Cyber Security Today: Phone scam, tax scams, hackers in plain sight and check your router

Another telephone computer support phone scam, income tax scams, hackers in plain sight and check your router

Welcome to Cyber Security Today. It’s Monday April 8th. I’m Howard Solomon, contributing reporter on cyber security and privacy for ITWorldCanda.com

 

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Telephone computer support scams keep on coming. One that a friend received last week was completely automated. It said: “This call is in regards to security software we installed on your computer last year. Now we see a red flag error indicating there is a security breach on it. Please call this 1-855 number.” This con tries to scare you by saying there’s an alert. If you call the number someone will try to trick you into buying security software or an online inspection you don’t need. And they’ll get your credit card. If you get one of these calls, ignore it. And warn your friends.

For Canadians, here’s advice on handling telemarketing scams

For many listeners it’s income tax reporting time — which also means criminals are looking for ways to trick you into giving them your passwords, social insurance or social security number. One goal is to get access to your government tax account so refunds go to criminals, not to you. You’ll see email with subject lines like “Notice of Outstanding Income Tax Demand,” “IRS Update,” or messages pretending to be from the Canada Revenue Agency. Attached to the email is a document, perhaps with a government logo but also filled with malware. Or there may be a link that goes to a web site with a government or tax department logo, with a place for you to log into. That’s where they capture your government password. There may be a place to add your credit card number for a promised tax refund. These email messages may have your name, or be addressed to “Dear Taxpayer.” Versions of this scam involve messages sent to accounting firms.

Security vendor Proofpoint offers this advice: Be careful of email claiming to be from the tax department. Sometimes the email address the message comes from is a giveaway to a scam. If it starts “Dear Taxpayer” that’s another giveaway. Governments will never contact you online with a request for personal or financial data. When in doubt go to the government web site yourself rather than click on a link in a message. If someone telephones you claiming to be from the tax department, hang up.

Hackers don’t always hide in the dark crevices of the Internet. Sometimes they’re on social media, advertising their capabilities for hire and stolen data for sale. For example, Cisco Systems has identified 74 groups on Facebook with names like ‘Spam Professional.’ and ‘Facebook hack phishing.’ How Facebook content overseers miss them is a mystery. Hopefully, Cisco has passed on the list and Facebook will shut these groups down fast.

Your home router is a valuable piece of equipment: It’s the way you connect to the Internet. But if it gets hacked it can also be used to send you to malicious web sites. These sites may look like ones you intended to go to. According to the Bad Packets Report this kind of highjacking has been happening lately to a number of owners of modems made by D-Link, Totolink and others. Make sure your router or modem is running the latest firmware to avoid being a victim. If your device is no longer supported by the manufacturer, it’s time to get a new one.

Attention web site administrators and cloud service providers: If you’re running Apache HTTP Server, make sure it’s patched. According to security vendor Rapid7, some 2 million are running older, vulnerable versions.

Finally, a few episodes ago I told you that Cisco Systems was working on patches for its Small Business RV320 and RV325 Dual Gigabit WAN VPN routers. Well, now those fixes are available on the Cisco Security Advisories site.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast