Cyber Security News Update – Week 2 of 2020
Quick Answer
Cybersecurity stories from the week of January 9, 2020: a phishing campaign impersonated FedEx with fake delivery notifications carrying credential-harvesting links. Account-recovery scams abused phone-number recovery flows to take over Google and other accounts by tricking victims into reading aloud verification codes. Researchers warned of US-targeted phishing tied to escalating tensions with Iran. And Honda confirmed a misconfigured Elasticsearch database had exposed approximately 26,000 records of North American vehicle owners, including names, email addresses, and vehicle identification numbers, before being secured. The week's theme was that holiday and post-holiday surge traffic continued to drive both phishing volume and unintended data exposures.
There were pre-holiday phishing attacks and holiday phishing attacks. So, it should come as no surprise that there are post-holiday phishing attacks. According to KLFY.com, phishing emails are targeting shoppers with post-holiday offers.
“Here’s how the scam works: You receive an unsolicited email or text message that appears to be from a major retailer claiming you have a new reward. Experts have seen scammers use the names of Amazon, Kohls, and Costco… but any company can be spoofed. You open the message, and it looks real. It includes a company logo, colors, and a link to claim the reward points or gift from your recent holiday shopping.” You’ve been warned.
FedEx Breach
Receiving an email from FedEx is not uncommon, especially if you do business with them. So, it should come as no surprise that hackers used a FedEx email this week to launch a phishing campaign.
According to Scamicide, “If you look closely at the email, you will note that even though it has the Federal Express logo and looks quite official, there are a number of tip offs that this is indeed a phishing scam. What is not shown on the email is that it is sent from an address that is not that of Federal Express.” Always check the return address or the better choice is to install email security service.
Recovery Number Scam
From Hoax-Slayer, the latest scam this week is the ‘Add Recovery Number’ Email Account Phishing Scam. “Scammers are distributing fake admin notifications recommending that you add a recovery number to your email account. Supposedly, this is a new security measure designed to keep your account safe. The message includes a link that will supposedly allow you to add your mobile number as requested. It warns that, if you don’t add the recovery number, your account will be deactivated and your emails will be lost permanently. Clicking the link opens a scam website that asks for your email address and email account password.”
Phishing Phrontier
First it was banks, then municipalities and now it’s…medical schools? That’s the latest from Science World Report, which reported that “UNC-Chapel Hill School of Medicine, located within the University of North Carolina, recently reported a potential month-long phishing attack, which potentially breached the protected health information of over 3,700 patients.”
The report went on to say “Within the emails was personal information regarding treatments received, as well as important identity-related information, including their names and dates of birth, addresses, health insurance numbers, social security numbers, bank account numbers and credit card details.” You know, nothing important.
Iran’s Response
If you get hit with a cyberattack in the near future, it could be from Iran, warns the DHS. “After the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Iran maintains a robust cyber program and can execute cyberattacks against the United States,” DHS warned.
Body Count
Not a good week for restaurants. First, Over 50 Islands Restaurants Hit by Payment Card Breach. “California-based burger chain Islands Restaurants recently informed customers that it had identified a piece of malware on the point-of-sale (PoS) systems used for payment card transactions at its restaurants. The malware used by the cybercriminals was apparently designed to steal data stored on a card’s magnetic stripe as it went through the system.”
Then, Houston-based steakhouse restaurant company Landry’s was hit with a point-of-sale malware attack. Maybe it’s time to start using cash.
Honda Car Owners Data Leak
The cars guys, not wanting the food guys to grab all the attention, apparently wanted to get in on the action of making sure their customers’ data was at risk also. “An Elasticsearch cluster containing information on Honda owners in North America was recently found to be accessible from the Internet without any authentication. The database stored names, contact details, and vehicle information, all of which could be accessed without a password.” Maybe it’s time to go have lunch at Islands.
Is it even news anymore when Facebook users data are in jeopardy? As was the case with Honda, “An unprotected Elasticsearch database that was accessible from the Internet was recently found to store information on over 267 million Facebook users, according to tech website Comparitech. The database contained user IDs, phone numbers, and names, all of which could be accessed by anyone, without a password or any other form of authentication.” No lunch, no cars, no social media.
And that’s the week that was.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.