Security of restaurant online ordering platforms questioned, Google gets tough with 2FA and fake online product review scam revealed.
Welcome to Cyber Security Today. It’s Friday, May 7. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
This week I’ve talked and written a lot about two-factor and multi-factor authentication. In fact, it’s one of the topics on this afternoon’s Week In Review podcast. A number of online services offer it as an option for securing your password login. Yesterday, as part of World Password Day, Google said it will soon force users to use two-factor authentication. It will start by automatically enrolling Gmail and Google Workforce uses whose accounts are configured for it. For those who don’t know, with two-factor authentication after entering a username and password to log in you are prompted to also type in a six-digit code sent to a separate device. Or if you’re trying to log in with a smartphone, you get sent a prompt to tap. Multifactor authentication is another way of verifying the real you is logging into your account. Take advantage of it on as many services that offer it as possible.
During the pandemic many restaurants had to quickly offer online ordering and takeout service. That meant signing up for an online ordering platform. But the security of some platforms is lacking. Five platforms have been hacked in the past six months, according to a cyber consultancy called Gemini Advisory. What the attackers got were 343,000 credit and debit card numbers. They are now being sold on criminal websites. Hacking platforms that are used by many restaurants is more efficient than hacking restaurants one at a time. These online ordering platforms need to toughen their security by monitoring their website code for unapproved changes.
Thinking of buying that product you want on the internet? The buyers’ reviews are mostly positive. But can they be trusted? It depends on who the seller is. Unscrupulous companies reward people for writing fake positive reviews. It’s been going on for years. The latest evidence was revealed this week by a security company called Safety Detectives. Its researchers found a database holding tens of thousands of documents behind a scam run by sellers on Amazon. People agree to write five-star reviews, and in exchange they get a full refund on products they buy. So in effect, they get stuff for free. Perhaps 200,000 reviewers are involved, and perhaps 75,000 sellers of goods. It isn’t known who compiled this database of fake reviewers. Whoever it was, they didn’t protect it very well.
You can avoid being taken in by being skeptical of reviews that are overwhelmingly positive, read like an advertisement, and seem identical to others.
That’s it for now. Don’t forget later today the Week In Review edition will be available, when a guest commentator and I will discuss some of the news of the week.
Remember links to details about podcast stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.