Telus and Canadian victims of ID scam, EatStreet hacked and watch for fake domains.
Welcome to Cyber Security Today. It’s Wednesday June 19th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
What do criminals do with stolen ID? One thing is use the credentials to open a phony cellphone account in someone else’s name. A Canadian man told me last week that’s what happened to him. He got a letter this month at his home from Canadian wireless carrier Telus that he owed over $1,000 in unpaid bills. After protesting, Telus told him an account had been opened earlier this year using his first and middle name, his real home address, his date of birth and his social insurance number. The email address the crook gave for receiving monthly bills was phony, which is why the victim never got them. The man told me he can’t figure out how the criminal got his personal information; he had no warning that his email or any other place he has personal information had been hacked. Nor, he said, has he been careless on social media. It’s an example of how stolen information — perhaps from several sources — is used by criminals.
Wireless carriers usually demand subscribers provide ID that can be checked like a drivers licence and credit card. Telus spokespersons didn’t respond to several requests over two days for comment on how the company was fooled.
It’s possible this personal information was pulled together from several hacks that haven’t been disclosed. Regardless, here’s my advice: Don’t give out your real birthday when registering for anything online — not for opening email, Twitter, Facebook, LinkedIn or any social media accounts. And never carry your social insurance or social security card in your wallet, in case it’s stolen.
As for businesses that need ID to open accounts, you’ve got to do a better job at verifying identification.
The online food ordering service called EatStreet, used by about 15,000 restaurants in 250 cities across the United States, has admitted it was hacked last month. In letters sent to users of its app, restaurants and suppliers the company said it discovered the breach on May 17th. It figures the hack happened nine days earlier. In a letter it says credit or debit card numbers of a “limited number” of customers was stolen, as well as names and email addresses. In addition, bank information of restaurants and suppliers were stolen. People who have been notified by letter have been warned to watch their credit card statements. The ZDNet news service said the hacker or hackers who goes by the name Gnosticplayers and has recently been behind a string of big hacks claims it pulled the heist.
Four weeks ago Microsoft warned companies that still have systems with outdated versions of Windows — including Windows Vista, Windows XP, and Windows Server 2003 — there was a serious security problem. They either had to install the latest security patches, disable certain services or upgrade to new versions. Now the U.S. Department of Homeland Security has repeated the warning that these older operating systems have a serious bug and needs to be addressed. So IT pros who are listening, look up the critical warning called CVE-2019-0708 and act on it before your systems are hit.
Criminals use look-alike Web sites and web site addresses to fool a lot of people. You get a link in your email that’s from “retailer.net” but the real site is “retailer.com.” Or they create a fake web address with an “r” and an “n” that looks to your eye like the letter “m.” Security vendor Proofpoint put out a report yesterday detailing the many ways this kind of fraud works. It’s easy because there are few checks when people register web domains. So advice for consumers is look carefully at every site you go to, especially the links in email, text and social media. Don’t be fooled by the green security lock in a web address. That doesn’t mean the site is legit. As for companies, try to register variations of your brand’s name. It may cost a few bucks, but it’s worth it. Hire a service that scans the Internet looking for abuse of your name. More importantly, to fight email fraud of your name use the DMARC domain authentication protocol to make sure your email address can’t be faked.
Finally, if you use a TP-Link Wi-Fi extender to extend the range of your system, make sure it has the latest security fix installed. There’s a bug that needs to be patched.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon