Scams Continue as a Devastating 2018 Breach Year Counts Down
The lingering impact on credit unions and members from more than 1,000 data breaches in 2018.
While the countdown to the end of a devastating year of personnel information exposures, through major data breaches and scams, winds down the threats from a number of directions continues.
“There were over 1,000 data breaches in 2018 alone with notable ones hitting major entities like Marriott, GovPayNow, USPS, Quora, and Facebook (Cambridge Analytica) that left our personal information exposed. Thieves then took it a step further with a myriad of scams including luring us with emojis and even memes!” the San Diego-based Identity Theft Resource Center said.
The aftermath of those breaches should still remain a concern. The ITRC listed many different methods scammers use to commit fraud – all of which are designed to steal personal information or money. These methods include creating fake websites, sending phishing links, adding card skimmers to ATMs and more.
The ITRC reminded everyone that criminals are always on the prowl for money and/or personal identifying information and will continue to do so in 2019. One of the most proactive measures people can take is to consider freezing their credit, especially now that they are free to everyone regardless of their age or state in which they reside. “It’s also a good idea to never carry your Social Security card or provide your Social Security number unnecessarily, shred all unwanted mail and documents that are no longer necessary and don’t give out personal information unless you initiated the contact.
About a week ago, the Department of Homeland Security Cybersecurity and Infrastructure and Security Agency released information on Chinese government malicious cyberactivity targeting global information technology service providers—such as managed service providers and cloud service providers—and their customers. The Justice Department also announced an indictment connecting spies working for the Chinese government for the hacking campaign. Prosecutors said the hackers were part of a Beijing-backed group, dubbed APT10, which various security companies had previously linked to China.
Carl Wright, chief commercial officer, San Diego’s AttackIQ, said, “The United States Justice Department’s indictments in China are a step in the right direction as the blatant theft of IP and other sensitive data is unacceptable. Despite these indictments, prosecutions are unlikely given that the hackers are Chinese residents and extraditions are a rarity. These charges will restrict the international travels of those named in the filing and will send a warning to those who have not been named, potentially deterring motivation for future attacks against the United States.”
Wright explained, “This indictment has effectively scrubbed the bilateral agreement between the United States and China in 2015 that called for a truce against hostile cyberattacks and espionage. We have seen Chinese hackers target aviation, space and satellite, manufacturing, pharmaceutical, oil and gas, communications, computer processor, and maritime technology companies in the United States.”
Jonathan Bensen, interim chief information security officer and director of product management, San Jose, Calif.-based Balbix added, “These hacks even breached the names, dates of birth, email addresses, salary information and Social Security numbers of more than 100,000 United States Navy personnel this year.”
Then there is the fake Amazon order confirmations subterfuge pushing push banking Trojans on shoppers. Just because Christmas is over does not mean people shopping is completed especially from so many gift cards.
In one of the latest phishing and malspam campaign discovered by email security company EdgeWave, attackers send email disguised as real-looking Amazon order confirmations. These fake order confirmations sent with subject lines including “Your Amazon.com order”, “Amazon order details”, and “Your order 162-2672000-0034071 has shipped”.
If recipients open these emails and click a link for order details, they unleash the Emotet banking Trojan which then runs in their computer’s background, while logging key strokes, stealing account information, and performing other unwanted activities on the computer.
According to Colin Bastable, CEO of Austin-based Lucy Security: ” Nowadays, it’s far easier for a criminal to manipulate you to do something than it is to manually hack into your computer or your company’s network. The Amazon phishing attack is one of the most popular out there because they reflect real-life scenarios and for that reason, it’s generally one of the first simulations that our customers run to train their employees. Not surprisingly, it always scores a high click rate. We advise all on-line shoppers ‘Caveat Emptor’ (Buyer Beware).”