The list of online scams seems to grow ever longer as cybercriminals become increasingly aware of the large profits to be made from deceiving the unwary. Among the latest of these online retailers have been warned to watch out for stolen gift cards which are being used to pay for purchases and services. This was after it was reported that a cyber-criminal in February had auctioned off nearly 900,000 stolen gift card numbers with an estimated value of CAD 38 million.
The gift cards, for retailers like Walmart, Nike, Amazon, Target, and Airbnb belonged to a now-defunct marketplace that bought and sold such items and was obtained during a 2019 computer hack. The same fraudster is also thought to have stolen 330000 credit and debit cards obtained from the same website. These though had a relatively low value, as the card issuers would have canceled them long ago by the issuers.
Cybercrooks can either use these stolen gift cards to buy and sell goods, or they could try and sell them to another marketplace.
Meanwhile, experts have issued a warning to subscribers of the large file transfer service We Transfer. It has been reported that online crooks have been sending email messages purporting to be from the company to users, claiming that there are files which ready are ready to be sent to them.
To access them all a subscriber has to do is click on the link provided and enter their We Transfer username and password. As always with this type of scam, the aim is to fraudulently obtain these credentials.
Another phishing scam is aimed at the millions of people worldwide who use LinkedIn. It is a sophisticated phishing fraud whereby users get what looks on the surface to be a job offer tailor-made for them. Unfortunately, victims who then click on the attached file are infected with malware which will lead to their laptop or computer becoming infected. Their device is then vulnerable to an attacker who can steal any data they like, including passwords, and financial information.
And recently more than 300 million LinkedIn profiles were put up for sale. The email addresses made available could be used for phishing attacks, for placing false messages on LinkedIn claiming to be from somebody known to a subscriber, or as a means of obtaining passwords.
Since the pandemic began, there has been a significant increase in phishing attacks. In a recent poll, more than half the companies surveyed reported an increase in phishing activity in the past year.
Part of the trouble is that with mass migration to working from home, insufficient attention has been paid to employee cybersecurity awareness. It is too easy, even for the most diligent of the employee, o slip up and click a malicious link, or open a file that may contain a virus.
With organizations spending anywhere between one and four days on average remediating attacks, the bottom-line impact can be considerable.
Some organizations, like online casinos – see house of jack bonus codes detailed here = have invested heavily in back-office systems and sophisticated encryption software to guard against online fraud, and it is often a condition of their licensing arrangements that their cybersecurity is of a premium standard.
However, not all businesses are so sophisticated in their approach, nor have the budget to adopt such rigid online defenses.
Too often the onus falls on individuals to detect illegal cyber activity and in some organizations a blame culture is in place, meaning that an error reflects badly on the person that has committed it. This can lead to demoralization, anxiety, and an n undermining of employee confidence in their abilities.
One of the answers is training. And whilst many organizations do conduct cybersecurity awareness, this tends to be periodic rather than a regular occurrence.
Research has shown that people of all ages are vulnerable to phishing attacks and that it does not matter where one sits on the organization chart. Many of the most devastating corporate attacks in recent years have occurred when a member of senior or middle management has clicked on an inappropriate link.
One of the problems of email is its universality and ubiquity. Nobody is taught how to use it, and consequently, it is not surprising that many bad habits grow up around its use.
More broadly, the problem is that the hackers and the cybercriminals are always one step ahead of those out to stop them. Military historians often look at conflicts that went wrong and say that it was because the generals were fighting battles based on the last war, not the current war they were fighting.
In a sense, battling the cyber-criminals tends to be much the same. Once away has been found to plug one hole in cyber defenses, it is time to move onto the next breach which has opened up in the meantime.
It is a constant struggle, but one that cannot be shirked.
Other articles from mtltimes.ca – totimes.ca – otttimes.ca