Bill Gates victim of a second scam, more on the Twitter hack, a Microsoft Office con and improved security for Magento users.
Welcome to Cyber Security Today. It’s Monday July 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Someone really admires Bill Gates. First, his Twitter account was among the celebrities taken over last week to spread a bitcoin scam. The next day someone set up a phony email account in the name of the Bill and Melinda Gates Foundation and sent messages to people seeking donations in bitcoin. Interestingly the scam of the second message was similar to the first, a double-your-money-back promise. Was it the same gang or a copycat? No one knows.
The Twitter message came from Bill’s real Twitter account, so some people might have been fooled. However according to a security company called Area 1 Security, the email had a tiny clue it was fake: The address it came from had a spelling error. It looked like it came from “gatesfoundation.com.” But in “foundation” an “l” replaced the “i”. The attacker counted on people reading the sender’s address fast and not noticing. Unfortunately it’s still far too easy for cybercriminals to register look-alike web domains. It’s why you’ve got to slow down and look carefully at email that asks for donations, or messages with attachments you have to open or links to login pages. Sometimes hackers take over real accounts, which makes it hard to know a message is a trick unless you’re suspicious of requests for money or attachments. Other times, something odd or different in the email of a sender gives it away.
Here’s the latest news on that Twitter big celebrity hack last week: The New York Times said a hacker told a man they got into the Twitter system by first hacking the messaging system called Slack that Twitter employees use. That hacker then found login username and password of a Twitter employee posted there. If true, that would be a big breach of security. The hacker or hackers then used that access to reset the passwords on 45 Twitter accounts so they could send out the bitcoin scam. For eight accounts the hackers also downloaded the subscribers’ account data.
Subscribers to Microsoft Office should be careful if they get an urgent email that their service has to be renewed. It may be a scam, says a security firm called Abnormal Security. It’s seen thousands of these phony messages recently, all with the goal of tricking users into sending money to crooks. The subject line might be “Time to Renew”, and the Sender is “Payments Office.” But if you can see the full email address of the sender it’s obvious the message doesn’t come from Microsoft. There’s a “Renew Now” link, but it goes to an oddly named website like “office365family.com.” Another tip-off this is a scam is the messages pressure users by saying they only have two days to renew or there will be a $100 penalty. A link in some of the phony messages goes to PayPal for payment, but the account is in the name of an unknown person and not Microsoft.
Be careful with email that seems to come from an IT help desk saying you have undelivered email because your storage capacity is full. It may be a scam. The news service Bleeping Computer reported people getting messages from what looks like “servicedesk.com” with the subject line “Cloud report” asking them to “Release Messages or “Clean-up Cloud”. This is a scam to get victims to login in to what looks like an account page. What it really does is steal usernames and passwords.
Finally, good news for e-commerce businesses that use Adobe’s Magento platform. The latest version of the platform allows managers to set up two-factor authentication to protect the accounts of administrators. That’s wise protection because cybercriminals have been hacking Magento systems to install code that steals customers’ payment card passwords when they buy products. Two-factor authentication will help lower the odds of administrator passwords being hacked. All businesses that use Magento should quickly take advantage of this capability.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.