After 89 years, the Washington Redskins are losing their team name. But, that’s not the only thing that got lost this week. So, too, did people’s money who tried to purchase the suddenly-hard-to-find merchandise.
According to Scamicide, “the termination of the old name and the refusal of major retailers such as Amazon, Walmart and Target to sell Redskins jerseys, caps and other merchandise carrying the old name and logo has created a demand by many people seeking to purchase the soon to be rare merchandise with the old name and logo. While there are legitimate sellers of these items, scammers have also sprung into action and have set up websites offering the merchandise at bargain prices. Of course, these bargain prices are no bargain because after you order the merchandise online, the merchandise never comes.” Maybe you should wait to buy a new jersey.
Happen to get some seeds in the mail from China you weren’t expecting? Well now we have an explanation. According to an article on Scamicide, the most obvious explanation is a scam called “brushing“.
“Brushing is the name for using false orders for products to boost the prominence of an online vendor. Vendors will pay brushers to make large orders of their product and ship them to strangers to make the sales appear to be legitimate. The brushers will follow up these purchases by posting glowing reviews of the vendor’s product. This combination of increased sales volume and positive reviews will, in turn, result in the increased prominence of the vendor in online marketplaces and result in increased sales. Brushing is illegal in the United States and China; however, it is quite commonly used by Chinese companies.” Now you’re all brushed up on brushing.
I’m sorry, but if you fell for this, it’s your own fault. According to Infosecurity Magazine, there is a phishing scam going around the UK that promises a £400 tax cut. A tax cut? When have you ever known a government to cut taxes?
According to the magazine, “Email users are being warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut. The email appears to come from the ‘Government Digital Service Team’ and claims to offer a rebate of nearly £400, according to think tank Parliament Street.” Come on.
US Defense Phishing Attack
Just in case you think hackers only go after folks who can’t fight back, think again. This time it’s Korean hackers using phishing attacks against US defense contractors.
From Bleeping Computer, “Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. Throughout this series of attacks dubbed ‘Operation North Star’ by McAfee Advanced Threat Research (ATR) researchers who spotted it, the spear-phishing emails were camouflaged as fake job offers from high-profile defense contractors.” Talk about kicking the bear.
A meow can be cute when it comes from a cuddly kitty. Not so much when it comes from a hacker. What’s a meow attack you ask? An attack “that destroys data without any explanation.” Probably like something a cat would do to your furniture.
According to Bleeping Computer, a “New ‘Meow’ attack has deleted almost 4,000 unsecured databases. The activity started recently by hitting Elasticsearch and MongoDB instances without leaving any explanation, or even a ransom note. Attacks then expanded to other database types and to file systems open on the web.” Now that the cat’s out of the bad, I wonder if people will start to protect their unprotected databases with email security services.
Garmin Ransomware Attack
It’s gotten to the point where we probably couldn’t function without GPS in our daily lives, but that’s exactly what a bunch of Garmin customers had to do last week.
“GPS device and services provider Garmin on Monday confirmed that the worldwide outage that took down the vast majority of its offerings for five days was caused by a ransomware attack. Screenshots and other data posted by employees suggested the ransomware was a relatively new strain called WastedLocker.” Ransomware, damn.
Beaumont Health Breach
After several weeks without a healthcare data breach, we now have our second one in as many weeks. This week’s victim? Beaumont Health in Michigan.
According to the HIPAA Journal, “Beaumont Health, the largest healthcare provider in Michigan, has started notifying approximately 6,000 patients that some of their protected health information has potentially been accessed by unauthorized individuals. Beaumont Health learned that email accounts accessed by unauthorized individuals between January 3, 2020 and January 29, 2020 contained the protected health information including names, dates of birth, diagnoses, diagnosis codes, procedure and treatment information, type of treatment provided, prescription information, patient account numbers, and medical record numbers.” We need to start a new winning streak.
And that’s the week that was.