June 21, 2022

Good morning, everyone!

Google Chrome Desktop version 102.0.5005.115 has been released for Windows,Mac and Linux, with fixes for 7 critical vulnerabilities, four of which are rated high risk. Microsoft stopped supporting most versions of Internet Explorer (IE) as of Wednesday, June 15. Microsoft has released a patch for that nasty Follina zero-day I’ve been writing about Patch All the Things!

Phishing is not just email

In the news last week, "Massive Facebook Messenger phishing operation generates millions":

Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.

The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions.

This seems like a good time to remind people that “phishing” is more than just emails! Literally anything with a link to a website can be used as platform for a phishing attack. Spammy SMS text messages (“smishing”) are on the rise as well. Here are some interesting stats:

• In March 2022, spam texts rose 28% from February 2022 and increased by 1,024% from April 2021
• In 2021, spam texts rose by 58%.
• In 2020, the average number of spam texts received by an individual was 14.7. The average rose 15% in 2021 to 16.9.
• Scam text messages outpaced scam calls in 2021. While there were 72.2 billion scam calls in 2021, there were 87.8 billion scam texts.
• In March 2022, text spam growth outpaced robocall growth. While robocalls rose 20%, text spam rose 30%.
• 38% of individuals received a suspicious text message in 2021.
• A 328% increase in smishing attempts was tracked in the third quarter of 2020 as the move to work from home pushed more people onto their phones.
• The Federal Communications Commission saw a nearly 146% increase in the number of complaints about unwanted text messages in 2020.

Communications platforms like Telegram, Signal and WhatsApp have been used for phishing attacks for several years. Now, thanks to COVID and telework, the use of online collaboration tools like Slack and Discord has increased dramatically, and the bad guys started taking advantage by posting documents with malware embedded and posting links to infected websites.

Remember, Think Before You Click! Do I need this? Do I trust this? Should I risk this? Is there another way to get this information?

Be safe this week! (and always 😉)

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺