ACE and Chubb are now one.
 
 
ACE has acquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now

SSL-Enabled Does Not Mean "Malware Safe"

Cybercriminals are taking advantage of a well-known vulnerability to trick users into downloading malware.

Cybercriminals have spoofed the website of the German Federal Office for Information Security (BSI). The phishing site looks like the official site and is even SSL-enabled, meaning the site looks secure.

The fake domain links users to a ZIP archive that claims to contain a patch for Meltdown and Spectre chip vulnerabilities, but in fact contains malware. When users run the "patch," their computers are infected with Smoke Loader malware.

Smoke Loader malware connects and sends encrypted information to various domains and receives additional payloads.

Fortunately, this phishing website is no longer operational. However, hackers are creating similar fake sites for future scams. Phil Muncaster "Phishers Push Malware Disguised as Meltdown Fix," www.infosecurity-magazine.com (Jan. 15, 2018).


Commentary

Users cannot rely on any one thing like an SSL certificate to protect them from cybercriminals.

Although it is good practice to never send information over a site that is not encrypted, having an SSL certificate is no longer a green light. Information could be encrypted during transit, but still contain malware, or go to criminals who want to steal your personal information.

Before entering any information or downloading anything from a website, scan the site for any signs that it could be fake. Look for misspelled words or poor grammar. Look closely at the web address—not just the lock symbol—and make sure that it is the correct address for the organization. Also, look for low resolution images, as that could be a sign that hackers quickly threw together the site.

It is most important to beware of any request to download information that is not expected.  

If you believe that an email contains a legitimate update, verify it through other online resources or by calling the organization before selecting a link or downloading an attachment.

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.1% in Jan 2018

Payroll Employment

+200,000(p) in Jan 2018

Average Hourly Earnings

+$0.09(p) in Jan 2018

Employment Cost Index (ECI)

+0.6% in 4th Qtr of 2017

Productivity

-0.1% in 4th Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

Games, Porn, And "AdultSwine" Malware

Cybersecurity experts find AdultSwine malware on 60 gaming apps. Learn how to delete an infected app and protect yourself from future malware. Read More

Ann Curry And Gretchen Carlson: How Their Sexual Harassment Charges Show The Demise Of Employer Sexual Harassment Defenses

Jack McCalmon, Esq. examines how sexual harassment charges in 2012 and in 2017 differ and how this affects employer defenses today. Read More

SSL-Enabled Does Not Mean "Malware Safe"

Cybercriminals created a fake, SSL-enabled website to trick users into downloading a "security patch" that actually contained malware. Learn how to spot a phishing site. Read More