Tuesday, April 5, 2022

At a glance (2 minute read)

  • Cybercriminals are using malware, called Qabkot, to steal log in credentials and hijack email addresses.
  • Stay alert - don't download unexpected attachments or images, and don't click suspicious links, even if they're coming from a trusted source.

Cybercriminals are perpetrating a new scam that members should be aware of. Using the latest version of a malicious software called Qakbot, these criminals are stealing identities and accessing personal information.

This scam uses an infected email address to send legitimate-looking emails to anyone that email address has interacted with.

This makes these phishing emails much harder to spot.

How it works

Cyber criminals will try to install Qakbot on your computer by sending you an email with a link, attachment, or image. These “phishing” emails will typically look like they come from reliable sources, like online stores, social media sites, or delivery companies.

If you click the link, download the attachment, or load the image in the email, it’ll install Qakbot on your device. Once installed, this malware gives hackers a variety of paths to steal your credentials, usually by recording your keystrokes which gives them your email log-in credentials .

From there, they’ll use your email to send malicious emails to your contacts. Sometimes, they send additional Qakbot links to gather more personal information. Other times they use your email to send ransomware, which is software that hijacks the data on a device so the attacker can demand payment to restore access.

Tips to stay safe

Vigilance is the first line of defense against an attack.

  • Think before you click. Phishing relies on you making an impulsive decision. Be suspicious of emails demanding immediate action, and always go directly to a website to perform an action like tracking a package or making a payment – never use the link provided in an email.
  • Don’t download images or attachments on unexpected emails. While attached documents and files from unexpected emails are an obvious threat, images embedded in an email can also be a vector for malware. Most email programs have ways to stop malicious photos – make sure you’re using these features. Outlook, for example, will prevent external images form displaying by default.
  • Verify suspicious emails from contacts. Trust your gut, if you get an email that seems off, even if its from a trusted contact, don’t click any links or attachments. Always verify suspicious requests with the sender using another means of communication, like a phone call.

RELATED ARTICLES

Travelling for the holidays? Plan ahead to access REBGV services
Travelling abroad? Plan ahead to access GVR services

If you're travelling outside of North America, you won't be able to access GVR services like Paragon. (1 minute read)

REBGV upgrades IT infrastructure to improve security and reliability
REBGV upgrades IT infrastructure to improve security and reliability

Learn more about the recent enhancements we've made to our IT infrastructure. (1 minute read)

Check your email for CREA’s link to create an account for their new login

Check your email for an account creation link. (1 minute read)