Archives for December 2018

This Week in Breach: Caribou Coffee

December 27, 2018 by securewebsite

Caribou Coffee: A large coffee chain in the United States.

Risk to Small Business: Severe:A breach of this magnitude would have a negative impact on any organization for a long time. Around 40% of the company’s locations were affected by the breach, with all cards used during the breach being considered accessed.

Individual Risk: Severe: Those affected by this breach are at an increased risk of identity theft. Those who used a credit or debit card at the organization between August 28, 2018, and December 3, 2018.

Customers Impacted: 239 of the organization’s stores were affected by the breach.

How it Could Affect You: Credit card information being accessed is never good for business. Customers tend not to forget the company whose breach resulted in them losing money.

In Other News:

Facebook, What Are You Doing?
Facebook continues to let down its users this week… this time by providing user data to a wide variety of large companies for commercial purposes. Some of the companies that took advantage of Facebook’s fast and loose outlook on its customers’ data include Apple, Amazon, Microsoft, Spotify, and Netflix. The information even included private messages between users. When Amazon was asked about how it used the user data Facebook provided them, their official statement stated they used the data “appropriately,” which is not very comforting.

Scam of the Week: Watch out for W2 and Tax Fraud Phishing

December 26, 2018 by securewebsite

The bad guys are starting their tax scams early this season! All employees should look out for urgent emails and phone calls supposedly coming from the IRS or tax-related companies in the next few months.

For all employees, if you receive a phone call from the IRS claiming you owe back taxes and must pay, don’t fall for it. This is a common scam that they try every year.

And HR and Accounting teams should be on even higher alert. Cyber attackers are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.

Remember that when you receive sudden requests like this, they may be spoofed emails. You should double check by picking up the phone to verify that this is a legitimate request coming from that executive. In these cases, it’s OK to “say NO to the CEO”.

This tax season, stay alert for scams like this, and Think Before You Click!

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: China – Boomoji

December 21, 2018 by securewebsite

Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.

Risk to Small Business: Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.

Individual Risk: Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.

Customers Impacted:Over 5 million users.

How it Could Affect You:Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.

In Other News:

Alarming News
A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

Scam of the Week: New Dangerous Email Extortion Scam

December 19, 2018 by securewebsite

The bad guys are continuing to get more and more bold with their extortion scams. The latest extortion scam involves sending you an email that looks like a bomb threat. The email claims there is an explosive device in the building which will detonate unless you pay them in bitcoin.

This threat is being sent to millions of people, so the likelihood that it is real is very small. However, if you receive this type of extortion email be sure to do the following:

Follow your organization’s security policy
Contact the appropriate authorities in your organization
Do not answer or forward the email to coworkers.

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: Quora

December 14, 2018 by securewebsite

Quora: A popular question and answer site that boasts 300 million monthly active users.

Risk to Small Business: Severe:People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.

Individual Risk: Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time

How it Could Affect You: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

Scam of the Week: Extortion is Back Again!

December 12, 2018 by securewebsite

Extortion scams are back and they are getting more and more dangerous. This time, the bad guys are sending out emails, claiming they have a video of you watching an inappropriate website and then prompting you to download that video and see it for yourself.

But if you do, your computer gets infected with ransomware!

Here are some things you can do to avoid becoming a victim of extortion:

Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
Turn off and/or cover any web cameras when you are not using them.
Remember, if you receive an email that claims to have a compromising video of you viewing sensitive material, do not answer or send money. Instead, delete the email.

Don’t fall victim to the bad guys!

Stop, Look, and Think. Don’t be fooled.