Email scams in Canada, the UK and Japan, new ransomware and online holiday shopping advice
Welcome to Cyber Security Today. It’s Friday November 8th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. To hear the podcast click on the arrow below:
Canadians should be aware of a recent email scam that pretends to come from cable and Internet company Shaw Communications. It says your last bill payment wasn’t authorized, your account has been put on hold, and you should click on a link to confirm your billing information. However, if you look closely the address of where the message comes from — is “bbc.co.uk.” Why would the BBC send you a warning? It looks like this is a wide campaign going to stolen email addresses and not targeted at Shaw customers. So trash this mesage, or report it to the Canadian Anti-Spam Centre. If in doubt about this or similar messages you should check your account by going to a website the way you usually do: Either type in the home page address yourself or use your usual bookmake. Don’t follow a link in an email.
Across the ocean there’s a different scam. The email pretends to be notice of a lawsuit from the United Kingdom Ministry of Justice, and includes a link to a subpeona. Click on the link and you get infected with malware that steals personal information. Rule number one: Lawyers love paper. Lawyers need paper. You would never get a subpoena by email. It would come by regular mail or a courier.
There’s a new strain of ransomware hitting companies that not only scrambles files, it also changes the password of victims so they can’t login o their machines. In addition, it threatens to copy and publish all of the files on the infected computer unless the ransom is paid. This is another reason companies have to make sure they have separate backups of data that can’t be infected. And remember, ransomware is usually spread when you click on a malicious link or attachment in email. So be careful of what you click on, make sure your devices have the latest patches and use antivirus and antimalware software.
I’ve talked before about scams where a company employee falls for a phony email message asking the bank account where money is usually sent to be changed. It happened recently to a big Japanse financial news company. The employee thought the email came from a manager in the U.S. division and sent off $29 million to a crook. Often this happens because the crook has hacked the email of a real manager or company supplier, so the message looks legitimate. The best way to fight this particular scam is to train employees to make sure an email request for changes to usual business procedures is real and not just trust that it comes from a senior official.
Google is trying to toughen security on its Android Play store. It announced this week it has partnered with three security companies to improve scanning for malicious Android apps before they are posted in the store. It’s a good thing as developers are finding new ways of sneaking in bad apps. For example, security company Wandera also said this week it found seven more apps that infect devices to show victims unwanted ads. These apps have names like Magnifying Glass, Super Bright LED Flashlight, Alarm Clock and Calculator. Before you download an app, think about and investigate whether it comes from a reputable company.
Finally, it’s the time of year when retailers offer Black Friday and Cyber Monday deals. Here’s some advice. First, don’t get suckered by pleas that “This is the best price anywhere!” Do price research. Companies offer sales all year round. Second, only give your credit card number to trustworthy retailers, not a seller you’ve never heard of. Be careful: Some crooks make their web sites look like a big retailer. Pay attention to the web site you get taken to when you checkout online. Does the URL or Internet address look odd? Don’t pay. And don’t buy using public Wi-Fi in places like a shopping centre or restaurant unless you’re using a VPN, which is a virtual private network. If you don’t know what a VPN is, stick to making purchases on your cellular network.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA