Small Business

The bad guys are developing malicious applications with the hopes of making their way into your mobile device’s app store –and sometimes they’re successful. Recently, over 100,000 people across the globe downloaded applications containing spyware from a reputable app store. According to researchers, this spyware steals personal information like your call logs, contacts, photo and video files, and can even use pop-ups in an attempt to steal your login credentials for accounts like Google and Facebook.

Here’s a few tips to avoid becoming a victim:

• Do your research: Read app reviews, but make sure they’re not fake or staged! Be wary of applications that don’t have any reviews.
• Avoid applications that have a low number of downloads.
• Look for strange logos or spelling errors in the application’s description.
• Consider investing in cybersecurity protection for your mobile device.

When in doubt, avoid downloading questionable applications, and look for a safer alternative.

Stop, Look, and Think. Don’t be fooled

BevMo: Alcohol retailer.

Risk to Small Business: Severe: As payment security continues to rise in importance to online shoppers, such an attack can strike a crushing blow to sales and bottom-line profits. Competition in the online retail landscape is cutthroat as is, so a newsworthy breach like this has the potential to turn customers away by shining a spotlight on personal and payment information concerns.

Individual Risk: Severe: The malicious code placed on the checkout page was able to siphon customer names, credit/debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses, and phone numbers. Visitors who entered payment details into the website are at a high risk for account fraud.

Customers Impacted:Nearly 15,000 customers who used the online portal.

How it Could Affect You: Due to an increased level of vigilance surrounding data breaches, especially those involving payment data, it is crucial that companies place greater importance on preventing breaches from happening in the first place.

Read more

---

In Other News:

Keep your email in check!
According to the FBI, business email compromise (BEC) schemes have amounted to $12.5B in losses to companies in 2018 alone. From Q1 to Q3, there was a 46% lift in the number of attempts recorded, signaling that hackers are doubling down on email fraud due to its simplicity and effectiveness.

The top three countries most often targeted by email scammers? The United States, Australia, and United Kingdom.

Read more

The bad guys are back to their old tricks with Netflix again. They are sending out email messages asking users to update their billing information but don’t click that link! If you do, the bad guys could steal your login details, your credit card data, your picture, your ID, and even more if they gain access to your computer or network.

Here are some tips on how to stay safe:

• Never click on a login link or an account verification link in an email.
• Check for the green HTTPS padlock in your browser’s address bar. If there isn’t one, it means the site is not secure.
• If there is a green HTTPS padlock in your browser’s address bar, check the web address of the site. If it’s not exactly what you expect, don’t click!
• Don’t ignore telltale signs that it’s a scam such as spelling and grammar errors.
• Guard your ID closely. Never give away a picture of yourself or your ID when it isn’t absolutely necessary.

Stop, Look, and Think. Don’t be fooled.

Caribou Coffee: A large coffee chain in the United States.

Risk to Small Business: Severe:A breach of this magnitude would have a negative impact on any organization for a long time. Around 40% of the company’s locations were affected by the breach, with all cards used during the breach being considered accessed.

Individual Risk: Severe: Those affected by this breach are at an increased risk of identity theft. Those who used a credit or debit card at the organization between August 28, 2018, and December 3, 2018.

Customers Impacted: 239 of the organization’s stores were affected by the breach.

How it Could Affect You: Credit card information being accessed is never good for business. Customers tend not to forget the company whose breach resulted in them losing money.

Read more

---

In Other News:

Facebook, What Are You Doing?
Facebook continues to let down its users this week… this time by providing user data to a wide variety of large companies for commercial purposes. Some of the companies that took advantage of Facebook’s fast and loose outlook on its customers’ data include Apple, Amazon, Microsoft, Spotify, and Netflix. The information even included private messages between users. When Amazon was asked about how it used the user data Facebook provided them, their official statement stated they used the data “appropriately,” which is not very comforting.

Read more

The bad guys are starting their tax scams early this season! All employees should look out for urgent emails and phone calls supposedly coming from the IRS or tax-related companies in the next few months.

For all employees, if you receive a phone call from the IRS claiming you owe back taxes and must pay, don’t fall for it. This is a common scam that they try every year.

And HR and Accounting teams should be on even higher alert. Cyber attackers are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.

Remember that when you receive sudden requests like this, they may be spoofed emails. You should double check by picking up the phone to verify that this is a legitimate request coming from that executive. In these cases, it’s OK to “say NO to the CEO”.

This tax season, stay alert for scams like this, and Think Before You Click!

Stop, Look, and Think. Don’t be fooled.

Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.

Risk to Small Business: Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.

Individual Risk: Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.

Customers Impacted:Over 5 million users.

How it Could Affect You:Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.

Read more

---

In Other News:

Alarming News
A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

Read more