Urgent Alert for Businesses Using Gmail

scam alertAn Attempt to Capture Credentials

If you receive an email with the subject “VALIDATION Required for” with a “Continue with Verification” link that redirects you to what appears to be a Google Sign In page, do not click on the embedded link or enter your information.

A member of our team recently received a phishing email appearing to be from Google, requesting verification.


This is an attempt to harvest log in credentials.  Take note of the “From” line in the phishing email.  Both Google and gmail in the email address are spelled incorrectly.  The salutation is from “The Adrnin tearn” instead of “The Admin Team.”

Noticing these small details can be helpful in spotting phishing emails and avoiding being scammed.

Please share this alert with your business colleagues that you think could be affected. If you are unsure of how this email phishing tactic pertains to your company, feel free to contact us to receive more information.

New Android Malware Alert

Two New Kinds of Android Malware: SlemBunk and Marcher

May 2016android-antivirus

ITDATA’s cybersecurity partner, Layer 8 Security, has an on-going relationship with local and federal law enforcement. We receive bulletins from the FBI on a continuous basis. We are sending this alert because it is important to us that your company stays informed on the latest cybersecurity updates to keep you and your business protected. If you have questions or concerns regarding this alert please contact us at sales@itdata.com.

The FBI has identified two new kinds of Android Malware; SlemBunk and Marcher -designed to target US financial institution customers. These two bugs are phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. It defeats two factor authentication by its ability to monitor SMS (Short Message Service) messages. This also obscures the cell phone as the source of the infection. The Slembunk malware infects social media phone apps as well as instant messaging apps, using the same fake login overlay to collect data.

The malware is downloaded to the phone in one of the following ways: 

  • SMS or MMS phishing, with messages requesting the user to install malicious Adobe Flash Player software
  • Malvertisements or pop-ups from an adult website prompting the user to download malicious Adobe Flash update
  • Mobile applications downloaded from third-party vendor sites
  • Phishing emails

For further details regarding this alert and recommended cyber hygiene protocol to avoid infection please see our blog, Savvy New Android Malware – Buyer Beware.

For more information about avoiding malware and system security, Contact ITDATA today.

Security Insights: Speeding Ticket Spear Phishing

Security Insights: Speeding Ticket Spear Phishing

Spear Phishing Alert – Wednesday, May 4, 2016fake-speeding-ticket-email

There is a new local email scam: fake speeding tickets. The spear phishing email appears to be a speeding ticket. Several people in Tredyffrin Township have received emails which appear to be from their local police department. The emails contained accurate driving information: date and time, speed, license number and street address. Even more shocking, the drivers were actually speeding on the dates and times listed in the emails, which demands payment through an attached link. There is no apparatus for payment, instead the link downloads malware onto the user’s computer.

Authorities suspect the accurate information is being obtained through a traffic app which tracks a smart phone’s GPS data. It is believed the hacker was able to exploit a security flaw but it is still unclear exactly how the app is able to access this data.

The Tredyffrin Police Department warns that “citations are never emailed or sent in the form of an email attachment.” Scam Alert Speeding Ticket Email Scam – Tredyffrin Police Department

Please contact ITDATA to discuss ways to help your team avoid downloading malware, ransomware or other malicious software that can negatively impact your technology.

Related Links

A New Scam Sends Fake Traffic Tickets to Speeding Drivers – Yahoo Finance

New Tech Support Scam

Social Engineering Alert – A Call Regarding Hacked Email Account, April 2016

Scam Computer Keys Showing Swindles And Fraud

The Federal Trade Commission’s Division of Consumer and Business Education is warning consumers of a new tech support scam. The FTC has received reports of individuals getting calls from someone claiming to be from Global Privacy Enforcement Network – a legitimate organization known to work with various governments. The caller informs you that your email account has been hacked and is sending fraudulent emails. They threaten to take legal action, unless you allow them remote access to your computer in order to fix the problem immediately.
If the caller raises questions, the scammers have been known to increase pressure and give FTC’s staff numbers for further authentication.

  • The FTC advises that you keep the following points in mind when receiving a tech support call:
  • Don’t give control of your computer to anyone who calls offering to “fix” your computer.
  • Never give out or confirm your financial or sensitive information to anyone who contacts you.
  • Getting pressure to act immediately? That’s a sure sign of a scam. Hang up.

If you have concerns, contact your security software company directly. Use contact information you know is right, not what the caller gives you.

For further details regarding tech support scams and government imposter scams please visit the Federal Trade Commission website or contact us Contact ITDATA today.

Phishing Alert – March 2016

Phishing Scheme Concerning Payroll and HR Officials Involving W-2semail spoofing

Our security partner, Layer 8 Security, has an on-going relationship with local and federal law enforcement. They receive intelligence and bulletins from the FBI and other sources on a monthly basis. In some cases, dissemination is limited; however, in this case a wide dissemination is allowed. We are posting this phishing alert to keep you and your company safe.

The Internal Revenue Service issued a phishing alert to payroll and human resources professionals to be cautious of a coordinated phishing attack that imitates company executives and requests employees’ personal information. Thieves are seeking forms like the W-2 that contain social security numbers and other personal data. These thieves ‘spoof’ an executive’s name as the sender to make the email appear legitimate. Main Line Health recently suffered an attack like this.

If you suspect that you received a phishing email here are some steps to take:

  • Take note of the ‘reply-to’ field to make sure it is genuine
  • Contact the sender by phone or in-person to confirm that he or she actually sent the email
  • Be aware of the company’s chain of command
  • When in doubt, contact IT

The IRS has learned this scheme is part of the surge in phishing emails seen this year. It already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information (PII) to cybercriminals posing as company executives.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.

IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a “spoofing” email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The following are some of the details contained in the e-mails:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
  • “I want you to send me the list of W-2 copy of employees’ wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

The IRS recently renewed a wider consumer phishing alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.

The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.


The IRS, state tax agencies and tax industry are engaged in a public awareness campaign – Taxes. Security. Together. – to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.

Please share this alert with your business colleagues that you think could be affected. If you are unsure of how this notification pertains to your company, feel free to contact us to receive more information.