Facebook-f Twitter Linkedin-in

Small Business

Scam of the Week: Amazon, PayPal, and Gmail Users Targeted in Recent Phishing Attacks

by

The bad guys are at it again. They’re posing as well-known services–such as Gmail, Amazon, and Paypal–so they can bait you into giving up your personal and financial information.

The phishing attack starts off with a common tactic: You receive an email claiming that you need to verify your account. The scammers send their emails from an active domain, which makes it look more legitimate and makes it easier for them to bypass email security filters. Once you click the button or link in the email, you’re stepped through several stages of the attack. You’re first brought to a website that is only used to redirect you to a second page. This helps the hackers get past email filters. From the second page, you’re asked to verify that you’re not a robot. Once this fake site has confirmed you’re not a robot, the real danger begins. On the final phishing page, you’re asked to fill in fields with your account credentials, credit card details, and other sensitive information. Nothing happens when you click the button to submit your information, but all of your data has already been sent directly to the attacker’s email address.

Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information. Even if the sender’s email address appears to be from a well-known organization, the email address could be spoofed.


Stop, Look, and Think. Don’t be fooled.

Scam of the Week: Yahoo Data Breach Settlement Phishing Attacks

by

From 2012 through 2016, several hackers got into Yahoo email systems and stole billions of personal records. Recently, there’s been news of Yahoo reaching a settlement on the class action lawsuit created for these events. Yahoo must offer two years of free credit-monitoring services or $100 to anyone who had an account stolen during the hacks.
Watch out! The bad guys are taking advantage of this situation by tricking you into filing a Yahoo claim to get your $100 payment. They’re sending phishing emails that look like they come from Yahoo. When you click on their phishing links, you wind up on a website that appears to be for Yahoo’s class action lawsuit. Don’t fall for it! The website will steal your personal information instead.


If your Yahoo account was compromised and you want to claim your rights to this settlement, be certain you’re using an official resource. To submit your claim, visit https://yahoodatabreachsettlement.com.


Stop, Look, and Think. Don’t be fooled.

Scam of the Week: Amazon Phishing Scam in Progress

by

The bad guys are targeting Amazon customers and tricking them into giving up their account login details, personal information, and even their financial information. They’re sending phishing emails that tell you to update your account information within twenty-four hours or your account will be permanently disabled. Don’t fall for this warning! Cybercriminals are counting on your impulsive reaction.
Once you click the “Update Now” button in the phishing email, you’re taken to a realistic-looking Amazon login page. After you’ve entered your credentials, another form is displayed for you to “update” your name, phone number, date of birth, and address. Then, you have to provide your credit card and bank account details.
After you’ve given up all of this sensitive data, the phishing site tells you your account has been recovered and that you’ll be logged out automatically. You’re then redirected to the real Amazon website without having any idea of what actually happened.

Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information presented. Also, be careful with emails that are seemingly urgent. The bad guys often use a ‘sense of urgency’ to pressure you into clicking as an impulsive response.

Stop, Look, and Think. Don’t be fooled.

Scam of the Week: Watch Out for Fake Video Scams

by

Heads up, they’re back at it! The bad guys are using social media messaging platforms and emails to send dangerous phishing links that are disguised as a link to a video. The scammers provoke you into clicking by asking “Is this you in the video???”. Don’t fall for this! They are counting on an impulsive emotional reaction. It’s important to note that these attacks almost never actually involve a video; they’re only creating a reason for you to click the malicious link.

Be wary of these types of messages and any unexpected links, even if it appears to be from someone you know. Cybercriminals often hack social media accounts so they can send these same messages to everyone connected to the stolen account.

Always remember: Never click on a link that you weren’t expecting. Even if the message appears to be from someone you know, pick up the phone to verify.


Stop, Look, and Think. Don’t be fooled.

The Necessity of Dark Web Monitoring

by

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

Scam of the Week: Phishing for Instagram Passwords

by

If you’re one of Instagram’s one billion account holders, then stay on high alert for the latest phishing scam targeted towards the social media platform’s users.

The bad guys start the attack by sending an email claiming that someone has attempted to log in to your account. The email is convincing with its simple message and familiar design–complete with an Instagram logo and icon. The email message includes a “sign in” link and a “secure code” to confirm your identity.

When you click the sign in link, you’re brought to a completely fake, but extremely realistic-looking Instagram login page. The web address of the login page is the only noticeable red flag. The web address does not include “instagram.com”, and the URL ends with “.CF” instead.

Remember the following to avoid scams like this:

  • Whenever you’re providing login credentials, be certain you’re on the real login page.
  • Pay attention to the web address and be sure the proper domain is included in the URL.
  • When you get an email from an online service that you use, always log in to your account through your browser to check the validity of the message–not through links in the email.


Stop, Look, and Think. Don’t be fooled.