More COVID scams, reporter tricked by phony Harvard job offer, and Uber wins and Twitter loses in Canadian courts.
Welcome to Cyber Security Today. It’s Monday January 18th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.Visit https://cisco.com/go/SecurityOutcomes to read the results.Cisco Secure Insights Summit on January 21, 2021, at 10 a.m. Pacific Time.
 |
 |
 |
More COVID-19 related scams pop up every day. But not all of them directly involve the vaccine or health products. Cybersecurity provider Proofpoint has collected a few of the most recent ones, which are often aimed at executives. Here’s some of them: One claims that the world economy is approaching a turning point because of vaccines So you’re invited to make some money by investing in the purchase of a troubled foreign company. Thousand of emails like that went out looking for interest in phony mergers or acquisitions. Another email campaign this month looking for phone numbers was simpler and might look like it came from an official at your firm. It says, “Would it be possible for you to complete a task for me? Before I leave for a COVID-19 meeting please give me your personal phone number.”
Another email campaign this month pretended to come from the World Health Organization. It included infected attachments purporting to be vaccine news updates. There’s one that claims to come from the so-called “Corona Virus Vaccine Administration” that asks victims to confirm their Microsoft Office 365 username and password to get the vaccine. And there’s one that pretends to be from courier DHL about a phony undelivered package trying to get victims’ login credentials. The subject line says “COVID-19 vaccine distribution. Re-confirm your delivery address.”
All of these messages have clues that they are scams. They may be addressed to “Dear Sir,” or the email header may say DHL Express, but the email address itself is obviously not the courier company. An unwanted or unexpected business pitch is another clue. So stay safe yourself, and stay safe online by looking for and ignoring scams.
Some internet-related Canadian court decisions made this month to tell you about: Twitter has lost the first round in its fight to dismiss a defamation lawsuit filed by a British Columbia business executive and friend of former U.S. president Bill Clinton. Tweets in 2015 allegedly aimed to discredit the man for supporting the Clinton Foundation by claiming he was involved in a pedophile ring. Twitter, which says it merely carries messages written by others, argues the proper area for a trial would be California, where it is headquartered. Conveniently, thanks to U.S. law, Twitter can’t be sued for defamation there because social media sites are shielded by freedom of speech and other laws. But the judge sided with the businessman saying B.C. is where the alleged victim lives and therefore is the right jurisdiction for a trial. The decision may be appealed.
And in Alberta a judge tossed out a proposed Canadian class-action lawsuit against Uber relating to the 2016 theft of data of 815,000 Canadians. In all data on over 50 million Uber passengers and drivers was stolen in that incident. Victims weren’t told until the press found out 12 months later. Unknown to victims, Uber quietly paid $100,000 to the hackers with the promise the data they stole would be destroyed. Uber says the data stolen was primarily names, addresses and email addresses of passengers, and drivers licence information of drivers. The Alberta woman suing argued there was no proof the hackers actually destroyed the personal information as promised. But the judge said there was no proof victims suffered any harm, loss or damage from the data theft as required under Alberta law. He agreed with Uber there is no evidence of any confirmed case of fraud, identity theft or other economic loss suffered by victims. As in most provinces, in Alberta a class action lawsuit has to be certified by a judge before going ahead. A lawyer for the woman told me there will be an appeal of the decision. In 2018 Uber agreed to pay American authorities $146 million to settle allegations it intentionally concealed news about the breach from affected people.
A TV reporter in India last week admitted she was the victim of an embarrassing job prank. She got an email offer to be an associate journalism professor at Harvard University. The email messages she and the university exchanged looked real, so she quit her broadcasting position and prepared for her new job. She was supposed to start in September, but then got messages delaying that to January. Eventually the delaying messages were odd enough that she directly contacted Harvard. To her dismay there was so such job offer. The reporter now believes not only were the emails she got forgeries, she may also have been hacked. A few lessons here: First, people with high visibility, like reporters, executives and politicians, have to be suspicious of every email or text message. If something looks too good to be true, it likely is. Second, lots of people today apply for and get jobs online without going to an office for a formal interview. That’s even more so because of the pandemic. But both prospective employees and employers have to make sure things are legit. When it comes to a job offer, include a face-to-face meeting where possible. Video interviews are common because of the pandemic and where people work far away from head offices, but again there has to be verification by both sides. There are lots of job scams. Many companies get hit with malware by opening job applications with infected attachments. Last August I reported the FBI warned that a gang in North Korea was planting fake job postings from well-known defense contractors to hack into the computers of skilled people in the defence sector. In a separate story I reported on alluring job pitches sent anonymously to people.
Finally, according to the ZDNet news service one of the biggest criminal web sites for selling stolen credit card information promises it will close next month. Called the Joker’s Stash, the FBI and Interpol seized four of the domains it uses in December, which affected its reputation. Also, according to one report, the person who allegedly runs the site contracted COVID-19 in October.
That’s it for today. Links to details about today’s stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.