Zyston the roundup

April 2, 2020

The Roundup is a bit-sized security newsletter designed to be read during boring meetings while providing you with material to share during your next sales lunch.

Executive Summary

Zyston has noted an increase in cyber attacks in since the COVID-19 outbreak began spreading across the world. Recently, Zyston associates have noted threat actors using text messages to try to trick individuals. Zyston has noted three particular types of attacks; 1) Giveaways, 2) Alerts, and 3) Selling Preventatives/Aides/Cures. It is important to be aware of the threats and ensure that you do not fall victim to them. Read more to read the entire article on Zyston’s site.

What do these messages look like?

We are seeing many types of Coronavirus themed spam being sent within the US. There is a considerable amount of overlap, but in general, there are 3 main types: Giveaways, Alerts, and Selling Preventatives/Aides/Cures.

Giveaways

Spammers use these types of messages to entice the target to signup for something which is being given away. The theme here is they imply this helps the person during the Coronavirus pandemic. A typical example is payday type loans. Emotionally charged messaging based on fear, like “banks may be closing” push the intended target to sign up as soon as possible.

Alerts

These types of messages are designed to make the target think the spammer has public health information of value, and they need to reply with their details. Spammers use these kinds of messages to ‘harvest’ the phone number of people who may be worried about the pandemic, and then follow up with more messages. If the target responds they may not receive any specific information but would then normally start receiving other types of spams, such as Giveaways.

Selling Preventatives/Aides/Cures

These messages attempt to sell something that they state can help with Coronavirus, with the emotional implication that these are needed to keep the person and their family safe. Typical items include masks, survival guides, along with medically unsupported treatments such as CBD oil for Coronavirus.

It’s easy to fall victim to tricks like this, especially in a time when we are starving for information. Be vigilant and remember to stop and double check everything.

Do you lead an organization? Security training and awareness is just as important for security as any piece of technology. Human beings are your most powerful asset, but they also make mistakes. Make sure they are informed on what to look out for! Need help with that? Zyston performs simulated spear-phishing attacks paired with security and awareness training for several of our InfoSec Program as a Service (IPaaS) clients, and during this time we would be happy to offer that as a very affordable standalone offering to help your firm walk through the next several weeks.