Attempted credit card fraud, a deep look at sexting and another airline data breach.

Welcome to Cyber Security Today. It’s Friday September 7th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

Usually on these podcasts I talk about online fraud or attempted fraud, but today I want to warn about a new phone scam in Canada and possibly the U.S. It starts with a recorded call from a person who claims to be from Visa, saying some suspicious charges have been made to your credit card. In one case it was charges to eBay and something called iTunes International. The recording asks you to stay on the line for an agent. Meanwhile, the recording says the company may have to remotely connect to your computer to do an investigation. When an agent does get on the line, he or she will ask your name for confirmation. To prove they are legitimate they will have your real address.

You should hang up and call the police or the Canadian Anti-Fraud Centre. This is a scam. No one from a credit card company sends you an alert with a recorded message. They’ll call in person. Visa or MasterCard won’t call you. Instead the bank or the company that issued your credit card will call you in person. To be sure, call the phone number on the back of your credit card for verification. Do not call a number suggested by somone on the phone or an email. No financial institution ever says they have to remotely connect to your computer. In all probability the caller in this case either wanted the user’s real credit card number and the verification number on the card, or to connect to the computer. Either way they wanted to steal information. The Canadian Anti-Fraud Centre couldn’t immediately say how many reports it recently had on this type of scam, which broadly speaking it categorizes as service fraud. Last year the centre said it received 5,448 service-related complaints which resulted in over $3 million in losses. I emailed a Visa Canada media spokesperson for comment, but got no reply.

Sending sexually explicit photos or messages to a close friend, also called sexting, is as old as the Internet age. Thanks to smart phones it’s easier. It’s also dangerous, particularly when it’s done by teenagers. This being back to school week, the Toronto Globe and Mail did a big feature on why kids engage in sexting and what parents can do about it. It’s one thing when consenting teens do it between themselves; it’s another thing, however, if pictures and messages get spread to others. Then shaming, blackmail and threats happen. One particular problem is boys who pressure girls to send them intimate photos, which they then send to their friends. Few kids know that under Canada’s child pornography laws even consensual sexting between people under the age of 18 is a crime. Few kids realize that it’s hard to completely delete things, even on Snapchat. One expert interviewed said something every kid should remember: If you do something wrong, don’t ever say ‘I didn’t mean it. It was an accident,’ because everything online takes effort. Parents can get more information at the Canadian Centre for Child Protection. To read the Globe and Mail article go to its site and search for an article called Sex and the Smartphone.

Finally, another international airline has been hacked. British Airways said Thursday the personal and financial details of customers making bookings on its web site or mobile app between August 21 and September 5 were stolen in a data breach involving 380,000 payment cards. The airline is getting in touch with people who made reservations during that 16 day period. This follows last week’s attack against Air Canada’s mobile app in which personal information on 20,000 users may have been improperly accessed between August 22 and 24th. All 1.7 million users of the app have to change their passwords. Mobile app accounts include your name, email address, and telephone number, but it also may include information you added to your profile, including passport number, NEXUS number, and birthdate. It’s good companies are quickly notifying victims. It’s bad sophisticated companies are still being hit.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.



Related Download
How GDPR can be a strategic driver for your business Sponsor: Micro Focus
How GDPR can be a strategic driver for your business

Register Now