This week’s scams exploit people’s greed, desire to go on vacation and desire to be entertained. This first one is greed. If you have an account with Yahoo, and most people do, then you probably received an email from them this week regarding their Security Breach Proposal Settlement. Or did you?
If there’s money to be had, you know the bad guys will jump on it. According to the security training firm KnowBe4, “The bad guys are going to use the ‘urgency’ trick. The settlement is a set amount, meaning there’s only so much cash to go around. If too many people sign up for the cash option, they will have to split the pool. If someone had to spend time or money dealing with identity theft or other problems they believe stemmed from the Yahoo hacks, they can file a claim for up to $25,000 in out-of-pocket losses. All in all, enough bait to trick people.”
Travel Booking Sites Phishing Scam
The next exploit uses fake online travel booking sites to trap travelers in phishing attacks. According to iZOOlogic, “Researchers were able to uncover multiple operations during the month of May while tracking the activity of malicious spammers and phishers. They found out that more than 8,000 phishing attacks masquerades as offers from popular lodging platforms. It includes several email blasts appearing to come from a legitimate travel brand that signs up victims to paid mobile services.”
Netflix Scam
Finally, it wouldn’t be a week if some hacker somewhere wasn’t trying to use Netflix to scam people. This time it’s the threat of having your Netflix subscription cancelled. Afterall, how long can most people go with their Netflix fix?
According to Hoax Slayer, the phishing email reads, “Netflix has never been able to solve the payment problem and pay your subscription. The email goes on to say that you can easily get your account back by clicking a ‘Reactivate the Subscription’ button.” This, of course, does not reactive your subscription but rather gets you phished. People with email security service are not affected by it.
Phishing Phrontier
Often times compromising a computer requires a malicious file, which is usually an executable file type. Now, hackers have discovered an advanced malware “fileless” delivery technique making it more difficult to identify.
According to Security Week, “The attack starts with the delivery of an HTML Application (HTA), most likely through compromised advertisements. The file attempts to connect to a randomly named domain to download additional JavaScript code that attempts to retrieve content from the command and control (C&C) server.”
“Over the past several weeks, thousands of machines were impacted by the campaign, most of them located in the United States and Europe. Around 3% of the infected systems are within organizations, but the attack has mainly targeted consumers.”
Body Count
This isn’t the first time ransomware has closed a medical facility and unfortunately, it probably won’t be the last. News this week that “Wood Ranch Medical, a small medical provider located in Simi Valley, CA, is closing after a ransomware attack. A statement explaining the incident and announcing the closure is all that is left on the firm’s website.“
“Very little information about the attack is provided in the statement on the website. It says the firm was the victim of a ransomware attack that resulted in its patients’ personal healthcare information being encrypted.“
DoorDash Breach
Ever have your food delivered? By DoorDash? If the answers is yes, your data has probably been compromised. From SC Magazine, “Food delivery service DoorDash confirmed a data breach affecting 4.9 million customers and merchants took place in May and included general PII and partial payment card information.”
“The company learned in early September that a third-party vendor had been accessed on May 4, 2019 and was able to gain access to information including names, email addresses, delivery addresses, order history, phone numbers and hashed, salted passwords. Additionally, the driver’s license numbers of at least 100,000 Dashers were accessed and the last four digits of some customer credit cards were also exposed, but not the full number or CVV.”
YouTube Compromised
Have an account on YouTube? If the answers is yes, your may have been compromised. According to SC Magazine, “Millions of YouTube accounts [were] hijacked through phishing and compromised 2FA. Cybersecurity executives blamed YouTube’s continued use of multifactor authentication and relying on user credentials instead of more advanced forms authentication as the reason behind why millions of accounts were hijacked over the last few days.”
“The attackers used phishing attacks that convinced account owners to give up their Google account login credentials, used that information to enter the accounts and then re-assigned them to new owners. Next the malicious actors changed the channel’s vanity URL so the legitimate owners never realized their account was hijacked.”
And that’s the week that was.