Tips for avoiding Amazon Prime Day scams, and Software AG under attack
Welcome to Cyber Security Today. It’s Monday October 12th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Today is Thanksgiving in Canada, so for those of you from here who are listening thanks for tuning in on this holiday.
Amazon Prime sale days are set for tomorrow and Wednesday. Many online shoppers will be looking for deals. And criminals will be looking for suckers. Which is why you have to be alert for scams while looking for bargains. A cybersecurity firm called Tessian reminds shoppers to look for these warning signs:
–if the price of a product seems too good to be true, it probably is. Be wary of emails or texts that offer special deals or coupons associated with Prime Day, especially if you can only get a discount by clicking on a link or from a brand or name you don’t recognize;
–always check the email of a sender claiming an Amazon Prime deal and verify it’s a legitimate email address. If the sender’s display name is ‘Amazon’ but the sender’s email address is ‘oxnardsmart134.net’ or some gibberish, that’s a fake;
–and be suspicious of email that urges you to act fast or miss a deal.
In addition a security company called Bolster points out these signs of a phony Amazon seller or login web site:
–it has a phone number, to give you confidence there’s a place to call for help. Actually, Amazon doesn’t encourage customer service by phone and makes its phone number hard to find;
–there’s a statement that no password is required. In fact Amazon requires an Amazon account to make purchases;
–it promotes an Amazon loyalty program and offers a free iPhone 11 Pro or a gift for answering survey questions. When you win you have to enter credit card information for $1 to get the gift.
Remember, one of the best ways to make sure you don’t get scammed is by going to the main Amazon site yourself by typing Amazon in your browser. Don’t go through an email link.
The Department of Human Services of the American state of Georgia had admitted email accounts of some employees were hacked five months ago. Apparently it only learned about the incident in August, when it realized the attackers had copied names of children and adults involved in child protection cases. Some of the data copied may have included dates of birth, ages, phone numbers, email addresses, social security numbers, Medicaid or insurance information. Psychological or medical reports on 12 people was included. One person’s bank account number was copied. The state isn’t saying how those email accounts were hacked.
Unity Health Toronto, a network of three hospitals in the city, is warning people that someone is sending phony text messages claiming to be from the group and asking for personal information from patients. These messages are fake and should be ignored.
Finally, companies and government departments around the world using applications from a German company called Software AG are likely anxious. This is because it acknowledged last week that hackers had copied data from Software AG servers and employee computers. The Bleeping Computer news service says it was a ransomware attack, and that the attackers are demanding $23 million. Big companies including airlines, banks and factories build applications on top of Software AG’s platform.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.