Welcome to the final edition of Cyber Insights for the year. This month we highlight a current scam targeting Instagram influencers and their followers, the latest breaches to hit the news and lastly some tips to help keep you safe when scanning QR codes.
An elaborate new Bitcoin scam targets Instagram influencers and their followers. In this scam, cybercriminals send an influencer a phishing link that takes them to a fake Instagram login page. If the influencer tries to log in to their account, their login credentials are sent directly to the cybercriminals. Once the cybercriminals have access to the account, they can change the password and prevent the influencer from logging in.
Then, the cybercriminals offer to release control of the influencer’s account if the influencer creates a very specific video. In the video, the influencer must say they invested a small amount of money into Bitcoin and gained a huge payout. They must also tag and thank the Instagram account that belongs to their “friend” who helped them invest. Of course, this “friend” is actually the cybercriminal holding their account hostage. Once the video is created, the cybercriminals post it to the influencer’s Instagram page for all their followers to see. The end goal is for these loyal followers to send bitcoins to the cybercriminals under the assumption that they will be making an investment, just like the influencer did.
Here are some tips to stay safe from similar influencer scams:
- Hijacking a social media account is an easy way for cybercriminals to spread disinformation or scam several people at once. Don’t trust everything you see on social media, and be sure to report any suspicious activity.
- To the general public, Bitcoin and other cryptocurrencies are still very new and complex. Before you buy coins, learn more about cryptocurrency from well-known and trusted sources.
- Never trust a get-rich-quick scheme. If something seems too good to be true, it probably is.
Risk to business: SEVERE
CS Energy confirmed it experienced a ransomware attack on November 27. The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.
What Is a QR Code?
With signing in to most venues in Australia most people know what a QR code is, however they can be used for other things. A QR code (Quick Response code) is an interactive link that you can scan with your smartphone. The link could take you to a website, start a file download, or open an app on your phone to take an action, like adding an event to your calendar. QR codes are fun, easy, and alluring because they can be placed on anything from business cards to a bag of chips.
How Can Cybercriminals Use QR Codes?
Unfortunately, since a QR code is nothing more than a fancy-looking link, cybercriminals can use them just like they would use a link in a phishing email. There are many free websites that allow you to create your own QR code that links to anything you choose. This means that the bad guys can create a QR code that links to a malicious website or downloads malware onto your device. Once they have created their malicious QR code, it can be emailed, posted to social media, printed out on flyers, or even made into stickers and placed on top of legitimate QR codes.
Follow these tips to stay safe when scanning QR codes: