Don’t be fooled by what you don’t see, CouchSurfing hack, bad Android apps and more.
Welcome to Cyber Security Today. It’s Friday July 24th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A new report urges people to be cautious about being suckered by what they don’t see online. Some scams start with getting you to click on a link in an email or text message that takes you to a fake login page. But it may be a scam to steal your username and password. For years cybercriminals have been making convincing fake login pages that include a copy of a company logo. But a security firm called Ironscales warns some people are falling for a new scam that shows a login page with what appears to be a slow-loading logo. Victims think the logo for Microsoft Office365, One Drive, Share Point, Adobe or DocuSign is supposed to load but their Internet connection is slow. So they log in anyway. What’s really happening is the hackers make the fake login page look like the logo is trying to load, and count on you to get impatient. Making a logo appear as if it can’t load not only fools victims, it also fools security software that looks for fake logos. So before logging into something after clicking on an email or text make sure you know who the message is coming from. Phone the sender using a phone number you know, not one that’s in the email or text message.
Users of the CouchSurfing travel and accommodation web site should watch their email for spam and phishing attacks. This is because hackers have gotten hold of and are selling data of 17 million CouchSurfing users. According to the ZDNet news service hackers have a list of user IDs, real names and email addresses, but apparently not passwords.
Garmin, a company that makes smartwatches, fitness trackers and vehicle navigation equipment is suffering from some kind of cyber incident that knocked off its email, chat service and call centres yesterday. In addition servers for the Garmin Connect service for synchronizing data also went down Thursday. According to several news reports Garmin employees on social media have called it a ransomware attack. UPDATE. Late Thursday it was reported that Garmin’s aviation database used by general aviation and commercial pilots, was also offline.
More manipulative apps have been found in the Google Play store. These are 29 photo apps that promise the capability of altering the focus of an image you’ve taken. Most have the word ‘blur’ in their title, like Square Blur, Photo Blur Master and Auto Photo Blur. But according to security researchers at a firm called WhiteOps, their real goal is to force ads onto device screens. And victims would have a heck of a time trying to remove the app. That’s because the app’s icon disappears shortly after installing it. These apps have now been removed from the Google Play store. A lot of people apparently fell for the scam. The apps had been downloaded 3.5 million times. But there were signs victims should have noticed. The Play store reviews by users warned it shows many ads and is hard to uninstall. Phony positive reviews can be inserted by developers, but negative reviews that talk about ads are a warning sign. So are reviews that tell how hard it is to uninstall an app or an app that seemingly disappears. And another sign is the early reviews have five stars but more recent reviews are negative.
Finally, Facebook’s Messenger app is adding new privacy and security features. Called App Lock, it’s now available for iPhones and iPads but will come to Android in a few months. App Lock allows users to lock access to their private chats. Access can only be gained through a fingerprint or face login. So if a friend or family member needs to borrow your phone or tablet, they won’t be able to access your chats. This capability is in the Privacy settings.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.