Millions of stolen Emotet email addresses can now be searched, user data of Reverb exposed, and more phishing and text scams.
Welcome to Cyber Security Today. It’s Wednesday, April 28. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
I mentioned in my last podcast that the remnants of the Emotet botnet for distributing malware have been erased. However, over the years the operators of the scheme had collected a lot of email addresses where attacks could be sent, often along with their passwords. Now you have the opportunity of finding if your email address is among them. The FBI has sent over 4 million email addresses from the Emotet system to a website called “Have I Been Pwned.” There anyone can check if their email address is on one of the many lists of stolen addresses being sold by crooks. Just enter your address and click. If the answer is yes, better change your email password fast, and add multifactor authentication to the login.
Site owner Troy Hunt has told the Bleeping Computer news service that almost 60 per cent of the Emotet email addresses are new and have not been listed in other data breaches. So if you recently checked the site, check it again. It’s “Have I Been Pwned,” which is spelled P-W-N-E-D.
Have you bought or sold a musical instrument on the Reverb marketplace? Personal information of users including names, street addresses, email addresses and PayPal email addresses were left unprotected on a database left open to anyone who could find it. Security researcher Bob Diachenko recently found it and alerted Reverb. An employee may have put the database there for processing, or it might have been copied by a hacker. Either way, to be safe Reverb users should change their passwords.
One of the worst things you can do is use old versions of Windows on your computer that can’t be patched anymore. According to statistics from Kaspersky, lots of people still do it. The company said this week that 22 per cent of its business or consumer users around the world are still running Windows 7. That’s dangerous because it’s easier to hack than newer versions. In Canada about 9.3 per cent of Kaspersky users are still running Windows 7, while 8.9 per cent of Kaspersky customers in the U.S. are still running it. Fortunately, 72 per cent of users around the world are on Windows 10. If your computer can handle it, move to Win10. And keep it patched on the second Tuesday of every month.
American listeners should be on the lookout for email scams pretending to be from the JP Morgan Chase bank. According to Armorblox, one message has a subject line that reads, “Your Credit Card Statement is Ready.” Click on the link to make a payment or see the statement and the victim gets taken to a fake JP Morgan Chase page where their login username and password are captured. There’s at least one clue this is a fake: The email is from “JP Morgan Chase” –except it’s spelled “capital-J, small-p”. Another scam is allegedly sent from Chase Bank Customer Care had the subject line “URGENT: Unusual sign-in activity.” It claims there’s been unauthorized access to the person’s account, and asks them to click on a button and login to verify account ownership. Again there are clues this is fraud: First, the email address is obviously not from Chase. Second, it’s addressed to “Dear Customer.” And third, it has “Urgent” in the subject line.
There’s a text messaging scam targeting smartphone users in Britain that may jump the ocean. The message looks like it came from a legitimate courier company, like DHL, and asks victims to install a tracking app to follow a so-called ‘missed package delivery.’ The app is spyware. Of course, if you’re not expecting a package you shouldn’t install a tracking app. Even if you are expecting a package don’t download an app someone sends you. Go to the company website and track it yourself.
Finally, a couple of important security updates to tell you about: Apple Mac users are urged to upgrade to the latest version, which is 11.3. It closes a major vulnerability. And IT administrators and home users with computers that have Nvidia graphics cards should update their display drivers to close several vulnerabilities. There’s a link to the Nvidia driver download page here.
That’s it for today. Links to details about podcast stories are in the text version of this show at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.