Canada’s Trudeau dragged into COVID-19 scam, how not to be victimized by SIM card swaps, NutriBullet hit and more.
Welcome to Cyber Security Today. It’s Friday March 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Still more COVID-19 email scams are hitting the internet. One of the latest is aimed at Canadians: The subject line reads COVID-19 Payment. The message says “Canadian Prime Minister Justin Trudeau approved an immediate check of $2,500 for those who choose to stay at home during the Coronavirus crisis. Here is the form for the request. Please fill it out and submit it. The attachment file is called “Covid19 relief.doc.”
Well, of course this is a scam because the Prime Minister has not approved that payout. And if you click on that attachment you’ll be infected.
Security company Check Point Software reports that since the beginning of March 93 malicious coronavirus websites have been created, and more than 2,000 suspicious ones. Lots of people are searching the internet for coronavirus news. I know I’m being repetitive, but it’s important to rely on trusted sources for information like governments, well-known health agencies and reputable news agencies rather than websites with “coronavirus” that have recently popped up.
Beware of people offering COVID-19 discounts on products, especially health products. Know what? Criminals who sell malware to hackers are offering discounts on their products. So scams are multiplying. You’re taking care not to be infected with the COVID-19 virus. Make sure your computer isn’t infected as well by opening attachments.
This being Fraud Prevention Month, Canada’s privacy commissioner is putting out advice on how not to be victimized. One scam to watch out for is your smartphone being taken over by crooks. They do it by convincing your carrier to switch the SIM card in your phone to one they control. The SIM card is the little card in the phone that wirelessly identifies you as the owner of the device. What the crook does is call the carrier, pretend to be the target person and tell a sob story about losing the phone and needing to swap control to a new phone. The crook may even forge identification and go into the carrier’s store to impersonate the victim. To convince the carrier, the crook will likely have personal identification of the victim, perhaps bought on the internet from another criminals or through phishing, with the victim’s birthdate, address, credit card number. If they get control over a phone they may get access to the victim’s email and learn personal or company secrets, and to your bank account if you do online banking. They may do it by accessing the two-factor authentication codes sent to the phone.
The most likely sign control over your phone has been lost is you lose the ability to make phone calls. One way to foil an attack like this is to have a PIN number on your account. The crook can’t change things unless they know the PIN number. Another way is to get a port lock, which prevents your phone from being ported to another unless the carrier can verify your identity in person. Finally, have a passcode, screen lock or fingerprint lock on your device to prevent abuse of a stolen phone.
If you bought a NutriBullet blender online from the company website recently your payment card information may have been stolen. A security company called RiskIQ says it discovered the website had been corrupted with code that skimmed off credit card data. NutriBullet says now the only people who can access the website code need to have two-factor authentication in addition to their regular passwords.
Finally, users of Adobe products like Acrobat Reader, Photoshop, Bridge and ColdFusion should note that new security patches were released this week. Make sure you install them.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.