Waiting on a package from somewhere? Be careful, it could be a scam called the “waiting package” scam. How original.
According to the US Federal Trade Commission, “The messages are coming from scammers. In some cases, they’re targeted at college students. In that version, scammers text returning students to say there’s a package waiting for them — sometimes claiming it’s been waiting since last spring, when many students had to go home from campus quickly.” Don’t click that link.
You’d think by now every person on the planet would be aware of the Nigerian email scam and avoid it like the plague. After all, it’s been going around in one form or another since 1588 “when it was known as the Spanish Prisoner Scam.” But it’s still circulating so it must still reel in some victims.
This week’s Nigerian email scam story comes from Scamicide. “In the most common versions of this scam circulating on the Internet today, you are promised great sums of money if you assist a Nigerian or someone elsewhere in his effort to transfer money out of his country. In most variations of this scam, although you are told initially that you do not need to contribute anything financially to the endeavor, you soon learn that it is necessary for you to contribute continuing large amounts of money for various reasons, such as fees, bribes, insurance or taxes before you can get anything.” Amazing that it still works.
How bad is ransomware in 2020? “A successful ransomware attack is estimated to hit an organisation every 11 seconds globally, with collective damages set to hit over £15 billion by the end of 2020.” Every 11 seconds!
“A striking 25% increase of ransomware attacks was observed since the start of the pandemic; a kick in the teeth for organisation’s all over the globe that were already on their knees. For many organisation’s, these attacks are simply not recoverable.” We know one group of people not hurt by the pandemic.
Google App Engine Hack
Ever heard of the Google App Engine? Most people haven’t, but do you know who has? Hackers, and they’re using it to hack you.
Google App Engine is a Platform as a Service and cloud computing platform for developing and hosting web applications in Google-managed data centers. According to Tech and U, “Security researcher Marcel Afrahim has discovered a novel technique that involves the abuse of Google’s App Engine domains to support the operations of phishing or malware campaigns without running the risk of detection.” That’s a hacker’s favorite thing: sending malware without the risk of detection. Well done.
This week’s top award to the government that got taken by a phishing scam goes to…Puerto Rico, to the tune of $2.6 million. According to Business Insider, “The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Tuesday that the agency sent the money to a fraudulent account. It’s unclear whether officials have been able to recover any of the money and what impact the financial loss has on the government agency.”
What is clear is that the island’s Industrial Development Company probably should have invested a few bucks into phishing protection software.
Australian Government Phishing
The runner up award to the government that got taken by a phishing scam goes to…Australia, to the tune of 200,000 stolen records. According to Before It’s News, “The theft of data related to over 186,000 individuals took place in April 2020. The amount of information totaled over 738 GB of data. More than 3.8 million documents were gathered. These documents included a wide variety of information, like forms, records of transactions, scans, and applications. More than half a million documents had information that could personally identify the victims.”
Ditto for Australia investing a few bucks in phishing protection software.
Hospital in Germany Hacked
Normally in the weekly Body Count we use the term metaphorically to indicate some company that got taken, usually for money or data, in some kind of scam. We don’t normally use Body Count to refer to an actual body. Unfortunately, this week there’s a story from Germany in which a hack actually resulted in someone dying.
According to an article in Security Week, “German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.” RIP.
And that’s the week that was.