New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
WORLD CUP AND VACATION SCAMS
The World Cup is a popular event with visitors travelling from around the world to be a part of it. This makes travel and event scams more prevalent. Booking.com has recently been targeted. Scammers are contacting their customers through WhatsApp messages and texts with a phony message prompting them to change their passwords on the site in response to a supposed security breach. The scammers go further by then demanding full payment for the customers' travels and their bank information to process it.
Alaska Airlines is another travel company being impersonated. A Facebook post claiming to be from the airline company tells viewers that they can take part in a survey to get two free Alaska Airlines tickets. This is designed to steal information and of course, you won't receive any free tickets.
"The 2018 FIFA World Cup is about to kick off in Russia, with the soccer tournament once again taking its place as a perennial favorite for scammery. The hat-trick of nefariousness involves dubious messages promoting free tickets to the tournament (and who wouldn’t want an all-expenses paid trip to a match?); emails containing news and highlight reels about World Cup teams and players like Argentinian national star and Barcelona hero Lionel Messi, along with malicious attachments and links; and scams claiming to offer free live streams of the action in return for filling out a survey or installing software." (Threatpost)
"IBM and Check Point each have noted several scams being run that bank on World Cup fans simply clicking through and paying no attention as to whether or not they are legitimate, even though clues indicating they are being targeted for a scam are quite obvious.
IBM's X-Force came across several scams with most telling the recipient that they had won upwards of $1 million and in a few cases, the criminals tied that bit of subterfuge to Coca-Cola, which is an official World Cup sponsor, to help make the offer legitimate. The attack picked up by Check Point uses an infected World Cup app to download PUPs." (SC Magazine)
What to do: Never respond to emails from companies you haven't heard of, done business with, or requested information from. Check the URL of any site that claims to be giving away free items - is it the legitimate company website? Is the promotion advertised on their real website that you visit manually? If an offer seems too good to be true, it probably is!
We also recommend being extremely wary of Facebook promotions. Anyone can make a Facebook ad. Can you verify the promotion is tied to the actual company social media page? Are you being asked to input sensitive information?
To be extra safe, also consider using unique passwords for booking and travel sites. Never use the same password you use for your email, banking, or other websites.
TICKETFLY HACK AND DATA BREACH
In early June, a hacker known as IsHaKdZ took down the Ticketfly website and replaced their homepage with an image of the character V from V for Vendetta and a custom message. The data of approximately 27 million user accounts was stolen and exposed, including user names, phone numbers, addresses, and email addresses. Luckily, no passwords or financial information appears to be leaked. The hacker says he warned Ticketfly of a vulnerability he discovered on their website and requested a ransom of one Bitcoin to fix it, but did not receive a reply from the company. The website was down for multiple days but is now back online.
What to do: While the hacker does not appear to have stolen passwords or financial information, if you've used Ticketfly it's highly recommended to change your account password. So far there have not been any incidents of this data being used maliciously, but stolen data can be sold on the dark web and matched with data from other breaches to impersonate or steal from consumers.
FAKE WANNACRY RANSOMWARE EMAILS
A new email campaign has been noticed making the rounds, attempting to scam people by threatening them with a ransomware attack. The email tells the recipient that their computer has been infected with the WannaCry ransomware, and will be activated by a certain date if the requested Bitcoin ransom hasn't been paid. Luckily this is just a scam. There have been no reports of the ransomware being activated. This seems to be just a scare tactic to frighten people into paying the criminals.
What to do: If you receive one of these emails, it should be safe to just ignore it and/or report it to the FTC. To be extra safe, run a thorough scan using your anti-virus and alert your IT support provider.
MYHERITAGE DATA BREACH
A security researcher discovered a file containing the email addresses of over 92 million users who signed up to MyHeritage up to October 26, 2017 and their hashed passwords on a private server outside of the company. There is no evidence that the data has been used maliciously, and since the passwords are hashed they cannot be used to log into user accounts. Luckily, the actions from MyHeritage once the breach was discovered was a near textbook example of how to properly respond.
"The firm has acted swiftly to set up an incident response team and an independent forensic review and said it will be rolling out 2FA [two factor authentication] to users soon. There’s also a 24/7 security customer support team on hand to answer any questions...
Commentators were broadly sympathetic to MyHeritage, claiming it did most of the security basics right.
'This breach of MyHeritage seems to be the rare instance in which a company in possession of sensitive data adhered to some of the best practices in password posture by not storing them in plain text but as one-way hashes,' said Balbix CEO, Gaurav Banga. It’s unfortunate that user email addresses were exposed, but by partitioning servers, using third parties for payment processing and encrypting passwords, MyHeritage has — at least so far — minimized the damage of this breach.” (Infosecurity Magazine)
What to do: MyHeritage has recommended all users change their passwords to be safe. As MyHeritage implements two factor authentication, you should consider adding it to your account as well.
ADIDAS DATA BREACH
Adidas announced a suspected data breach potentially affecting millions of its US website customers. "The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.
'According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords,' an Adidas spokesperson said.
'Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted,' he added.
The company said it's still investigating the breach with law enforcement and security firms." (Bleeping Computer)
What to do: If you have used Adidas' US website, we recommend changing your password as soon as possible.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!