Watch for gift card scams, another example of the need for two-factor authentication and will anything on the Internet be real?
Welcome to Cyber Security Today. It’s Monday Oct. 29th. I’m Howard Solomon.
With the December holiday period coming up criminals are looking for any way they can to scam people. A recent FBI report points to one way – impersonating company executives to ask an employee to buy gift cards online for staff, which criminals then use for their own purposes. The scam works like this: An employee gets a spoofed email, text or even a phone call from someone pretending to be a person of authority in their company. They ask the victim to buy multiple gift cards for either personal or business reasons, like a work-related function or as a present for a special personal occasion. The request may involve asking the victim to transfer money to a special account to buy the cards. However, the gift cards or money are used by the scammer to buy goods and services for themselves or to further criminal activity.
The FBI has seen a sharp rise in the number of reports of this kind of con in 2018. With the holiday period close, that might continue.
To make sure you’re not stung, remember a popular con is impersonating a company official in an email, text or phone call asking you to buy something or transfer money. So in general be careful and verify such messages, including requests for multiple gift card purchases.
Police in Australia have charged a woman there with hacking a man’s email and finding enough details to steal over $300,00 in crypto currency from his digital wallet. After the email account was hacked, his password was changed. For two days someone was able to go through his email and apparently figure out how to access his digital wallet. Details are sketchy, but presumably the attacker was able to guess or use a brute force attack to get the victim’s email username and password. Once in, the attacker could change a security feature to make sure the man couldn’t get back into his account. As security writer Graham Cluley notes, this incident shows two things: How valuable the information in your email is, and how important it is to have two-factor authentication – like a confirming message on your cellphone – on all valuable accounts. That way even if someone gets your password, they can’t get into the account without having the second verification.
Finally, on the eve of Halloween a scary report: As if fake news on the Internet isn’t enough of a worry, fake videos which can make a person seem to say anything or be part of a criminal offence are increasingly possible. Wired magazine reported earlier this month that a researcher looking at fake videos his team had created combining celebrity photos and machine learning and realized something was obvious: The people weren’t blinking the way real people do. So fake videos can be spotted, right? Maybe, but shortly after he published a research paper, he got anonymous YouTube videos with people blinking. The researcher is trying to find ways to detect fake videos, but someone figured out a way to beat him. So not only is there an arms race between malware and defenders, there’s also one in creating and detecting fake videos. Will we soon not believe anything on the Internet or TV? It’s a scary thought.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.