It’s been awhile since we’ve seen an iPhone scam. Maybe that’s why it’s making the rounds again. According to an article on Scamicide, “A scam is appearing on Facebook and other social media where you are asked to like a promotion found on your Facebook page where you are told that merely by completing a survey and sharing a link with your friends, you will receive a free iPhone12. Of course, you are not going to get a free iPhone 12 in exchange for merely completing a survey and sharing a link with your friends. What you are going to get when you complete this particular survey, which requires you to provide your cell phone number, is a cramming charge on your cell phone bill for a text messaging service for which you have unwittingly signed up. As for your friends, if they click on the link that you have enabled them to receive, they will end up being defrauded as well.” If it sounds too good to be true…
Medicare Scam of Senior Citizen
Scammers never have a problem going after the elderly, and one of the avenues they use to do is Medicare enrollment. Because Medicare only lets enrollees change their plan once a year, it provides a good opportunity for scammers to target them during that period.
From an article on Scamicide, “Scammers and identity thieves view the open enrollment period as senior citizen hunting season as myriads of Medicare scams are common during this time. Seniors may be contacted by someone purporting to be from their insurance company asking them to verify the information. This is a common tactic of identity thieves trying to trick their victims into providing information. They also may be contacted by people claiming to have supplemental insurance programs that will save them thousands of dollars. Here too, you cannot be sure that they are legitimate when they contact you by phone, text message, email or even regular mail.” If you’re involved in Medicare, keep your wits about you.
Here’s a new twist on ransomware. You may think that if you get hit with ransomware, pay the thieves and get your data back, your payments are done. Not so fast. According to an article on SC Magazine, “Companies hit by ransomware could find themselves in the crosshairs of the federal government if the group behind the attack is subject to economic sanctions. The penalties can leave a company open to civil penalties even if [the payer] did not know or have reason to know it was engaging in a transaction with a person that is prohibited under sanctions laws.”
So, you get hit by ransomware, and not knowing the background of your attackers, you pay them to get your data back and your reward is the government fines you. No good deed…
Don’t look now but ransomware attacks are becoming more dynamic and human-oriented, according to Microsoft. The company reported “Ransomware was the most common reason behind incident response engagements but many organizations continue to treat the issue as a straightforward or automated malware threat. This approach often fails to address the root problem because it ignores the human actors behind the threat. In many cases, delivery of the actual ransomware payload is one of the last steps in a string of compromises. Treating ransomware primarily as a code-based or automated threat misses out on how dynamic these intrusions can be.”
Sometimes when a company experiences a data breach, it turns into ransomware and they have to pay millions to the criminals. There are other times when a company experiences a data breach and they have to pay millions to the victims. Such was the case this week with health insurer Anthem over a cyberattack that exposed personal information on nearly 79 million people.
From a Security Week article, “The Blue Cross-Blue Shield insurer said Wednesday that it will pay $39.5 million to settle an investigation by a group of state attorneys general. The company also agreed nearly two years ago with the U.S. Department of Health and Human Services to pay $16 million to settle possible privacy violations.” Is there any amount of money a healthcare company can pay to avoid data breaches that is too much? Probably not.
Healthcare Service Hack
Staying within the healthcare industry, “The hospital chain Universal Health Services said Thursday that computer services at all 250 of its U.S. facilities were hobbled in last weekend’s malware attack and efforts to restore hospital networks were continuing,” according to Security Week.
Continuing from the article, “The chain has not commented on reports it was hit by ransomware, though its description of the attack in a statement Thursday was consistent with malware variety that encrypts data into gibberish that can only be restored with software keys after ransoms are paid.” Can’t wait to see what this will cost to get their data back and again we ask; is there any amount of money a healthcare company can pay to avoid data breaches that is too much?
Swiss Universities Breach
It’s one thing when companies get hit with ransomware or fines. They usually have resources or insurance to alleviate some of the pain. But what happens when it’s individuals that get scammed like what happened at Swiss universities this week?
According to an online article, “As yet unidentified hackers have managed to steal employee salary payments at several Swiss universities. The hackers used information obtained by phishing those who did not have email security service — tricking a person into passing on their personal details — for their attacks on at least three universities, including the University of Basel. According to the SonntagsZeitung newspaper, they accessed the universities’ payment systems and changed the instructions on salary transfers, stealing a six-figure sum.” Maybe it’s time to invest in anti-phishing software to protect the employees.
And that’s the week that was.