If you don’t know what a “car wrap” is, it’s a company that pays people to drive their car around “wrapped” in a company advertisement for a fee. Seems like pretty easy money. Which is probably why scammers decided to turn it into a scam.
From Scamicide, “Scammers exploit legitimate advertising through car wraps by either putting an ad on the Internet or contacting you through a mass email in which they seek people to have their cars used for advertising through this technique called shrink wrapping. Unsuspecting victims respond to the advertisement and are sent a check for more than the amount that the victim is to be paid for the service. The victim is instructed to deposit the check in his or her bank account and wire the rest back to the company. This is where the scam comes in. The check that the scammer sends you is a counterfeit.” That’s what they call false advertising.
Free Concert Scams
What could be wrong with a free online concert? Nothing, unless it’s a scam, which of course, it is. Since the pandemic, everything has gone online, including concerts. So, you knew it was only a matter of time before the scammers figured out a way to exploit that.
According to an article on Scamicide, it starts with “scammers posting phony announcements throughout social media of a wide variety of free concerts. These announcements often include language such as ‘Free Concert — Sign Up and Let Your Friends Know Too.’ Of course, there is no concert. The scammers are either seeking personal information such as the cell phone number of someone seeking to sign up for the free concert or using the link to the registration page for the concert to trick people into unwittingly downloading malware on to their computers such as ransomware or keystroke logging malware that can lead to identity theft.” What’s the old saying? There’s no such thing as a free concert?
You install antivirus protection and you hope it protects you, and most of the time it does, but not this time. Because hackers have a lot of free time to figure out things like how to download malware into your computer without triggering antivirus detection.
According to an article on SC Magazine, “A fresh wave of Zeppelin ransomware attacks discovered in late August went undetected by antivirus defenses as the result of a new trojan downloader. This campaign shows an evolution of the trojan downloader that relies on heavy obfuscation of visual basic code hidden in what seems like random text within the document itself instead of the macro code.” Clever.
Stolen Money by Hackers
Ever wonder what happens to the money you lose from a cyberattack? So did SWIFT and BAE Systems, so they did some research and published a report of what they found. It’s genius in its complexity.
From an article on Help Net Security, “cybercriminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements.” Then they “use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer and due diligence checks on new account openings.” And finally, they “convert stolen funds into assets such as property and jewelry which are likely to hold their value and less likely to attract the attention of law enforcement.” Follow all that? Us either. That’s the point.
Usually, when you hear about a bank’s customers getting hit by a phishing attack, the only one who really gets hurt is the bank. Not anymore. Now a bank in Canada is making the victims of the scam, their own customers, foot part of the bill.
From the CBC website, “Sunova Credit Union customers to pay $1K deductible after falling victim to Google ad phishing scam. Fraudsters stole $3K from 48 victims who clicked on fake Sunova website.” On the one hand, it’s not really fair. On the other hand, maybe consumers will start paying more attention to email security services. One thing we know for sure is, this will only encourage the perpetrators.
This week’s personal health information (PHI) breach courtesy of Imperium Health according to the HIPAA Journal. From the report, “Imperium Health Management, a Louisville, KY-based provider of development services to Accountable Care Organizations (ACOs), is notifying 139,114 individuals that some of their protected health information was potentially compromised in a recent phishing attack.”
How many compromised emails does it take to breach 100,000+ accounts? Turns out only two. “The investigation revealed one email account was breached on April 21, 2020 and a second email account was breached on April 24, 2020 due to the employees responding to phishing emails. The emails contained links that appeared to be legitimate but directed the employees to a website where their email credentials were harvested.”
Fairfax County Public Schools Breach
This week’s education system data breach courtesy of Fairfax County Public Schools in Virginia according to Security Week. From the report, “Virginia’s largest school system has been hacked and the attackers are seeking a ransom payment to keep them from disclosing stolen personal information. The internet hacking group Maze posted some of the data stolen from Fairfax County Public Schools, including student disciplinary records and grades, to prove its hack was successful.” Really sucks if you’re a D student.
And that’s the week that was.