Invest your money with Schwab? Keep a look out for the latest phishing scam. According to Scamicide, “a new phishing email presently being sent to unsuspecting people that appears to come from Schwab. This particular one came with a Schwab logo. A telltale sign that this is a phishing email is that the email address of the sender was one that has nothing to do with Schwab and was most likely part of a botnet of computers infected by scammers and then used to send out the phishing email in a way that is not readily traceable back to the scammer.” Be careful out there.
Overdue Balance Phishing Scams
Sometimes a phishing scam is predicated on you owing somebody money. Such is the case of the Overdue Balance phishing email circulating this week. “In the version discussed here, the scam email claims that you have an overdue balance that must be paid immediately. It claims that your account has been suspended and your details may be passed on to a debt collection agency if you don’t pay up.”
At other times, a phishing scam can be predicated on you receiving money. Such is the case of the HBSC Payment Advice phishing scam. “The email claims that the payment advice was issued at the request of a customer and is for your reference only. However, the email is not from HSBC and does not contain a legitimate payment document. It is a phishing scam designed to steal your email account login credentials.” Don’t pay attention to the money—pay attention to the sender.
We’re always on the lookout for hacking techniques so impressive that it brings a smile to our face. A smile of appreciation. And today, we have a smile on our face. Today’s smile was brought to you courtesy of Security Week. What’s so impressive? How about “Hackers Can [now] Exfiltrate Data from Air-Gapped Computers Via Fan Vibrations.” Computer fan vibrations!
“The newly proposed technique relies on the fact that the entire structure on which a computer is placed is affected by the vibrations produced by the device’s internal fans, and uses sensors in modern smartphones to sense these vibrations.” Like we said, impressive.
Smart Home Device Vulnerability
You know those smart home devices people are using in their more and more these days? Turns out, they’re not that smart. From Help Net Security, “researchers found serious security vulnerabilities in three different home hubs: Fibaro Home Center Lite, HomeMatic Central Control Unit and eLAN-RF-003.”
“Some of the flaws could be misused by an attacker to perform MitM attacks, eavesdrop on the victim, create backdoors, or gain root access to some of the devices and their contents. In worst case scenarios, these issues could even allow attackers to take control over the central units and all peripheral devices connected to them.” That doesn’t sound too good.
When you think about data breaches, you mostly think about data breaches of adults. Afterall, they’re the ones with credit cards and bank accounts that can be harvested. You rarely think about data breaches of children, especially the really young, which makes the data breach of the popular children’s website Webkinz so unusual.
According to SC Magazine, “Webkinz suffered a massive data breach earlier this month that saw about 23 million user login credentials exposed on a dark web forum.” It makes you wonder what the hackers intend to do with all that information.
Nintendo Data Breach
In keeping with the young person entertainment theme, “Nintendo has confirmed 160,000 user accounts have been accessed exposing a limited amount of PII and possibly access to Nintendo store accounts. The gaming company reported that starting in early April accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming.”
In this case, the breach is more serious than the Webkinz beach as users may have credit cards or PayPal linked to their account which can be used in the Nintendo store. If you find yourself suddenly being charged for a bunch of games you don’t remember purchasing, now you know why.
Facial Recognition Software Breach
Do you know what’s scarier than a company whose database can be used with facial recognition software to identify almost anyone in public? When the data in that database gets exposed to the outside world.
Such was the case this week when “a misconfigured server exposed the source code, copies of its facial recognition apps as well as private data at controversial startup Clearview AI, which gained unwanted notoriety earlier this year for obtaining billions of photos by scraping the internet for use by law enforcement agencies. It’s the second breach for Clearview AI in just a couple of months. In February, the facial recognition company informed customers that a hacker stole its entire client list.” Don’t you get the feeling that some companies just shouldn’t exis
And that’s the week that was.