Canada hit by COVID cheque fraud; Webex, Teams under attack, more COVID email scams and three big data breaches
Welcome to Cyber Security Today. It’s Friday May 8th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
It didn’t take long for cybercriminals to take advantage of the Canadian government’s multi-billion dollar pandemic payments program for consumers. Cheques under the Canada Emergency Response Benefit, or CERB, began rolling out in early April. But according to an Israeli security company called Kela Research, criminals soon began selling editable digital copies of cheques on the dark web. A criminal can either purchase a digital file and fill in their own name or have a criminal service do the editing for them. Typically the cheque is put into a bank by a mobile deposit in what is called a “drop” account, one of a number accounts that has been opened by criminals some time ago with fake ID and are used for transferring money. Criminals often buy and sell drop accounts from each other. CORRECTION: The original story said criminals use newly-opened accounts.
With mobile depositing the criminal doesn’t have to go in person to the bank where ID will be inspected. Kela Research says the CERB cheque scam just an extension of other Canadian cheque fraud schemes available on dark websites, where cheques that appear to come from real businesses and include legitimate routing numbers are sold and edited. CORRECTION: The original story said the cheques being are copies from legitimate companies. Similar cheque scams are available in the U.S. These scams are another reason why financial institutions have to take care depositing and cashing government cheques, Kela says.
A spokesperson for the Canadian Bankers Association, which represents the country’s big banks, said institutions here constantly scan the threat horizon for financial frauds directed at customers, including counterfeit cheque scams related to government payments. “Banks work closely with government departments and agencies, law enforcement, Payments Canada and other partners to share intelligence and align their efforts aimed at countering these illicit schemes.”
There have been lots of recent news stories about hackers infiltrating Zoom videoconferencing meetings. That’s because the service has zoomed in popularity as more people work from home during the pandemic crisis. But other videoconferencing providers are also under attack. Reports from a company called Abnormal Security say hackers are also trying to squirm into Cisco Webex and Microsoft Teams video meetings. They’re sending out emails impersonating automated messages from both services, with different strategies. The Webex email claims there’s a security certificate problem and your account is locked. To unlock it you have to sign in with the provided link, which goes to a phony site to capture your password. The Teams email claims teammates are trying to reach you and includes a link or an icon to a filed to be shared. Click on the link and you get taken to a phony Microsoft Office login page, where your username and password are captured by the crook. What may make these lures convincing are tricks like having a URL for the login page include the word ‘Webex’ or a Microsoft product. With so many video meetings being held these days you’ve got to be careful logging into any service as a result of an email. Before clicking, check by phone with a colleague that a meeting invite is real.
More COVID-19 email scams to watch out for. Security company Palo Alto Networks has detected a bunch of campaigns aimed at government healthcare agencies, local and regional governments, large universities with medical programs, utilities, medical publishing firms and insurance companies across the United States, Australia, Canada, Italy, and the United Kingdom. A subject line might claim to be a coronavirus update with the word ‘UN,’ presumably to trick the receiver into thinking it came from the United Nations. Other subject lines are “COVID-19 Facial Masks New Order” or “COVID-19 Supplies.” Because many companies around the world are looking for masks, gloves and similar products someone might be tempted to click on the link to supposed lists of gear. Do that and your computer is infected. Health agencies and university researchers have gotten emails with the subject line “Latest vaccine release for Coronavirus.” And there’s the trick of the subject line that pretends to be about a COIVD business continuity plan. The report notes that criminals regularly update the themes and subject lines of their email. Be very cautious of email with attachments that have a COVID theme. And as always, keep an eye out on who the email is coming from. If it’s not a person you expect, report it to your IT department.
Finally, personal information and usernames and passwords of 26 million users of three American online services are now being sold on the dark web. Security company ZeroFox says the stolen data comes from hacks at the home meal delivery service HomeChef, online printing store ChatBooks and the news site Chronicle.com. Data from HomeChef includes email addresses, which can be used for spam and phishing, as well as home phone numbers. Criminals can buy 8 million of these subscriber records for $2,500. Chatbook data includes email addresses and social media access tokens. Criminals can buy 15 million records from this breach for $2,000. The same group says it is behind the theft of 500 Gigabytes of source code from Microsoft from the Github developers site. Subscribers to HomeChef, ChatBooks and Chronicle.com should consider changing their passwords.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.