A new SMS texting scam is trying to fool Canadians into giving up bank passwords, a WhatsApp scam is going around and why a Wi-Fi app for a hot tub can get you into hot water.
Welcome to Cyber Security Today. It’s Wednesday January 9th. To hear the podcast, click on the arrow below:
There’s a bank scam going around that uses SMS text messaging to get Canadians to give up personal information and their passwords. It starts with a text message that reads something like “Scotiabank Alert: Your card starting with 4536 is disabled for security. Please secure your account below” — and there’s a link that includes the bank’s name for you to click on. Ignore this. Don’t click on the link. First, banks don’t send warning text messages. Second, many Canadian-issued credit card start with the same digits — like “45” plus two more digits — that are set by the global banking industry to show where the card comes from. So these first four numbers aren’t a secret, and they’re not your personal credit or debit card number. And third, the fact that the link doesn’t start with HTTPS is a giveaway. By the way, this type of scam has been seen in the U.S. as well so American listeners should ignore supposed text messages from a bank as well.
Speaking of text messages, do you use WhatsApp for texting? If so you should be aware of a curious hoax message being spread that warns of a virus video called Martinelli. Ignore this message, and don’t forward it to anyone. It may be part of a scam to get users to upgrade to something called WhatsApp Gold. That particular scam has been going on for two years. There is no version called WhatsApp Gold. Don’t click on a link for an update. WhatsApp usually updates itself, and not through a text message.
Here’s another reason to be careful about mobile apps that control your home devices. A British security testing company discovered the Wi-Fi app that goes with a hot tub made by Balboa Water Group can be hacked. The app, which connects to a home Wi-Fi router, lets the user wirelessly control things like the hot tub’s temperature. But a hacker could also take control as well. Why? Because users don’t have to enter a password. When the testing company contacted the manufacturer to point out the flaw, it got no response. It took a query from the BBC to get action. The company says it will update and make the app more secure in February. Two lessons here: First, shoppers need to ask how an app works before buying an Internet-connected product. Is it secure? Second, companies need to be more responsive about the products they sell. This is an example of bad publicity.
On Monday I told you about a large hack of German politicians, reporters and celebrities. Well, yesterday police arrested a 20-year-old man. Police say he acted alone.
Finally, if you’re a IT pro and interested in cloud security, on Thursday January 17th there’s a Cloud Security Summit in downtown Toronto. I’ll be there to cover it. IT World Canada CIO Jim Love will be one of the many speakers. Admission is free. Registration details can be found here, as well as on the events page of ITWorldCanada.com
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon