Like to play video games? Then you’re a target for a phishing scam. This week’s scam of the week, courtesy of Meta Compliance, is targeted at PlayStation users.
According to the article, “PlayStation users are being warned that scammers are disguising themselves as The Elder Scrolls Online developers in a bid to trick players into disclosing their login credentials. The crooks are targeting PlayStation users via private messages that state their account will be banned if login credentials are not provided within 15 minutes.”
First Time Buyers Scam
Imagine you save for years to amass a down payment on a home and lose it to a phishing scammer. That’s exactly what happened to first time buyers in the UK who lost £94,000 “when funds were cruelly stolen from them by fraudsters which they thought had safely been transferred to their solicitors.”
The “First time buyers (FTBs) lost their money through what is known as an ‘phishing attack’ after fraudsters intercepted emails between them and their conveyancer.” Just sad.
PayPal Phishing Scam
You’d think by now people wouldn’t trust a single email they ever received from PayPal, but it’s still being used in phishing attacks. According to Bleeping Computer, “An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info.”
“To make sure that the potential victims are scared straight and more than willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they’re secured by confirming their identity.”
Phishing Phrontier
What were the most cunning phishing attacks in 2019? Microsoft has some very definite opinions about that. According to the company, “The three new techniques that made Microsoft’s most creative list for 2019 involved hijacking Google search results; creating custom ‘404’ Not Found error pages that were crafted as Microsoft login phishing pages; and using a man-in-the-middle component that captured legitimate Microsoft logos to simulate Microsoft sign-in pages.”
“The three techniques are part of the reason Microsoft has observed a significant rise in phishing attacks in recent years. Earlier this month it flagged the percentage of phishing emails to Office 365 users had climbed from 0.3% to 0.6% over the past year, continuing the two-year trend of two-fold year-over-year increases in inbound phishing email.”
Canadian Banks Scam
At some level, you have to be impressed with anyone who can keep a scam going for three years. According to an article on SC Magazine, that’s exactly what’s been happening to Canadian banks. “Researchers recently discovered a large-scale phishing email operation that has been targeting primarily customers without email security services of Canadian banking chains since at least 2017. The emails generally attempt to trick recipients into revealing their credentials on a phishing page that utilizes a lookalike domain and impersonates a log-in screen.”
Body Count
When it comes to getting hacked, we’re always impressed when the number of victims exceeds a billion. At that number, you’re talking about a non-insignificant portion of the entire planet. Such was the case when news broke this week about 1.6 billion LightInTheBox customer records being left exposed.
According to the article, “An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year.” This was a dangerous breach to victims “exposing them to not only a cyberattack but potentially a physical confrontation as the data included enough clues to allow a malicious actor to discover their home address.”
LifeLabs Ransomware Attack
When you fall victim to a ransomware attack, you have to do what you have to do, which in some cases means paying the ransom. That was the case this week when the Canadian health diagnostics firm LifeLabs chose to play an undisclosed amount of ransom to cybercriminals to retrieve stolen customer data.
“LifeLabs president and CEO Charles Brown said the decision to pay the malicious actors was taken in in collaboration with cybersecurity experts familiar who handle cyberattacks and negotiations with cybercriminals. The data accessed in the attack included name, address, email, login, passwords, date of birth, health card number and lab test results.”
RavnAir Cyber Attack
Sometimes a cyberattack costs the victims money. Sometimes it costs them their identity. And sometimes it’s just a pain in the neck. That’s the story this week when a cyber-attack forced an airline to cancel flights in Alaska.
“RavnAir canceled at least a half-dozen flights in Alaska on Saturday — at the peak of holiday travel — following what the company described as a malicious cyber-attack on its computer network. The cancellations affected around 260 passengers.”
And that’s the week that was.