Telus and Canadian victims of ID rip-off, EatStreet hacked and look ahead to faux domains.
Welcome to Cyber Safety Right now. It’s Wednesday June 19th. I’m Howard Solomon, contributing reporter on cyber safety for ITWorldCanda.com.
What do criminals do with stolen ID? One factor is use the credentials to open a phony cellphone account in another person’s identify. A Canadian man informed me final week that’s what occurred to him. He received a letter this month at his dwelling from Canadian wi-fi provider Telus that he owed over $1,000 in unpaid payments. After protesting, Telus informed him an account had been opened earlier this 12 months utilizing his first and center identify, his actual dwelling tackle, his date of delivery and his social insurance coverage quantity. The e-mail tackle the criminal gave for receiving month-to-month payments was phony, which is why the sufferer by no means received them. The person informed me he can’t work out how the felony received his private info; he had no warning that his electronic mail or every other place he has private info had been hacked. Nor, he mentioned, has he been careless on social media. It’s an instance of how stolen info — maybe from a number of sources — is utilized by criminals.
Wi-fi carriers often demand subscribers present ID that may be checked like a drivers licence and bank card. Telus spokespersons didn’t reply to a number of requests over two days for touch upon how the corporate was fooled.
It’s doable this private info was pulled collectively from a number of hacks that haven’t been disclosed. Regardless, right here’s my recommendation: Don’t give out your actual birthday when registering for something on-line — not for opening electronic mail, Twitter, Fb, LinkedIn or any social media accounts. And by no means carry your social insurance coverage or social safety card in your pockets, in case it’s stolen.
As for companies that want ID to open accounts, you’ve received to do a greater job at verifying identification.
The net meals ordering service referred to as EatStreet, utilized by about 15,000 eating places in 250 cities throughout the US, has admitted it was hacked final month. In letters despatched to customers of its app, eating places and suppliers the corporate mentioned it found the breach on Might 17th. It figures the hack occurred 9 days earlier. In a letter it says credit score or debit card numbers of a “restricted quantity” of shoppers was stolen, in addition to names and electronic mail addresses. As well as, financial institution info of eating places and suppliers had been stolen. Individuals who have been notified by letter have been warned to look at their bank card statements. The ZDNet information service mentioned the hacker or hackers who goes by the identify Gnosticplayers and has lately been behind a string of massive hacks claims it pulled the heist.
4 weeks in the past Microsoft warned firms that also have programs with outdated variations of Home windows — together with Home windows Vista, Home windows XP, and Home windows Server 2003 — there was a severe safety drawback. They both needed to set up the newest safety patches, disable sure companies or improve to new variations. Now the U.S. Division of Homeland Safety has repeated the warning that these older working programs have a severe bug and must be addressed. So IT execs who’re listening, search for the important warning referred to as CVE-2019-0708 and act on it earlier than your programs are hit.
Criminals use look-alike Websites and site addresses to idiot lots of people. You get a hyperlink in your electronic mail that’s from “retailer.web” however the actual website is “retailer.com.” Or they create a faux net tackle with an “r” and an “n” that appears to your eye just like the letter “m.” Safety vendor Proofpoint put out a report yesterday detailing the numerous methods this type of fraud works. It’s straightforward as a result of there are few checks when folks register net domains. So recommendation for shoppers is look rigorously at each website you go to, particularly the hyperlinks in electronic mail, textual content and social media. Don’t be fooled by the inexperienced safety lock in an online tackle. That doesn’t imply the location is legit. As for firms, attempt to register variations of your model’s identify. It could value a couple of bucks, nevertheless it’s value it. Rent a service that scans the Web searching for abuse of your identify. Extra importantly, to struggle electronic mail fraud of your identify use the DMARC area authentication protocol to ensure your electronic mail tackle can’t be faked.
Lastly, when you use a TP-Hyperlink Wi-Fi extender to increase the vary of your system, be sure that it has the newest safety repair put in. There’s a bug that must be patched.
That’s it for Cyber Safety Right now. Hyperlinks to particulars about these tales will be discovered within the textual content model of every podcast at ITWorldCanada.com. That’s the place you’ll additionally discover my information tales aimed toward companies and cyber safety professionals. Cyber Safety Right now will be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your good speaker. Thanks for listening. I’m Howard Solomon
Sponsor: Micro Focus
How GDPR can be a strategic driver for your business