University library password scam, police break up email fraud racket and just say no.
Welcome to Cyber Security Today. It’s Friday, the day after September 12th. I’m Howard Solomon contributing reporter on cyber security for ITWorldCanada.com.
Attention university students and faculty: There’s an email campaign going on to steal your library login and password. According to a security firm called Secureworks, victims get an email from what looks like the Library Services group of their university saying their account is expiring due to inactivity. To fix that, they’re asked to log in at the supplied URL. Click on the link and it goes to a web page that looks almost identical to a real university page. It’s a fake for stealing login credentials. Then victims are sent to the genuine university website. The goal of scam seems to be to sell access to academic resources to customers in Iran, says the report. Universities in Canada and the U.S. are among 60 higher education institutions that have been targeted by the campaign. The group believed to be behind the attack did the same thing last year just before the start of the fall academic year. One way to spot this scam is that the message in the email starts “Dear Library Member.” The way to not be suckered by attacks like this is to never click on a link in an email that claims to be taking you to a login page. The safest way to log into a site is to go there the way you usually do, either by typing the name of the site or using a link you have bookmarked.
Most people are pretty good at updating the operating system of their computers and smart phones. But you also have to keep an eye open for security updates for your modems and Wi-Fi routers. I mention this because D-Link recently updated its firmware to fix a problem on some models that exposed users passwords. Your router manufacturer should email you notice of such updates. Even so, a couple of times a year you should check to see if there are patches available.
Mobile apps can be fun or practical. But they can also be dangerous if they want access to sensitive parts of your phone or tablet, like your contacts. Another reminder of this comes from security vendor Avast, which surveyed the hundreds of popular flashlight apps in Google’s Android Play store. You shouldn’t need an app. For the past couple of years Android includes the ability to use the camera flash as a flashlight. But lots of people still use a third party app. And far too many of these apps ask for permission to access the Internet, contacts, photo gallery and more. When you install an app it asks for permission to access services. Think carefully about what the app asks for, and whether it really needs access. Don’t just click OK. You may be sorry.
In the good news department, police in nine countries including the U.S and Nigeria this week arrested 281 suspects allegedly involved in business email and wire transfer scams. These cons tricked businesses into making wire transfers of money to bank accounts supposedly owned by customers or partners of organizations but were really controlled by criminals. In short, messages would say, ‘Hi, we’ve changed banks. Please pay our invoices to this new account.’ The FBI said police disrupted or recovered about $118 million in phony transfers. In addition to scamming organizations, the group stole more than 250,000 identities, filed more than 10,000 fraudulent tax returns and attempted to receive more than $91 million in refunds. Police warn organizations to make sure staff independently verify requested bank account changes of suppliers.
Finally, there’s a new version of the Google Chrome browser now available. To get it go to Settings, Help and About Google Chrome. It fixes several bugs.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.