Another email job scam, and how to celebrate International Women in Cyber Day.
Welcome to Cyber Security Today. It’s Wednesday, August 31st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Another victim of an email job offer scam has stepped forward. At the beginning of the month this person received an email invitation to interview for a job at cybersecurity company Splunk. They were allegedly selected because their profile on AngelList showed their skills would be a good fit. A few days after doing a Skype chat interview with a supposed HR person the victim got a job offer. That was followed by a chat with the supposed CIO, who said they would be given company funds to buy equipment for their home office, including an iPhone. All the victim had to do was link their credit card to a company account, buy the computer equipment, ship that gear to an address for the installation of security software and then the equipment would be sent to the victim. After doing that this person became suspicious. Too late. The Apple equipment presumably went to the fraudsters.
The victim missed a couple of clues. One is the email address that supposedly came from the company was “info[at]splunkcareers.us”. But the real domain of the company is “splunk.com.” Two, no company will ask you to link your payment card to their firm. To her credit, the victim did look up the profile of the person who would interview her to see if he was a real person. But that wouldn’t tell her the “Matt” she was talking to was the real Matt. The lesson is to be careful in accepting and doing job interviews online. That goes not only for job applicants, but also HR departments as well.
As I said, only doing online checking isn’t always enough to clear suspicions. Here’s a recent example from security researchers at Proofpoint: Hackers believed to be from China have been emailing and trying to trick targeted government and company people into going to an infected website. In their emails the hackers pretend to be reporters or staff from an online news site called Australian Morning News, with links to the publication’s website. Here’s the thing: The hackers set up a fake website called Australian Morning News. Anyone who went to the site had their computers infected with malware. If a victim didn’t want to risk clicking on a link in the email but just did a search for Australian Morning News and went to the site that way, they’d also be infected. This is why it’s not only wise to be careful with every email, it’s important to keep all your software updated with the latest security patches, including your browser. In addition, you need strong antivirus or antimalware protection on your computing devices.
A judge has certified a class action lawsuit against the Canadian government stemming from the 2020 hack of thousands of Canada Revenue taxpayer accounts. In some cases the hackers allegedly used credential stuffing attacks to get into and alter victims’ tax accounts to fraudulently get COVID-19 emergency funds. The hackers were allegedly able to see taxpayers’ personal information such as their Social Insurance Numbers and dates of birth. The lawsuit accuses the government of systemic negligence, breach of confidence and a civil privacy violation. The allegations have yet to be proven in court.
Hackers have stolen a database from the Russian media streaming platform called START. According to the Bleeping Computer news service, it is believed the database — with usernames, over 7 million email addresses and phone numbers — was posted on the internet over the weekend.
The data of more than 2.5 million individuals in the U.S. was compromised recently in an attack on a company called Nelnet Servicing. Nelnet oversees student loans. In a filing with the state of Maine’s attorney general, the company says the breach started June 1st and wasn’t detected until July 17th. The hackers were able to access people’s names, addresses, email addresses, phone numbers, and Social Security numbers.
Scaring victims into clicking on a link is an old tactic of hackers. One common tactic is an email or text saying you’re late paying an invoice. Another, being used against content creators, alleges something they’ve written or recorded is violating copyright. Security researcher John Hammond of Huntress Labs this week tweeted that he got one of those notifications on his smartphone, allegedly from YouTube about a video he made. One tip-off: The email address of the sender wasn’t anything close to coming from YouTube. In fact it came form a Google Drive account, to give legitimacy. Security researchers at KnowBe4 say there are two questions you should ask to avoid being victimized by a lot of phishing scams. Question one: Does the message arrive unexpectedly? If yes, go to Question Two: Is this the first time the sender has asked you to do the requested action? If the answer is also yes, you need to confirm the message other than by replying to the email or text. Don’t call the phone number in the message. It could be a fake.
Finally, tomorrow — September 1st — is International Women in Cyber Day. It’s a day to celebrate the achievements of women in cybersecurity and to encourage women to choose it as a career. It’s also a day IT and corporate leaders should consider ways of increasing the number of women on the cybersecurity teams of their organizations. Start by recognizing that diversity in any team in an organization is a benefit. The more varied voices there are at the table the greater the opportunity to find solutions to a problem. Leaders should offer to be mentors to women and encourage them in their efforts. And leaders — and women — should remember that not all cybersecurity-related hires need to have IT training. Smart, imaginative women are willing to learn technology as they go. In fact some in areas of the company, such as online customer support, women may already have some IT knowledge. I’ll have more on this tomorrow in a story on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.