January 9, 2024

Good morning, everyone!

This week’s critical vulnerabilities: Google Chrome has released its first update of 2024 3CX is warning customers to disable SQL integration due to a security flaw in its programming ESET has released a critical fix for multiple security products Ivanti has released critical security patches for its Avalanche mobile device management product Did your "automatic" updates get installed? Patch All the Things!

A young woman I know recently told me with great enthusiasm that she had applied for a new job, making a ton of money for hardly any work, and all online! As you can imagine, my spidey senses started to tingle, so I asked what kind of work was it? Her reply was "travel agent." Hmmm, okay, so I told her that there were a lot of job scams online, and asked if she wanted me to investigate this job for her? She said sure, and sent me this screen capture of the ad:

Does anything about this look odd to you? The whole thing struck me just a bit off. Daily payroll isn't very commoni, is it? Also, my friend said the job was travel agent but the ad says online assistant. She sent me the URL for the travel company supposedly hiring. It had a popup box requiring you to log in to see anything on the site. Even the menu wouldn't come out without logging in. I'm glad my friend decided not to follow through with the job after responding to the ad.

I had only recently read about the Russian "reshipping service" that was exposed:

Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.

But such restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive stolen goods and relay them to crooks living in the embargoed areas.

Services like SWAT are known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and even cash bonuses. In reality, the crooks in charge almost always stop communicating with drops just before the first payday, usually about a month after the drop ships their first package.

Wow. Crooks just keep getting more clever all the time, don't they? It reminded me of an elaborate ID theft scheme that was going on in 2022, also related to online job offers.

Phishing isn't the only danger on the Internet. Make sure that the young folks in your life understand that job scams abound, and help them develop the skepticism they need to protect themselves. Teach them to ask hard questions, to check references, to ask for opinions from other people.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺