Cyber Security Today: Scam on Google Help Forums, robot vacuum cleaners, is that a bug?

Be on the lookout for phony phone number scams Google Help Forums, beware of Internet-connected robot vacuum cleaners and are you sure that’s a bug?

Welcome to Cyber Security Today. It’s Friday July 20th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

The Internet is full of people willing to offer helpful advise to you. Unfortunately, some of those people are criminals, and what they really want is to infect your computer and steal your passwords. Sometimes they’re right in front of you on support forums. I learned that this week when I turned to Google’s Chrome Help Forum. Shortly after I posted a question someone named “Francine Collins” posted a reply: “Hello, We have received your issue. Just call customer Support Number [ 1-855-550-XXXX ]. We will help you to fix your issues.” I called the number. A man answered saying “Hello” – not “Hello this is John Smith, I’m with Google support. How can I help you.” I asked who was I calling. He said “Amazon.” I hung up.

The thing is, Google doesn’t have a phone support number, a Google press spokesperson confirmed. After I reported the incident Francine Collins’ reply to my post disappeared.

I searched the phone number across Google’s support sites and apparently “Francine” posted that same phone number a lot. So did someone called “Katyal Kansui.” Yesterday, when I did a search again and the person posting the phone number was called “Wallace Rosado.”

So here’s the lesson. Be suspicious of people posting supposed customer help phone numbers on open support forums like Google’s – especially forums where you don’t have to register to get access. Anyone can post a reply. Be suspicious if you call a support number and you’re asked for your username and password. Hang up. Be suspicious if someone on an open support forum suggests you download a file. Forget it.

Anything in your home connected to the Internet is at risk of being used to invade your privacy. That includes a robotic vacuum cleaner. Researchers at Positive Technologies say they found a vulnerability in the Chinese-made Dongguan Diqee 360, sold on the Internet and available in Canada and the U.S. Since the vacuum has Wi-Fi, a webcam with night vision and smartphone-controlled navigation, an attacker could secretly turn on the camera or microphone and spy on the owner. That’s if the owner doesn’t change the easy-to-crack password the device comes with. Or the device could be made to join a botnet and contribute to distributed denial of service attacks. Again, anything in your home that connects to the Internet, directly or through WiFi – including outdoor surveillance cameras, DVRs, refrigerators, toys and smart doorbells – could be exploited if you don’t use a safe, strong password.

Finally, when is a bug a vulnerability that needs to be patched, or just a product being wrongly used? That’s the heart of a dispute between security company Trustwave and Reprise Software, which makes a software licence manager used by organizations. A Trustwave researcher found the web-facing front end of the application can be hacked, allowing an attacker to write data to any file in the organization, including adding malware. Reprise was told the software should be patched, but Trustwave says the company tells administrators not to let its product be used by an employee with full administrative privileges. That’s because if an attacker steals that password they get full access to the software. However Trustwave believes even an employee with low-level privileges would have enough access to do damage.

Trustwave insists administrators should make sure employee access to Reprise Licence Manager web server is limited, and strong authentication for accessing the server should be enabled.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast