Another PayPal scam, Estee Lauder leaves database open and Canadian banks get tough on customers
Welcome to Cyber Security Today. It’s Wednesday February 12th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
A new scam aimed at getting sensitive personal information from PayPal users has been discovered. Here’s how it works: A victim gets an email with the subject line “Your account is on hold.” The message has a PayPal logo and claims to come from the PayPal notification centre, saying access to your account has been limited because there was a login from a new device or browser. To access your account, you have to verify your identity by following some security steps. The notice is addressed to “Good morning customer,” which is the first sign of a fake. Second, there’s a box for the victim to click on that says “Secure and update my account now.” But if you hover over the box, it goes to a shortened address by bit.ly. That’s another tip. If the victim follows the link they’ll go to a phony PayPal site. There they’ll have to fill in their names and credit card numbers. And the last tip that this whole thing is phony the victim is asked for a social security number and a photo of a valid ID or credit card.
There’s lots of email scams like this going around, with messages pretending to be from a bank or government and asking you to login to a link they provide because there’s a problem with the account. Don’t click on those links. If you’re worried the message might be real, go to the organization’s web site and log in the way you usually do, either through a bookmark or by typing the name of the organization into the address bar.
Here’s another in a long list of security boo-boos: Someone recently left a database open on the Internet with over 440 million data records belonging to cosmetics giant Estee Lauder. Among the details were email addresses, references to company documents and other information that could be of use to hackers wanting to attack the company. It isn’t known how long the database sat in the open. It was discovered at the end of January and news is only now being released by the researcher at Security Discovery who found it.
According to a study released this week by IBM, mistakes by employees like misconfiguring servers were to blame for the vast majority of the 8.5 billion digital records either stolen or left unprotected last year.
Canada’s big banks are getting tougher when it comes to covering customer losses from payment or access card fraud. That’s according to CBC’s consumer show Marketplace. The banks have updated their electronic banking agreements to put more responsibility on customers if a card has been lost, stolen or misused. So remember these tips: Whenever you’re entering a PIN number on a keypad put your free hand over the other to make sure no one else can see. Don’t write down your PIN numbers on a slip of paper and keep it in your wallet or purse. Never swipe your card down the side of a card reader; instead insert the card in the bottom. Use an ATM machine from a bank, not a no-name machine. And never do banking or buy products over public Wi-Fi like hotels, airports and restaurants unless you have a VPN, or virtual private network.
Do you have a Dell computer? Make sure it’s running the latest version of Dell SupportAssist. That’s an application that checks the system to make sure everything is OK. A bug has been discovered in the version for both home and business computers. The application should automatically update. To be sure, open the application, go to Settings, and then About Support Assist. It will then check if an update is available.
Finally, if you use the Firefox browser a new version was released yesterday.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.