Think you’re getting paid back for that data breach? Think again because it’s a scam. According to Kim Komando, “Scammers appear to have set up a website claiming to be run by the ‘US Trading Commission’ that promises financial compensation for the leakage of personal data.” There’s only one problem with this. There’s no such thing as the US Trading Commission. “Instead, this highly detailed fraudulent website preys upon hapless data breach victims.”
Amazon Scam
Order something from Amazon lately? Then you need to be aware of this email phishing scam. “The emails, which feature the Amazon logo, claim that the company was unable to process a recent order you made. They instruct you to click a link to update your card details and avoid interruption to your services. If you click the link, you will be taken to a fraudulent website that has been built to look like it belongs to Amazon. Once on the fake site, you will be asked to sign in with your Amazon email address and password.” You’ve been warned.
Phishing Phrontier
You have to hand it to those hackers, they never stop finding new ways to scam you. What’s one of the newest tactics? Hidden text.
You see, certain words like “Office 365″ trigger spam filters and phish alerts, but hackers need these words to reel in their prey. Now hackers have figured out a way around this. According to Dark Reading, “Attackers will put invisible [characters] in between the letters so the end user doesn’t see it. With this technique, the attacker adds hidden text – white text on a white background – that contains keywords to make the email appear to be a conversation between two people rather than a transaction.”
This is why phishing awareness training is so ineffective. Unless you have every employee peel back the skin of every email to investigate the underlying HTML, you’ll never catch this exploit.
Fake Bank Website in Malta
How far would a hacker go to phish a victim? How about building a fake news website from the ground up. According to KnowBe4, “The Central Bank of Malta has issued a statement warning people about a bitcoin phishing scam being pushed by a spoofed news website, the Times of Malta reports. The site imitated a legitimate news outlet and attributed fake quotes to real people.”
Body Count
It was a bad week for P&N Bank. “The Australian bank, a division of Police & Nurses Limited, informed customers that unknown threat actors managed to access personal information stored within its customer relationship management (CRM) system. The affected system, P&N says in the notice, stored a great deal of personally identifiable information (PII), as well as other sensitive data, including names, addresses, email addresses, phone numbers, customer numbers, age, account numbers and balance, and other details, which the bank refers to as non-sensitive.” Data breaches don’t get much worse than that, or do they?
Healthcare Industry Scams
They do! It was a worse week for the healthcare industry with regard to data breaches. First, it was Planet Drugs Direct that had personal health information (PHI) compromised. “The Canadian online prescription referral service informed a yet unknown number of customers via email of a recent data security incident that may have impacted some of their data.”
Next, a phishing attack hit SouthEast Eye Specialist Group which affected as many as 13,000 patients. “SEES Group determined patient information was contained in email accounts that were accessed by unknown individuals.” Apparently these eye specialist couldn’t see investing in email security services.
Finally, 44,000 patients of InterMed and Spectrum Healthcare Partners also had their data at risk this week. “The Portland, ME-based healthcare provider InterMed is notifying 33,000 patients that some of their protected health information has potentially been compromised as a result of a phishing attack.” And, “11,308 patients of Central Maine Orthopedics, part of Spectrum Healthcare Partners, are being notified that some of their protected health information has potentially been viewed by an unauthorized individual who gained access to the email account of one of its employees.”
And that’s the week that was.