Faith-Based Daily Awareness Post 15 November 2024

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Evaluating and Responding to Violent Extremist Hoax Threats

The Office of the Director of National Intelligence (ODNI) | JCAT First Responder’s Toolbox recently published the two-page Evaluating and Responding to Violent Extremist Hoax Threats.

The two pager provides a definition, example, and potential mitigation for the following threats:

• SWATTING
• FEDPOSTING
• FEARMONGERING
• DOXING

Links to resources are provided for the following:

• PLANNING AND TRAINING
• REPORTING AND EVALUATING
• RESPONSE AND INVESTIGATION
• COLLABORATION AND OUTREACH

Analyst Comments:

Those responsible for protecting Faith-Based Organizations should consider reviewing JCAT First Responder’s Toolbox’s Evaluating and Responding to Violent Extremist Hoax Threats document.

Additional JCAT guidance on other topics can be found here.

Hackers now sending physical malicious letters, Swiss authorities warn

From the cybernews posting:

Cyber bandits have launched a malicious campaign across Switzerland using counterfeit letters that appear to be from MeteoSwiss (the Federal Office of Meteorology and Climatology).

The victims report that the letters contain a QR code asking recipients to download a new “Severe Weather Warning App.”

The fraudulent letter pressures recipients by claiming that the app is mandatory and essential for family safety. It instructs users to scan the included QR code with a smartphone and follow the subsequent instructions to download and install the app,

…

The Swiss National Cyber Security Centre (NCSC) warns that fraudsters are using this method to load malware onto mobile devices. 

Analyst Comments:

While the above malware attempt occurred in Switzerland, it serves as a warning of what could occur in the United States. QR codes are everywhere. Users should consider ensuring the codes are legitimate before scanning them and infecting their smartphone with malware.

The How To Spot a Fake QR Code Scam [9 New Examples] post by Aura provides information on QR code scams.

The Aura post details the following URL code scams:

• QR code scams on parking meters
• Fake QR codes sent in phishing emails
• Tampered QR codes in restaurants
• Fake QR codes sent through the mail
• QR codes on unexpected package deliveries
• QR codes at sham COVID-19 testing centers
• QR codes sent over social media
• Cryptocurrency QR code scams
• Fake QR code scanner apps that download malware

The Aura post details the following protective measures:

• Look for signs of tampering
• Preview the URL before following the QR code
• Check the destination site for signs that it’s a phishing scam

• Be extremely cautious of QR codes in public places or in the mail
• Never download a QR code scanning app
• Install antivirus software and malware protection