Fraud Awareness Week, don’t fall for these Microsoft scams and more
Welcome to Cyber Security Today. It’s Wednesday November 20th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
 |
 |
 |
This is International Fraud Awareness Week. Because we’re in a digital era, fraud is bigger than ever. A U.S. survey last month by the document destruction firm Shred-it found one-third of respondents had been the victims of information fraud or identity theft. Of those, 22 per cent were victimized by stolen information left on paper in homes, offices or garbage; an almost equal number were hit because companies they do business with were hacked, and 11 per cent said their personal financial accounts were hacked because of weak passwords.
Obviously companies and individuals still aren’t doing enough to reduce the risks of fraud. For companies, that includes having tougher protection for passwords and personal data through encryption and making employees and customers use two-factor authentication for logins. For individuals, it means having separate passwords for logging into home computers, smartphones, sensitive sites like email, banks and where you shop. It also means shredding documents at home with information like your credit card number or birthday before throwing them in the garbage. This is holiday sale time — find a deal on a home paper shredder.
Remember, to be effective fighting fraud means watching out for it.
Criminals are sending out fake Microsoft Windows Update emails. According to security company Trustwave, these messages may carry the subject line “Install Latest Microsoft Windows Update now” or “Critical Microsoft Windows Update.” The attacker intends to trick people into clicking on the attachment, which is supposed to lead to ransomware scrambling their data. However, according to one news site the attachment is mis-named as a JPG image, and in that format won’t execute. But if the attacker re-names the file it could be a potent weapon.
So, don’t be tricked. Configure your computer to automatically install Microsoft updates when they are available, or do it manually. Either way, it should be done through your Windows Settings menu. Never click on a security update offered by email or text.
PhishLabs has detected a different attack on Microsoft users, this one aimed at subscribers of Office 365. Victims get an email from what looks like a legitimate sender with a link. Click on the link and a realistic Office 365 login page comes up. That’s a clue of a scam.
Here’s another reason to make sure your Android smartphone always has the latest security updates: A security company called Checkmarx has discovered a serious bug in the camera app that comes with Android. It could allow a hacker to turn on the camera and take pictures, record videos or get the handset’s location. Make sure you have the latest Android updates.
Hackers delivered a holiday present to Macy’s, sneaking in bad code onto the retailer’s checkout page in October and scooping up credit card numbers, card security codes and other personal information of buyers. Firms selling consumer goods have to regularly make sure that websites they create are secure, especially now during the holiday season. If they outsource the checkout and payment services make sure these suppliers are also regularly checking their code.
Finally, a number of security companies have banded together and formed the Coalition Against Stalkerware to fight these nasty apps. This is software that allows someone to spy on victim’s messages, photos, social media and location. They do it by secretly installing stalker apps on victims’ devices. There’s a portal, “stopstalkerware.com” with help for victims.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.