Avanan researchers have warned that threat actors could send a phishing email through Microsoft’s Dynamics 365 Customer Voice CRM tool. This could be done by disguising it as an important voicemail from the customer where the “Play Voicemail” button redirects the victims to a phishing landing page. The advice to users is to look carefully at all URLs, even when they are not in an email body.
Tag Archives: security
Security Stop-Press : Beware Malicious WhatsApp Lookalike Apps
Kaspersky has warned users about the dangers of malicious WhatsApp knockoff apps YoWhatsApp and WhatsApp Plus. Although both appear to offer the same functionalities as the real WhatsApp, they are reported to be able to download the Triada Trojan to smartphones, and steal legitimate WhatsApp’s access keys, thereby giving attackers access to the user’s real WhatsApp account.
The advice is not to visit suspicious websites, and not to use unofficial clients for messaging apps, or to download hacked versions of programs via torrents.
Security Stop-Press : Google Chrome’s Reported Security Issues
New research by Atlas VPN claims that Google’s Chrome browser has had 303 discovered vulnerabilities this year, and that an unusually high number of cumulative vulnerabilities have been spotted in the browser. The advice is to make sure that your browser is up to date, care is taken if choosing plugins, and to look out for potential phishing emails.
Security Stop-Press : Biggest Cyber Hack In History – Australia’s ‘Optus’
A cyber-attack on Australian telecommunications provider, Optus, may have affected 10 million people, the equivalent of 40% of the country’s population! Customer data reported as stolen in the attack includes names, dates of birth, home addresses, phone, and email contacts, and even the passport and driving licence numbers of around 2.8 million people!
Following the attack, a ransom request of $1m (A$1.5m / £938,000) in cryptocurrency was made to Optus. The advice to those Australian customers affected has been to look out for signs of identity theft and for any opportunistic scammers looking to exploit the confusion in the aftermath. It is thought that the hack could lead to lead to European-style privacy laws being introduced in Australia.
Security Stop-Press : Beware Energy Bills Scam
Energy regulator Ofgem is warning consumers to beware of scam email messages claiming to offer discounts on energy bills. The phishing scam messages invite recipients to apply for the £400 “non-repayable discount” by following a link to a fake Ofgem phishing website to provide personal details and set up a direct debit to receive the money.
The advice is to be vigilant, avoid clicking on links or downloading attachments from suspicious emails, and to report any such emails to Action Fraud and forward them to The National Cyber Security Centre at report@phishing.gov.uk.
Security Stop-Press : Plex Warns Users To Reset Password After Suspected Hack
Home media streaming service Plex has warned users to reset their passwords following a suspected hack that could affect up to up to half of its 30 million users. Plex has apologised and said that it has discovered how the threat actor accessed the system and is tightening security to prevent future incidents. This story is a reminder to regularly update passwords, not to share passwords, and to make use of other extra layers of security around passwords such as 2FA. In other worrying password-related news, password management platform LastPass has confirmed that it too has been compromised, although it insists that passwords, encrypted password vaults, and other sensitive data are safe.
Security Stop-Press : New Trend : Multiple Ransomware Gangs Attacking Victims In Short Space Of Time
A security company task force Sophos X-Ops has reported to Black Hat USA 2022 in Las Vegas that ransomware gangs are competing for resources, leading to a trend of victims being attacked by multiple gangs over a short space of time. It even suggested that collaboration between ransomware gangs is possible. The advice to businesses is to patch early and often, monitor cyber security news and respond to alerts, practice segmentation and zero trust and used layered protection, use strong passwords and MFA, and take inventories of all assets and accounts.
Security Stop-Press : Russian Hackers Using Dropbox and Google Drive To Target Victims
Threat hunters at Palo Alto Networks’ Unit 42 have warned that a Russia-based hacking group known as Cozy Bear, Nobelium, APT29 and Cloaked Ursa, are using trusted, legitimate cloud services such Dropbox and Google Drive in their attacks. For example, the group’s recent attacks on some western diplomats use a pdf to call out to cloud storage services to retrieve malicious malware and Dynamic Link Libraries (DLLs). The advice to businesses is to review their email policies. Dropbox is reported to be working on the issue with industry partners and researchers.
Security Stop-Press : Child-Monitoring Android App Eavesdropping Risk
Cybernews researchers have warned that many popular child-monitoring Android mobile apps may also be leaking the parents’ data to potentially malicious third parties via the third-party trackers in the apps. The researchers have also warned that the insecurely implemented Secure Sockets Layer (SSL) certificate handling and open-source code in some of these apps could leave them vulnerable to man-in-the-middle attacks. The advice is for parents to either research these apps fully online before choosing one, or consider the merits of focusing more on teaching children how to recognise online threats e.g., grooming, and how to spot and avoid dangerous websites.
Featured Article: How Can You Protect Yourself From ‘Identity Theft’?
With identity theft and the resulting identity fraud becoming more widespread, we look at how to spot the signs that you may be a victim, the effects on victims, plus how to reduce the risk of having your identity stolen and used for fraud.
What Are Identity Theft and Identity Fraud?
Identity theft is when personal details of a living or deceased person are stolen e.g., name, date of birth, current or previous addresses, with the intention to commit identity fraud.
Identity fraud is when those stolen details are used to commit fraud, i.e. to obtain goods or services by deception. ID fraud may also take the form of a money laundering scheme, e.g. goods being purchased with the victim’s money, delivered to a person involved in the fraud, and then sold on.
How Big Is The Problem?
There were 226,000 reported cases of identity fraud in the UK in 2021 with the most hit age group for identity fraud being 60+. In fact, 180,000 instances of fraudulent conduct were filed in the first six months of 2021 which was an 11 per cent increase on the previous year.
How Are Personal Details Stolen?
There is a variety of ways in which identity details are stolen, with the main ones including:
– Common theft, e.g. having personal possessions stolen from pockets, bags, a property, or via snatching incidents, thereby giving criminals access to different forms of your ID.
– Cold calling / Vishing. This involves fraudsters making phone calls, pretending to be a legitimate business, then trying to extract personal details and other financial information during the call.
– Hacking. This could be criminals hacking into a computer or phone to steal details.
– Phishing. Fraudsters often send emails, SMS (smishing), or instant messages that are made to look as though they’ve been sent by trusted companies. These contain a link which goes to a fake website designed to steal details, or an attachment which downloads malware onto the victim’s computer.
– Malware, including keylogging programs, downloaded by emails or on compromised or bogus websites.
– Data breaches, e.g. directly from a data breach, or details purchased from criminal forums on the dark web, and/or shared from other data breaches, or in private exchanges between rogue employees and their handlers or associates.
– From intercepted or stolen statements, e.g. bank statements and other personal correspondence, or personal paperwork recovered from bins.
– From over-sharing on social media.
– Shoulder surfing while paying for goods or at an ATM.
– From card details saved in websites.
How To Tell If Your Identity Has Been Stolen And Used For Fraud
There are several signs to look out for that could indicate that your identity has been stolen (and perhaps used for fraud) or that you may become a victim of identity theft. These include:
– If you have had important documents stolen, e.g. a passport or driving licence, or bank or utility bills and statements don’t arrive as they normally should.
– Unexplained items / purchases appear on bank or credit card statements.
– If an application for state benefits is made but you are informed you are already claiming.
– Bills or receipts for goods or services arrive that you have not asked for or used.
– Your credit rating suddenly goes down, signalled by a refusal of financial services, credit cards, or loans.
– Letters arrive from solicitors or debt collectors for debts that aren’t yours.
The Effects of ID Theft and ID Fraud
The effects of ID fraud resulting from ID theft can last months or years, and can include:
– Psychological and emotional effects leading to anxiety, a feeling of violation, disturbed sleep, a sense of powerlessness, grief, and possibly even suicidal feelings from the crime itself and from the financial worries that it may have caused.
– Financial difficulties, which may lead to the need to borrow money (from family or banks and payday loans or credit cards), which could lead to deeper financial difficulties.
– Symptoms of physical illness, e.g. high blood pressure, heart palpitations, fatigue, muscle aches, and more.
Recovering From ID Theft And Fraud
Recovering from ID theft and fraud can involve:
– Contacting banks, credit card companies, the police, and Action Fraud as soon as the fraud is discovered. As soon as credit card companies are informed, it can take as little as just one month to recover the stolen credit.
– The need to provide proof to dispute fraudulent bank accounts, loans, and other identity theft. This can involve tracing and detailing your steps at the time of the fraud, e.g. using Google Maps, your calendar, phone, and email records, and more. This can sometimes take months or even years.
– The need to make a list of all banks, loan companies, credit cards, online stores used, and PayPal accounts to check and study them all for any anomalies, both for the time of the fraud itself and going forward.
– The need to incur more costs by taking legal advice and help from a professional who is knowledgeable about (or who specialises in) matters of ID theft and ID fraud.
How To Prevent ID Theft and ID Fraud
Prevention is better than cure and there are several steps that can be taken to reduce the risk of falling victim to ID theft and fraud. These include:
– Avoid over-sharing or sharing very personal details on social media and avoid social media quizzes that could reveal personal details. Check social media privacy settings to ensure that only trusted people can view your personal posts and be on the lookout for unusual friend requests or messages.
– Be wary of any phishing attempts. For example, don’t click on unsolicited or suspicious emails (or SMS or messages), or click on or download any attachments in them, or click on any links in them (which could lead to phishing sites or malware downloads). Also, be wary of ‘vishing’ phone calls and avoid giving any personal details or account details to people who have called you. If in doubt, ditch the call and phone back on what you know to be the legitimate phone number.
– Regularly check bank and credit card activity and statements for any unusual activity.
– Regularly change passwords and keep all antivirus up to date as well as patching, and security updates. Also, make sure all devices, including the phone, have locking set up, security verification, and trusted anti-virus on them.
– Immediately report any missing statements or personal documents that were expected yet have not arrived plud avoid putting personal documents out with the rubbish, shred them instead.
– Be careful and vigilant at ATMs or other places where ‘shoulder surfing’ could take place.
– Immediately report any theft of personal property that could have ID information, any lost or stolen cards, or similar.
– If moving house, ensure that the new address is given for all personal letters or that a forwarding service (e.g. with Royal Mail) is set up.
What Does This Mean For Your Business?
Identity theft and ID fraud can happen to anyone because they are a significant and growing problem; there has been a significant increase since 2021. The best protection is taking a ‘less is more’ approach about personal details shared, regular checking of accounts and changing of passwords (and not password sharing), and generally being aware of threats like phishing, vishing, and smishing. Getting into good habits such as shredding documents with personal details and quickly reporting anything out of the ordinary could also help reduce the risks that we all face from increasingly bold and inventive criminals using more technically advanced methods.