New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
HEALTHCARE.GOV PORTAL BREACHED
A portal intended for agents and brokers to complete applications for healthcare coverage was breached and user data taken, announced October 19th. While no consumer data has been used maliciously that we know of yet, the personal information of about 75,000 people was accessed.
The Centers for Medicare and Medicaid Services who manage the portal stated in a press release that "the agent and broker accounts that were associated with the anomalous activity were deactivated, and - out of an abundance of caution - the Direct Enrollment pathway for agents and brokers was disabled". The agency also notified the FBI.
What to do: There isn't much to be done yet on the user end, unfortunately. The CMS is working to contain the breach and work with law enforcement. They will be notifying those affected, so keep an eye out and take advantage of credit monitoring services if needed.
APPLE PHISHING SCAMS
There are two new scams making the rounds targeted to Apple users. One comes in the form of an email stating there was a recent purchase made associated with your Apple ID. The fake email asks you to open an attachment to cancel the purchase, which the attackers will use to steal your personal/financial information. At first glance the email seems genuine, but giveaways include spelling and grammar errors, a fake Apple sender address, it is generic in nature and doesn't include your information, and it asks you to open an attachment.
The second scam is similar, claiming that you purchased a year of Spotify Premium. It includes a link to "review your subscription", where you're taken to a page with a fake Apple ID login area. Logging in on that page will send the hackers your information.
What to do: If you receive an email for something you know you did not purchase, think before you click on anything! These are common scams that hope to alarm you and keep you from using your good judgement. When it doubt, log into the service in question from the website itself, not through clicking a link in an email. Or call the company directly as they are usually aware of these scams.
CRYPTOJACKING MALWARE IN FAKE ADOBE FLASH UPDATE
Cryptojacking consists of using a computer's processing power to mine for cryptocurrency such as bitcoin. In the form of malware, users are unaware this is happening and the funds are sent to the malware's creator. This can cause issues with the victim's computer and cause it to run poorly as their computer's power is hijacked for this purpose.
This malware is installed on your computer under the guide of an Adobe Flash update. It's extra sneaky as the malware will actually update your Flash while it installs the malware!
What to do: Beware of any website popups! If you get a notification that Adobe Flash, Java, or any software needs to be updated, we recommend downloading it from the manufacturer's website directly. Better safe than sorry!
FORTNITE CHEATERS TARGETED WITH MALWARE
Fortnite is one of the most popular video games currently, and its popularity makes it a prime target for scammers.
Various scams are promising free in-game currency or cheats. Some take users in an endless loop of ads and surveys without ever delivering on their promises.
One scam led users to a fake cheat program that, once installed, bundled information about their browsing history, bitcoin wallets, and Steam sessions and sent it to a server in Russia.
Yet more scams promised to send cheats to users for $80 in bitcoin.
These are only the latest in a massive wave of malware and scams targeting Fortnite players.
What to do: Obviously, don't try to cheat at Fortnite! Don't believe anyone claiming to allow you to cheat or gain in-game rewards. Only purchase items for the game from its publisher and reputable sources. This game is especially popular with kids and teens - so parents warn your children about these scams and to always check with you before making a game purchase.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!