Cash App con, another city falls for an invoice scam and more
Welcome to Cyber Security Today. It’s Monday October 28th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
Criminals are taking advantage on Twitter, Instagram and YouTube of promotions for a payments processor called Cash App. The legitimate promo called CashAppFriday or SuperCashAppFriday promises giveaways of money for leaving comments or retweets. Winners are selected by a draw. But scammers use those messages to send their own cash lures to people who post. One way you know you’ve received a scam is if the poster asks for a payment, claiming that’s how your account will be verified. Or they may promise that if you send $7 you’ll get $120. Some con artists create fake conversations in which it seems people really were sent money. On YouTube the scam is different. Videos are offered promising to show secret tricks to get free money on Cash App. What they really want is victims to fill out surveys and download mobile apps.
If you’re a Cash App user, remember this: No one ever asks you to send money for verification. If you get a message saying you’ve won a Cash App giveaway but you have to link to a website to log into your Cash App, ignore it. Go to the real Cash App website yourself — don’t click on a link — to see if you’ve won. Finally, there is no such thing as a Cash App generator or a Cash App hack that requires you to install a mobile app to get free money.
By the way, if you have a Cash App remember to enable the Security Lock. It requires users to type in a PIN number before money can be transferred. And restrict who has the ability to send you an incoming request for money to only your contacts.
The city of Ocala, Florida admitted last week that it lost about a half a million dollars after a municipal employee fell for a phishing scam. Someone purporting to be from a construction contractor doing business with city sent the employee a realistic-looking invoice for over $600,000, requesting payment be wired to a bank account. The account, of course, did not belong to the real contractor. Police are investigating. Few details were released, but often in this type of scam the criminal tells the victim that the usual bank account money is sent to has been changed. It’s another example of how finance departments have to toughen up their procedures.
Cyber criminals often go back to the scene of the crime. After all, if they’ve discovered one weakness they’ll exploit it again. The South African city of Johannesburg found that out the hard way. Last week it was hit with ransomware for the second time in four months.
In an earlier podcast I mentioned problems with Samsung Galaxy S10 smartphones and screen protectors that may make its fingerprint reader accept anyone’s fingerprint. Well, Samsung is rolling out a patch. However, how fast it gets to your phone will depend on how fast your carrier approves it. It’s called Biometric Update.
Finally, if you use the Google Chrome browser make sure it’s updated. Last week Google released version 78, which fixes a number of serious vulnerabilities.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.