Canadian tax account hack, a job email scam and a security training site’s employee falls for a con
Welcome to Cyber Security Today. It’s Monday August 17th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Tax accounts of thousands of Canadians who used the same password to log into their Canada Revenue Agency online account as they did on other sites have been victims of a hack. The government has acknowledged that hackers got into about 5,500 personal or business tax accounts. CBC News reports the email addresses of some accounts were changed and some had their direct deposit information altered. In addition hackers used their access to apply for COVID-19 benefits. And about 3,000 accounts for a Government of Canada service called GCKey were hacked.
The incident is another reminder to people to use a different password on everything they subscribe to. Use a recommended software password manager to safely keep track of all your passwords.
With unemployment at double-digit numbers in North America cybercriminals are hoping people will fall for emailed job offers that are too good to pass up. A security company called Abnormal Security recently came across one with a salary range starting at $87,000. Who wouldn’t at least think about it? Well, that’s all you should do if you get one of these pitches. The emailed offer came to a targeted person with an odd subject line of a bunch of numbers plus the words, “Hello! Job Notification.” The message starts with “Hello” then goes on to say, “We are returning back to you regarding a request on a Careers web site.” Stop reading right there. There’s no mention of which careers web site. There’s alluring information on what the alleged job entails that sound nice — you’ll negotiate with suppliers and monitor a team of purchasing managers. But there’s only generic stuff on what the requirements are. Like, you have to be at least 30 years of age. And have “excellent decision-making skills.” What does this scam want? For the victim to reply by email with a cellphone number. And the email address? It’s a Yahoo account. Presumably the scammer will try to get personal information needed for a supposed job application, like social insurance or social security number, and birth date. With that, a criminal could create a fake ID.
Last week I told you that camera and printer manufacturer Canon was hit by a ransomware attack. Well, the company apparently has refused to pay up because the gang behind the attack has begun publicly releasing data it copied. According to the Bleeping Computer news site, the files seem to be marketing material, nothing with sensitive corporate or employee information. But that may have been a small taste of what the attackers have. Perhaps they released unimportant material to prove they have better goods. That’s a strategy to increase pressure on a victim. We’ll soon see if the hackers have more sensitive material, and whether Canon will capitulate.
I came across some useful advice for IT administrators in a weekly news roundup from the SANS Institute. It offers cybersecurity training courses. The newsletter mentioned the importance to businesses of installing the latest security software updates. Then it said this: “While patching is mandatory, one cannot patch one’s way to security.” Security also involves making sure only a few employees have privileged access to all data and systems; that there are internal firewalls watching network traffic; that all employees have strong authentication to log into systems, such as multi-factor authentication; that networks are structured; and that applications are protected with end-to-end encryption. That’s good advice.
By the way, in one of life’s ironies, one of the SANS Institute’s staffers fell victim to a phishing attack earlier this month. The attacker was able to get into the person’s email account and route copies of 513 emails to the attacker. Unfortunately those messages had 28,000 records of personal information of SANS members such as names, addresses and phone numbers. No password or financial information was copied. In a report Friday, the Institute explained how it was done: The victim opened and entered their email password to see an attached file they thought was about a July bonus. The file was really malware that created an email rule to forward copies of email messages to the attacker. Hackers love reading email to gain insights into how a company works. And they may find things like passwords and personal information of customers. A couple of lessons here: First, companies never do enough security awareness training. Second, periodically check your email to see if a hacker has configured settings to send copies of your messages to someone without your knowledge. Go into the Settings and see if there is a Forwarding rule.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.