Scam of the day – July 17, 2017 – WWE data breach puts millions at risk of identity theft

The World Wrestling Entertainment (WWE) formerly known as the World Wrestling Federation (WWF) until it lost an intellectual property dispute with the World Wide Fund For Nature (WWF), is the popular company that promotes professional wrestling around the globe.  Recently it was disclosed that databases filled with personal information of users of its website were stored in an unprotected server making them accessible to anyone who came upon them.

The good news is that the compromised information did not include credit card information or passwords, which would have posed a tremendous threat of identity theft to the people whose information was stored in the unprotected servers.  However the bad news is that the type of information that was compromised included names, email addresses, ages and other information that could be used to formulate spear phishing emails that could be used to attack the victims of the data breach.

Spear phishing occurs when you receive an email or a text message intended to lure you into clicking on a malware infected link that can be used for purposes of identity theft, ransomware or other sinister purposes. What distinguishes spear phishing from mere phishing is that with spear phishing, the communications to you have been specifically tailored with personal information to trick you into trusting it.

TIPS

One lesson from this data breach is to remember that you are only as secure as the places that have your personal information with the weakest security.  Therefore limit the places to which you provide your personal information as best you can.  In addition, there is no law that requires you to provide accurate and truthful information when going to a website asking for your age or other personal information so you can make up information to provide in order to gain access to a particular website.

Another important lesson is to always be skeptical of any email or text message that you receive that asks you to click on a link.  You can never be sure it is legitimate so never click on a link until you have confirmed that the communication is legitimate.

Finally, remember to keep all of your electronic devices updated with the latest security software recognizing that even the newest updates will not protect you from new zero day defects that have not been seen previously.

Scam of the day – July 14, 2017 – Verizon suffers massive data breach

It was recently disclosed that Verizon had suffered a data breach affecting anywhere from six to fourteen million of its customers.  Included in the compromised information were the names, addresses, email addresses and PINs of Verizon customers who had called Verizon customer support during the past six months.

The data breach occurred when Nice Systems, a third party vendor that handles customer service for Verizon stored the information in a misconfigured cloud storage area that allowed anyone to access it.

The most sensitive of the compromised information are the PINs.  Access to a PIN could allow a hacker to gain access to the Verizon customer’s account.  Additionally, many people use the same PIN for many accounts, which means that their other accounts are also in jeopardy.

TIPS

If you called Verizon customer support during the past six months you should immediately change your PIN and if you use the same PIN for other accounts, you should change those PINs, as well.  Additionally, if you do use the same PIN for multiple accounts, now would be a good time to make all of your PINs unique.

In addition, you should be wary of emails that appear to come from Verizon asking for personal information or requesting that you click on links because the information compromised in the data breach could be used by a hacker to fashion spear phishing emails that attempt to lure you into providing information or clicking on links that can lead to your becoming a victim of identity theft or ransomware extortion.

Scam of the day – June 29, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-177

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Breaking news story – June 27, 2017 – Much of the world hit by another massive ransomware attack.

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports are rapidly surfacing of another massive ransomware attack involving, Russia, Ukraine, Spain, France, India and the UK similar to the attack of only a few weeks ago that used the WannaCry malware.  The new malware, which appears to be a variation of the Petya malware is being called GoldenEye and it is demanding bitcoin ransoms from banks, government agencies and companies in the attacked countries.  The malware appears to exploit the same Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the GoldenEye ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

I will update you as further developments occur.

Scam of the day – June 26, 2017 – Despite receiving ransom, hackers leaked “Orange is the New Black”

I first reported to you in May first’s Scam of the day of the hacking of Larson Studios by the hacking group thedarkoverlord, which demanded a ransom or else they threatened to release the latest season of the Netflix series “Orange is the New Black.”  Larson Studios is a post-production company that works on many Hollywood movies and television shows. Now in an interview with Variety Magazine, Larson Studio’s Vice President, Jill Larson is saying that Larson Studios paid the demanded 50 Bitcoin ransom, but that thedarkoverlord released the fifth season of “Orange is the New Black” regardless, indicating that it did so because Larson Studios had violated their agreement by contacting the FBI.

Thedarkoverlord has performed a number of other ransomware attacks including one in which it hacked a small Indiana charity from which it demanded a ransomware of 50 bitcoins that the charity refused to pay and consequently had its data destroyed.

TIPS

This story points out the fact that even if you pay a ransom, there are no guarantee that the cybercriminals will honor their bargain.   A recent study done by Spiceworks found that of small to medium businesses who paid a ransom after being hacked with ransomware, 45% did not get their data restored.

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Ransomware continues to be a growing threat to individuals, large and small companies as well as government agencies, all of which have been targeted by ransomware.  Ransomware malware is readily available for unsophisticated cybercriminals to purchase on the Dark Web. While in the past, the typical manner in which it has been used was to encrypt the data of the target and refuse to release the data back to the victim unless a ransom was paid, the scam has evolved to also include threats of making stolen data public as was done in this instance.

Some older strains of ransomware can be defeated through software that can recover data encrypted by older ransomware programs.  In 2016 through the efforts of international law enforcement organizations and private security companies, the website No More Ransom was launched on which victims of ransomware can go to get decryption tools for many strains of ransomware for free.  Thousands of people have utilized this tool to decrypt their files after a cyber attack  without having to pay a ransom.  Unfortunately, however, there are some newer forms of ransomware for which there are no known decrypting tools developed yet.

Scam of the day – June 15, 2017 – Microsoft issues new security patches for outdated operating systems

The huge ransomware attack using WannaCry malware that exploited vulnerabilities in the outdated Windows XP operating system prompted Microsoft to take the unprecedented step of issuing security patches to address this issue even though one of the primary reason for its movement to newer operating systems was due to the fact that it was no longer manageable to attempt to continually patch these flawed programs. In another unusual move, Microsoft has just issued new security updates for Windows XP, Windows Vista and other no longer supported operating systems on an emergency basis because of new warnings of a risk of another similar attack.  These new security updates can be downloaded for free.

TIPS

According to the old adage (is there any other kind?), fool me once, shame on you.  Fool me twice, shame on me.  No one should still be operating the older, unsupported Windows operating systems, such as Windows XP. Update your operating system as soon as possible to the newer supported versions of the Windows operating system.  Hackers and cybercriminals are constantly exploiting software vulnerabilities.  Failing to update your software when security updates and patches become available is extremely dangerous.

If, however, you are still using one of the older Windows operating systems, you can go to this link to find the latest security updates which you can download for free https://portal.msrc.microsoft.com/en-us/

Scam of the day – June 8, 2017 – Steve Harvey’s new show hacked

In the last month I have told you about the hacking exploits of a group of hackers who call themselves thedarkoverlord.  In May, nine episodes of the popular Netflix original series, “Orange is the New Black” were posted by them on a publicly available file when their extortion attempt failed. They also claimed to have stolen the most recent  sequel in the successful Pirates of the Caribbean movie series, but this turned out to be a hoax. This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.  In the case of Orange is the New Black and other television shows, the weakest link was a post production studio, Larson Studios.

Now they have released eight episodes of what they say are stolen episodes of the new Steve Harvey show “Steve Harvey’s Funderdome” which will be premiering on ABC on June 11th.

TIPS

If a bootleg movie or television show is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to the rogue websites where you can find this material.

Scam of the day – June 5, 2017 – Hackers extort cosmetic surgery clinic

As I have warned people for years, your data is only as safe as the security at the places  with the weakest security holding your data.  Many times we have seen private information stolen and publicly released, as in the case of stolen nude photos, used for extortion purposes or sold to others on the Dark Web.

Cybercriminals recently hacked into the Grozio Chirurgija cosmetic surgery clinic in Lithuania and release 25,000 private photographs including nude photographs along with other personal information of patients of the clinic from more than sixty countries around the world. The hackers, who call themselves the “Tsar Team” contacted the clinic itself and individuals whose data had been stolen demanding bitcoin ransoms.  The clinic has refused to pay a ransom.

TIPS

In addition to doing the things we are constantly reminding people to do to protect themselves from data breaches, including, but not limited to the use of dual factor authentication, encryption and constantly updating security software, we should all be asking any company or entity that holds our personal information about what steps they are taking to protect that data and if their answers are not satisfactory, you should refrain from dealing with them.

Scam of the day – June 3, 2017 – Hackers and scammers turning to social media

Recent reports by various security companies are indicating that state-sponsored Russian hackers, such as those that managed to plant fake news stories in an effort to disrupt the 2016 presidential election are increasingly turning to targeting social media accounts to download malware and spread disinformation.  This is a complex story and one worth knowing more about, however, as an individual, you are also susceptible to scams, ransomware and malware downloaded through clicking on links in social media postings.

We have long known that phishing emails and the more personally targeted spear phishing emails are how most malware gets downloaded on to the computers of individuals, companies and government agencies. However, as successful as phishing is in spreading malware, postings on social media, according to cybersecurity firm ZeroFOX are twice as successful in spreading malware.

And it makes sense.

In my May 5, 2017 Scam of the day I warned you about the risks of the Facebook “10 concerts, but there is one act that I haven’t seen live” quiz.   I highlighted the fact that scammers use social media to gather personal information that can later be used to tailor a message sent through social media such as Facebook or Twitter that you are more likely to trust and click on links in the messages that will download malware.

TIPS

Trust me, you can’t trust anyone.  Always be skeptical when you receive any kind of electronic communication that requires you to click on a link in the message.  Always confirm it before clicking on the link regardless of how trustworthy it may seem.  Further, you may well consider limiting the amount of personal information that you post on social media that can be used to tailor spear phishing emails to lure you a victim of identity theft or some other scam by appealing to something in which you are known to be interested.

Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.