securewebsite

Newegg is one of the United States largest online retailers of electronics which has been exploited by the group responsible for the Ticketmaster and British Airlines breaches.

Risk to Small Business is severe: A breach including sensitive payment information such as this could dismantle customer trust, especially in a company that is first and foremost an online retailer.

Individual Risk is a moderate risk: Those affected by this breach should contact their credit card companies IMMEDIATELY. Magecart is no joke, as demonstrated by their wide range of attacks across various industry and the scope of their abilities.

Customers Impacted: Unclear, but the site has 45 million monthly unique visitors and was breached for over a month.

How it Could Affect Your Business: Magecart is back, and they mean business. The group that is responsible for the Ticketmaster and British Airlines breach has now targeted Newegg. This shows that the group isn’t limited to one industry or country. Magecart is a global operation that can target any organization that processes payments online.

Magecart is Ruffling Through Your Cart.
With the Magecart group taking on companies such as British Airlines, Ticketmaster and now Newegg, it’s a good time to talk about online retail security. Researchers at SecurityScorecard analyzed 1,444 domains within the sector for 5 months to collect data on how secure the industry is. What they found… was not pretty.

The retail industry was the second lowest scoring, with entertainment being the only major industry more vulnerable. The retail sector was last in its ability to protect against social engineering attacks, which is concerning because the retail industry is the third most targeted industry behind banking and finance.

Many credit card associations have called for changes to be made within the sector, but many organizations are not fully compliant or not at all. In fact, 91% would fall under noncompliance. The combination of the popularity of online retailing with the fact that there is a very serious hacker group targeting websites that process payments, means the retail sector needs to look into buckling down because these threats aren’t going to go away.

https://www.darkreading.com/application-security/retail-sector-second-worst-performer-on-application-security/d/d-id/1332860

The bad guys are already testing their scams for the 2020 Olympics. They plan to send you a phishing email offering you tickets to the event or Olympic-themed gifts.

They will use social engineering tactics, such as placing the phrase “tokyo2020” in URLs or in their sender email address to trick you. Their goal is to compromise your computer or smartphone to access your bank account details.

The bad guys have over a year to perfect this scam, so you need to stay vigilant! Don’t click on links in event-themed emails, texts, or instant messages. If you are sent a suspicious email, delete the email or follow the reporting procedures put in place by your organization.

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.

The bad guys are getting creative with a new hybrid attack that involves CEO Fraud and gift card scams.

There is a massive campaign underway where they impersonate an executive and urgently ask for gift cards to be bought for customers. Once the gift cards are physically bought from a store, the “boss” asks you to send them the redeem code/number via email or text.

Never comply with a request like this – it’s a scam! Always confirm a request with your boss over a live phone call or in person to make sure it’s not a scam. Sometimes it’s OK to say “no” to the boss!

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.

Stay alert! The bad guys are now using CEO fraud and Business Email Compromise attacks more than ever.

These attacks take place when the bad guys impersonate executives within your organization via email and ask you to transfer them a large sum of money. They’re trying to manipulate you – don’t fall for it!

Instead, make sure that any request for a money transfer comes from the right person! Grab the phone and give them a call to verify that the request is legitimate. Better yet, communicate with them face-to-face about the request. They’ll thank you later!

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.

Be extra cautious! The bad guys are using foreign characters to create phishing websites that spoof popular brands (Example: micròsoft.com instead of microsoft.com). Then, they use these websites to trick you into providing your personal information.

The latest phishing website scam is a contest for you to win “free tickets” from well-known airlines. They ask you a series of seemingly innocent questions and then tell you to share the free offer with 15 of your contacts before being directed to the URL where you can access the free tickets.

Don’t fall for this – there are no free tickets! Instead, you’re sending the bad guys your personal information and a list of more people to scam. Always check a website for any signs that it may not be legitimate, or type in the company’s web address yourself.

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.

The bad guys aren’t limiting their scams to just your email account – they’re attacking you via social media, too! They create a fake profile and request to be your friend, or send you a message. They come off as wanting to be friends (in some cases, maybe even more), but what they really want is your money or your friend list. With access to your friend list, the bad guys will have even more people to target.

Don’t let them manipulate you! Don’t add or message people on social media that you do not know. These “random” profiles reaching out to you are fake and could lead you into a potentially dangerous situation.

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.