New Cybersecurity Threats and How to Protect Yourself: May 2020

New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.

 

FAKE LOGMEIN SECURITY UPDATE EMAILS

LogMeIn security update

Image via HelpNetSecurity

Fake emails claiming to be from LogMeIn are showing up in users’ inboxes. They state that there is an important new update available and the recipient should follow a link within the email to apply the update to their account. Clicking the link leads to a fake login page and would send the credentials entered to the attacker, giving them access to the victim’s account.

Since LogMeIn is the parent company of password manager Lastpass, the attackers would likely also get access to any passwords the user has saved in Lastpass.

What to do: Never follow the links in emails like this, they are very rarely legitimate unless you specifically requested the email (for example if you forgot your password to an account or created a support ticket). By going to your web browser and logging into the service, you’ll be able to see if there are any needed updates or notifications.

 

BANK OF AMERICA PAYCHECK PROTECTION PROGRAM DATA BREACH

BAC: Bank of America (BAC) will drop Merrill Lynch name and ...

Bank of America stated that client information was exposed at the end of April, affecting those who had applied for Paycheck Protection Program (PPP) loans. This information was uploaded to the US Small Business Administration’s online platform, which gave lenders a chance to test submissions before new applications came in. Because of this, other lenders and vendors were able to view the information in these submissions, including details of the business owners.

Data may have included company addresses and tax ID numbers, the owner’s name, address, Social Security number, email addresses, phone number, and citizenship status.

The data that was uploaded to the online test platform was pulled from a range of applicants, so those affected may be spread out over the United States. Bank of America has stated that there was no indication of misuse by lenders and vendors with access to the information, and information was not visible to other businesses applying for loans or the public.

What to do: The information was taken down within one day of this mishap being discovered. While the information wasn’t exposed to malicious actors or the public, it’s still a smart idea to keep an eye on your loan status and financial accounts if you applied. Bank of America is also offering clients affected a free two-year membership in Experian’s identity theft protection program.

 

COVID-19 THEMED MALWARE DISGUISED WITHIN EXCEL SPREADSHEETS

Microsoft email phishing

Image via Microsoft Security Intelligence

Microsoft has warned about a few similar malware campaigns trying to bank on the COVID-19 panic. These attacks come as emails – some claim to be from John Hopkins University, others offer information about COVID testing and services. The attached Excel documents in these emails contain malicious code that will install a remote access tool onto your computer when opened.

The remote access tool, NetSupport Manager, is a legitimate and safe piece of software that is, unfortunately, being used for nefarious purposes. The attackers will be able to use it to take control of infected machines and access their programs and data and plant additional malware.

What to do: Avoid opening random emails you aren’t expecting, and never open attachments unless you’re 100% sure they’re legitimate. Many malicious campaigns use email attachments to distribute malware and viruses. If you have been a victim of this campaign, we recommend running an antivirus/malware scan on your PC, and if you’d like to be extra safe take your computer to a repair center to perform a deep scan and virus removal.

 

MEAL DELIVERY SERVICE HOME CHEF DATA BREACH

Home Chef

Home Chef customer names, email addresses, phone numbers, scrambled passwords, and the last four digits of payment methods were taken in this breach. It was discovered after a seller listed the database of information online on a dark web marketplace.

What to do: Home Chef stated that not all customers were affected and that it would notify those who were. Either way, it’s smart to change your login information for the website and keep an eye on your financial accounts. Criminals may purchase information like this to combine with other breached records and open accounts in your name or try and scam you by knowing your personal information.

 

If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!

Take charge of 2025

IT is no longer a back-office function—it’s a driver of growth and innovation. By tackling this checklist, you can ensure your business is ready to thrive in the face of challenges and opportunities alike.

Ready to transform your IT strategy? Schedule a free consultation with Techvera today.

Techvera icon

Written by Team Techvera

l

May 28, 2020

You May Also Like…

IT Checklist: What Small Businesses Need To Prioritize in 2025

IT Checklist: What Small Businesses Need To Prioritize in 2025

Now is the perfect time to revisit your IT structure, processes, and strategy to ensure your small business operates at its fullest potential. From defending against evolving cyber threats to supporting hybrid teams and boosting productivity, a robust IT strategy is essential to staying ahead in today’s competitive market.

Here’s a refreshed IT checklist to set your business up for success in the year ahead.

Skip to content