What’s old is new again. And what is it that’s new again? The venerable old jury duty scam. Apparently, it’s making the rounds again, so be on the lookout.
According to Scamicide, this is how it works. “Generally, the scam starts with a telephone call that you receive purportedly from a law enforcement officer informing you that you have failed to appear for jury duty and that a warrant has been issued for your arrest. You are told, however, that you can avoid arrest and greater fines by purchasing gift cards and then sending photographs of the gift cards to the phony law enforcement officer to prove that they have been purchased. You are then told that you should then mail the gift cards to the local Clerk of Court’s office.” Gift cards? Really?
Chase Bank Scam
Bank at Chase? Then you should be on the lookout for a new phishing email. According to an online article, “Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.”
This week it’s Chase, next week it’ll be BofA and the week after that Wells Fargo. Just keep an eye out for suspicious looking bank emails.
The most difficult phishing attack to stop is the internal phishing attack. That’s where an attacker compromises an internal account and launches the attack from there. From Abnormal Security, “Compromised accounts are commonly used by attackers to send attacks because they appear to originate from a trustworthy source, be it from a known partner or an internal account. By utilizing a compromised internal account, the attacker is able to bypass any external email filtering set in place by the company. In addition, it is easier to deceive recipients of this email as the email appears to be coming from a coworker.” Basically, what they’re saying is, you can’t trust any email any more. Damn.
Website owners beware, there’s a new scam in town. From Web Ascender, “A new common scam involves online contact forms or emails pertaining to your website. Recently, we have seen an increase in spam submissions from ‘photographers’ who claim that your website uses one of their photos without appropriate license. The imposter claims that use of the photo is illegal and they require compensation for these photographs.”
Assuming that any email you receive asking for money is a scam is about the best email security service you can have.
As ransomware goes, Colorado City got off easy. According to an article on Security Week, “Lafayette officials said hackers disabled the city’s network services and blocked its access until the city paid a $45,000 fee.”
As the city decision makers rightfully noted, “In a cost/benefit scenario of rebuilding the city’s data versus paying the ransom, the ransom option far outweighed attempting to build.” 45 grand? They got lucky. I wonder if they’ll put some protection in to keep it from happening again? It’s got to cost less than $45,000.
Capital one Breach
As lucky as the folks in Colorado City got, that’s how unlucky the guys at Capital One got for their massive data breach. From SC Magazine, “Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised the personal data of more than 100 million of its customers.” I’m certain the protection they needed would have cost less than $80 million.
Data breaches can cost more than money. Sometimes the cost is sensitive company data. A lesson semiconductor giant Intel learned recently. According to Cyber Scoop, “Chip giant Intel is investigating the leak of what appears to be a 20 GB cache of internal documents, some of which are marked confidential, after it appeared on various messaging platforms and data hosting sites.” Damn, they can’t even pretend it didn’t happen.
And that’s the week that was.d