scan looks almost identical to your antivirus software's real system scans.
Once the "scan" ends, you're told that your PC is indeed infected and that you need to download and install an update to the antivirus software. Don't do it! This "update" is actually an unwanted application that will install onto your computer.
Consider the following to protect yourself from this type of scam:
• Never trust internet pop-ups. They often use scare tactics to get you to call a number for tech support or download an application to "fix" the problem.
• Go to your IT administrator (if at work) or a reputable computer repair company (if at home) if you think something is wrong with your computer.
Be Careful with Online Job Offers
Imagine you're casually scrolling through your LinkedIn newsfeed when you come across an ad for a position that you're perfect for, at a company you'd love to be a part of. Considering you are on a website that knows your job title, industry sector, location, etc., you likely wouldn't think much of it and proceed to find out more information, right? This is what the bad guys are betting on.
Once you respond to the ad and apply for your dream job, they'll have your "would-be employer" respond and schedule a call, sometimes over Skype.
Once the bad guys have you where they want you-in your hopeful bliss of acquiring a new position-they'll ask you to install a program (ApplicationPDF.exe) to "generate your online application". What the program actually does is install malware on your computer.
LinkedIn's reputation for being a professional networking platform inherently causes many of its users to lower their guard when it comes to cybersecurity. Just because an ad is on LinkedIn doesn't mean you can trust it. Remember: Never download any questionable files (in this case ApplcationPDF.exe). If you're interested in a position you find on LinkedIn, navigate to the company's website to see if you can find it listed and apply for the position there.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team
As a reminder, to protect yourself (and your friends and colleagues) from being a victim of spam:
- Never respond to unsolicited email
- Never send your personal information, such as credit card numbers or passwords in response to an email.
- Never click on a URL or web address listed within an email unless it is from a trusted source
- Never sign up with sites that promise to remove you from spam lists
- Delete any email that is obvious spam.
If in doubt about the validity of an email, directly contact the company or person that sent it, or forward the email to
and we will evaluate it.
Some additional information regarding Spam email is available online by following the links below: