COVID-19 hiring and sob story scams, Apple and Google partner on contact tracing, cops make arrests and more
Welcome to Cyber Security Today. It’s Monday April 13th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
I’ve talked before about the number of COVID-19 email and text scams going around. The FBI has issued a warning that criminals are also looking for people to help them move money around after a victim has fallen for their tricks. This is a time when people laid off may be eager for a job. It would be a pity if they ended up helping a criminal. So, stay away from online job postings and emails from individuals promising easy money for little effort. Common red flags include being asked to receive funds in your personal bank account and then forward money via wire transfer or money service businesses, such as Western Union or MoneyGram, being asked to open bank accounts in your name for another business and being told you make money by keeping a portion of the money you transfer.
By the way, the FBI has detected a new bunch of email and phone scams from people claiming to be abroad and needing your financial help because a loved one who has the coronavirus. Or they may say they are U.S. service members stationed overseas, citizens working or quarantined abroad. Whatever the excuse, they ask you to send or receive money to help a loved one. Another trick is to claim they are in the medical equipment business or affiliated with a charity. Again, they ask you to send or receive money on their behalf. What they really want is access to your bank account.
This podcast and other news sites around the world have been warning about online COVID-19 scams for some time. But an analysis of web traffic by a security company called Wandera suggests a lot of people aren’t getting the message. They compared the growth of web traffic to safe sites with information about COVID-19 — like governments and public health agencies — with sites known to host coronavirus-related phishing campaigns, donation scams, and malware. At the end of March the number of people going to bad sites was growing faster than the number of people going to safe web sites. This doesn’t indicate how many people are falling for scams or downloading malware, but it is a worrisome trend.
By now you may have heard that Apple and Google are working on making their mobile platforms work together to help slow the spread of COVID-19. The idea is to help governments and public health authorities create smartphone apps for voluntary contact tracing of virus victims. Contact tracing is a process of identifying, educating and monitoring people who have come into contact with someone who has the infection. Privacy, transparency, and consent will be part of any solution Apple and Google put together, they promise. We don’t know yet what their solution will look like. But during an online discussion about privacy and the pandemic last week a member of the Canadian Civil Liberties Association made a few good points: Any kind of tracking app should and include safeguards including assurances only the minimal amount of personal data is collected, it is held securely, and is held by an agency or government for a limited amount of time. Worth thinking about.
Some good news: Dutch police, with the help of Interpol and the FBI, have taken down 15 so-called booter web sites. These are service-for-hire sites that help criminals, activists or just nuisance-makers launch cyber attacks that hammer at web sites until they temporarily collapse. Experts call this a denial of service attack. Nothing is stolen, but it knocks a web site someone doesn’t like offline. Or, it can be used by a criminal or a country as a distraction while breaking into a victim’s site somewhere else. The way attackers get this firepower is by infecting computers, routers and other internet-connected devices into creating a botnet that can be commanded to go after a target. So when tens of thousands of devices start trying to go to www.company.com, the site gets overwhelmed and crashes. This is one of the reasons why people have to apply security patches and have good antivirus software.
Speaking of which, tomorrow is Microsoft’s monthly patch Tuesday, when it releases updates for Windows and other products.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.