The FTC is coming down hard this week on those who didn’t protect victims but should have. The first case is the claim against Kohl’s for failure to provide information to identify theft victims fast enough so they could limit the damage.
From Scamicide, “Kohl’s Department Stores failed to provide information to victims of identity theft at Kohl’s when requested by many people. In response, the Federal Trade Commission brought legal action against Kohl’s. Kohl’s agreed to pay a $220,000 penalty to the FTC.” Way to go FTC.
Triangle Media Corporation Scam
Sometimes the FTC actually steps in and makes restitution to victims of scams. According to Scamicide, “The Federal Trade Commission (FTC) is mailing refunds to victims of a scam operated by Triangle Media Corporation which sold a variety of products online, including skin creams, electronic cigarettes and dietary supplements. Their advertising indicated that customers would receive free trial products for which they only had to pay a small fee for the cost of shipping and handling. However, the truth is that unwary customers were then charged up to $98.71 for products and enrolled in a continuing purchase program. The FTC shut down the scam and is now mailing refunds to victims of the scam.” That’s your tax dollars hard at work.
Royalty Free Photos Scam
Do you ever use those royalty-free photos available all over the web? Well someone named Mel may try to convince you you’re violating copyright laws. The good news? You’re not. The bad news? Mel is a hacker and she’s trying to phish you.
According to an article online, “This is a classic phishing scheme. They want the unsuspecting victim who receives the notice to click on the link which goes to a Google Drive hosted file that if clicked can create serious vulnerabilities in the victim’s device and/or network. They are pretending to be a ‘professional photographer’ or ‘licensed photographer’ going by the name Mel or Melynda with variations on the last name. They also use different fake email addresses and fake phone numbers.” You’ve been warned.
One more way COVID is being used to scam you. This time? A fraudulent mobile contact tracing app. From SC Magazine, “Capitalizing on a Canadian government announcement pertaining to the development of a nationwide, voluntary Covid-19 contact tracing app, malicious actors this month created a fake version of such an app that in reality infects Android users with mobile ransomware.”
How do you know it’s fake? Well for one thing, the real app isn’t available yet and the fraudulent one is. Stay vigilant.
LinkedIn Automated Phishing Messages
You have to hand it to those hackers. They’re always trying to automate their attacks. From Abnormal Security, “This attack impersonates an automated message from LinkedIn in order to steal users’ login credentials. The email itself looks like an automated notification regarding a possible business partnership. The links provided in the email body all lead to the same phishing credential website.”
Which university was the victim of ransomware this week? How about the University of California, San Francisco (UCSF)? Their penalty for being this week’s victim? How about a cool $1.4 million?
According to SC Magazine, ” The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack.” The good news, if there is any, is that the “university was able to stop the hackers in mid-attack and that it only affected a limited number of servers in the School of Medicine.” Let that be a lesson to you.
QuickBooks Phishing Attack
An unnamed company was a victim of a phishing attack this week according to cybersecurity firm Darktrace. And what was the lure they used in the phishing attack: QuickBooks.
From the report, “The attackers launched two phishing waves targeting the technology company Intuit’s platform QuickBooks, which is in high demand due to the upcoming July 15 tax deadline.
In the first wave, the attackers spoofed QuickBooks to send phishing emails, in which they pretended to be from a QuickBooks developer. The email contained a file attachment (Microsoft Office document) masquerading as a legitimate monthly invoice. In the second attack wave, the attackers compromised the email address of an accountant to send a phishing email directly to the CEO to those who did not have email security services, tricking them to enter their login credentials on a phony Skype page.”
And that’s the week that was.