Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data. According to The Payers, “researchers have spotted an ongoing phishing campaign targeting PayPal customers, where hackers are trying to gain access to customers’ credentials to the payment service.”
The article went on to say, “Targeted customers receive emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices, with the hidden purpose of stealing all their credentials and financial info. To make sure that the potential victims are willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they are secured by confirming their identity.”
Scams of the Year
According to Cyware, here are the top five phishing-related scams in 2019:
- Targeting Amazon Prime users: most of these scams were carried out via phishing emails which included a link to a fake Amazon login page in order to lure users.
- YouTube/Instagram channels to capture personal data: fake ads that promised to offer a lot of quick and easy money.
- Apple iPhone giveaway: numerous fake websites designed to trick users into ‘free iPhone giveaway scams.’
- Spam through website feedback forms: scammers targeted company mailboxes linked to feedback forms to send spam to people on the outside.
- Payment systems used to steal data: the phishing emails appeared to come from payment systems or banks and asked users to confirm their identity.
Sometimes hackers can be really heartless, going after the most vulnerable victims who do not have proper email security services, like students who need financial aid. But, that’s exactly what has happened according to OddCrimes.com.
“Malicious attackers have recently tried to gain access to students’ financial aid refunds at multiple colleges in a scheme that involves sending fraudulent emails to students. The target is federal student aid refunds, money distributed to students after tuition and other education costs are paid.” Heartless.
It must be scary to keep you money with a wealth management fund only to find out that they were the victim of a data breach. That’s exactly what happened to the customers of Moss Adams this week.
According to an article on SC Magazine, “The accounting, consulting and wealth management firm Moss Adams has posted a cybersecurity incident notice centred on an employee email account that was accessed by an unauthorized person compromising PII. Some of the information contained in the breached account included names and Social Security numbers of an undisclosed number of customers or employees.” Scary.
Wyze Labs Breach
This time a lab that experienced a data breach wasn’t actually a healthcare company. Wyze Labs, a manufacturer of security cameras and smart devices, “has confirmed a data breach that left exposed a database containing information on reportedly 2.4 million of its users. The exposed database contained a large amount of personal, product and some medical information.” Ah, there’s the medical breach.
It’s ironic when a company dedicated to security fails to properly secure their customers’ information. “The company is in the process of information those affected but did not say when the notifications would be sent.”
Heritage Phishing Attack
It’s a shame when a phishing attack impacts employees’ ability to make a living where there is no phishing protection software but that’s exactly what happened at telemarketing firm, The Heritage Company, who became the “latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers.”
“What we hope is just a temporary setback is an opportunity for IT to continue their work to bring our systems back and for leadership to restructure different areas in the company in an attempt to recoup our losses which have been hundreds of thousands of dollars,” wrote the CEO.
And that’s the week that was.