In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about cybersecurity being child’s play, travellers targeted by cybercriminals, and plenty of fresh phishing news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.
Reading, writing and cybersecurity
The hot ticket these days isn’t to InfoSec Taylor Swift, it’s to see eight-year old cybersecurity expert and startup CEO Reuben Paul. This pint-sized infosec phenom is in high demand, speaking at numerous infosec conferences, sharing his message that cybersecurity is an important skill set to be teaching younger generations. To learn more about his perspective – and his busy speaking schedule – read this Q&A.
Travelers get more than free continental breakfast
Several stories in the news this week may prompt you to opt for a staycation rather than travel next time you’re contemplating leaving home. From booking your trip to logging on when you’re at the hotel, cybercriminals are one step ahead.
Booking.com, a highly trafficked online travel booking site, admitted that more than 10,000 of its users had been targeted in an email phishing scam. That booking confirmation email you received, seemingly from Booking.com or the hotel itself, and its request for a deposit to hold the reservation? It’s a scam. The site’s PR team went into defence mode, stating that “this was no data breach and that phishing is an industry-wide phenomenon,” while an infosec blogger posited another, more frightening possibility: “Maybe nobody knows how this happened.”
Meanwhile, business travelers in Asia have been targeted in another type of cybersecurity attack. And I mean targeted. Security advisors suspect that the attacks were targeting specific travellers and may have even had those targets’ itineraries. That’s how it started, but the attacks appear to have broadened and vulnerabilities may have impacted anyone connecting to hotel wifi. As is so often the case, phishing appears to have been a primary vector for delivery of these attacks.
It pays to be hypervigilant when booking and using wifi at hotels; give them your Dodoname instead of your email address!
This week’s phishing news includes a bleak Outlook, a Google report shining a light on just how effective these scams are, and the full extent of the Home Depot breach that brought Christmas early for potential phishing scammers.
Bad news: Your Microsoft Outlook has been infected with a Trojan virus! At least that’s what the phishing scam in inboxes this week declared. Just click on the link in the very legitimate-looking email from Windows Microsoft to run the Norton antivirus software and eliminate the c93 virus from your mailbox; failing to do so will result in the deactivation of your mailbox. What is actually happening is that by following the steps in the email, you’re handing your Outlook credentials to cybercriminals. And recipients are clicking on these nefarious links much more frequently than you’d think, according to a recent report by Google.
Phishing scams are wildly successful, which is why they continue to plague our inboxes. Google has conducted some fascinating and terrifying research into what they’ve dubbed “manual hijacking,” a primary vector for which is phishing. The results are staggering – phishing emails were effective between three and 45 percent of the time. Of those who clicked on phishing links, 14 percent entered personal data like login credentials or credit card information. These stats are very alarming when you consider the number of personal records taken in some of the recent data breaches.
Listen closely. Do you hear it? That faint sound you hear is that of countless hackers thanking their lucky stars for the phishing bounty they’ve received from the likes of Home Depot. Home Depot has been on the PR campaign trail, trying to clean up the mess of the much-publicized data breaches that company has experienced. One consumer and journalist who had her details exposed in the breach shared the contents of an email that Home Depot sent out to those affected. In that email, the director of corporate communications for the company threw its loyalty program partners under the bus as the weak link in the data security chain, and let recipients know that theirs were just one of 53 million – more than the entire population of Canada! – email addresses compromised, followed by some tips and tricks for avoiding phishing scams.
An ounce of prevention is worth a pound of cure, as they say. Should have used Dodoname!