Ever since the pandemic, phishing attacks on Amazon have skyrocketed. Afterall, more people are shopping online. Such is the case in Taylorville, Ill where “A new email phishing scam is making its way to people’s emails, according to the Taylorville Police Department.”
According to the report, “An email that looks like it’s from Amazon said there was a problem renewing their Amazon Prime Account. The email then gives the user a prompt to find the documents attached to follow on-screen instructions. The instructions then ensure there isn’t a problem with the renewal by gaining personal information.” Yeah, it’s a scam.
US Tech Support Scam
“US Tech Support is a real company that provides tech support for your computer.” The phishing email pretending to be from them, not so much.
According to Scamicide, the “email, which was sent to us by a Scamicide reader is not from US Tech Support, but instead is a phishing email designed to make you believe that there is an emergency that requires your immediate attention. Anyone receiving this email who was not a customer of US Tech Support would be tempted to call the telephone number found in the email to cancel. If you call the phone number listed in the email, which, by the way, is not a telephone number used by US Tech Support, you will be asked for personal information that will be used to make you a victim of identity theft.” Pretty clever.
From the hard-to-believe department, the pandemic has actually lowered the incidence of one common annoyance: robocalls. According to an article on Security Week, “Industry experts say robocalls are way down — scam calls as well as nagging from your credit-card company to pay your bill. The coronavirus pandemic has inflicted millions of job losses, and scammers have not been immune.” Do you know what they call that? A silver lining.
You have to know that something called “EvilApp” is probably, well, evil. EvilApp is an Android app used to grab session cookies from any website. And with session cookies, the bad guys never have to log into your account. It’s wide open.
Ironically, the app comes with a legal disclaimer. “Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.” Just like selling a gun and saying don’t shoot it.
This was not a good week for unemployment website data leaks. First Arkansas and Illinois copped to the fact that “both reportedly exposed sensitive citizen data after failing to adequately secure web services that the states urgently propped up in order to process applications for the federal Pandemic Unemployment Assistance program.”
Not to be outdone, three more states suffered the same fate. “Colorado, Ohio and Florida have become the latest states to disclose the accidental exposure of information belonging to citizens who applied to the federal Pandemic Unemployment Assistance program as a means of seeking some financial security during the ongoing COVID-19 crisis.” Five down, 45 to go.
Data Breach by Sanix
If there was a gold medal given to hackers, the recipient would have to be the hacker called “Sanix.” Why is that? Well, just take a look at his accomplishments. “A database with 773 million email addresses and 21 million unique passwords were hacked by Sanix and were almost sold last year. It was clarified that the 87-gigabyte database was only a fraction of the stolen data the hacker collected, as stated by the officials.” Impressive, right?
The bad news for Sanix? He was caught by Ukraine’s Security Service. Time to give the gold medal back.
British Airline Breach
Just because airlines have stopped flying, doesn’t mean they can’t have a data breach. And that’s exactly what happened to British airline easyJet. According to a report, “An attack against British airline easyJet by a highly sophisticated source’ accessed the email addresses and travel details of approximately nine million customers, including credit card details of 2,208 customers.” Ouch.
And that’s the week that was.