Look here, another Amazon phishing scam, this one courtesy of Scamicide. From the article, “The latest Amazon phishing scam starts with an email that appears to come from Amazon when you do not have any email security service, informing you that your accounts have been locked due to suspicious activity. You are prompted to click on a link to verify your account within 24 hours or risk having your account permanently shut down.”
One of the telltale signs of any phishing scam is a false sense of urgency. This particular one does not disappoint. Whenever you feel yourself rushing to click on a link, that’s a pretty good clue that you’re about to be scammed.
HIPAA Compliance Officer Scam
So, not only do hackers target the HIPAA information of medical patients, now they’re targeting the HIPAA Compliance Officers as well. That according to the HIPAA Journal.
“The Department of Health and Human Services’ Office for Civil Rights is warning healthcare organizations about a potential phishing scam being conducted by mail that has been designed to scare compliance officers into visiting a website or taking other immediate action with respect to a mandatory HIPAA risk assessment. Postcards have been sent to several healthcare organizations that masquerade as an official communication from the Office for Civil Rights. The postcards are addressed to the HIPAA compliance officer and state a mandatory HIPAA compliance risk assessment must be performed.” Who uses postcards anymore?
Hackers can do what? They can hack your phone’s power adapter? And melt your phone? Apparently so.
According to Gizmodo, “researchers at a Chinese security firm discovered a way to hack a fast charge power adapter so that when connected to a phone, the power brick can melt the phone or even start a fire.” I’ll have the fire extinguisher option with that phone, please.
From the “it’s hard to believe” department, comes a shocking phishing statistic: Over half of the world’s phishing attacks in Q1 2020 targeted Canadians, according to Insurance Business.
“According to a new report by RSA, a Dell Technologies subsidiary, Canada was the most frequently targeted country for phishing attacks during the first quarter of 2020. A total of nearly 50,120 fraud attacks were recorded by RSA during the first quarter. Phishing remains the most popular method of attack for fraudsters, RSA’s Quarterly Fraud Report for Q1 found, accounting for almost 55% of all cyberattacks.” Are Canadians overly gullible?
Apparently, there’s a shopping store called Asda in the UK. And apparently if you’re a woman born in October, the company has promised you a £1000 gift card. Unfortunately, the only thing that’s actually true about this story is that it’s a Facebook-based phishing scam, according to Dailymail.
“The fraudulent offer appears as a paid-for advert on the social media platform — one linked to a page titled ‘ASDA Gifts’ that is not associated with the supermarket chain. According to Griffin Law investigators, around 100 users have already reported seeing the advert on Facebook. It is not known if anyone has fallen prey to the trap.” Stay safe out there.
Amazon S3 Server Exposed
If you had to guess at a number, what would you guess is the number of exposed email addresses found on an unsecured Amazon S3 server recently? How about 350 million.
From Information Security Buzz, “White hat hackers CyberNews recently discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018. CyberNews says it’s unclear if malicious actors accessed the data, however, anyone who knew it was there could have downloaded the files.” Scary.
Children’s Hospital Colorado Breach
I don’t think we’ve ever reported on a children’s hospital being hit by a phishing attack. That is, until today. The victim? Children’s Hospital Colorado.
According to the HIPAA Journal, “Children’s Hospital Colorado is notifying 2,553 patients that some of their protected health information was stored in an email account that was accessed by an unauthorized individual. Credentials to access the account were obtained when an employee responded to a phishing email.” Damn phishing emails.
And that’s the week that was.