Cyber Security Today: Fake name scams, money for finding bugs and police hit by ransomware

Fake name scams hit e-commerce companies, Facebook and Google, hackers earn big money for finding bugs and U.K. police hit by ransomware

Welcome to Cyber Security Today. It’s Friday March 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

At the beginning of the week I told you about hackers compromising seven e-commerce web sites to skim off credit card information. Well, security vendor RiskIQ said Thursday it has discovered websites of two more online companies that have been hit: Bedding retailers MyPillow.com and Amerisleep.

One of the ways this scam works is by creating a fake web site with a similar name to the target company so customers don’t realize they’ve gone to a phony site when they enter their credit card information. In one case the attackers created the site “mypiltow.com”, hoping customers would miss the “LT” for the double-l in pillow.

A new tactic is intercepting the live chat support function on a website. Then they can skim off customer comments and possibly personal information and passwords.

(UPDATE: After this podcast was recorded RiskIQ clarified that the new tactic is including a code for a live chat support function on the fake website which would mimic the live chat capability users would expect to see on the real site. It also serves to hide the skimmer code the attacker added.)

The lesson is e-commerce companies have to do a better job at making sure the code on their web sites doesn’t change.

Speaking of similar name scams, ZDNet reports a Lithuanian man pleaded guilty in New York this week to defrauding Google and Facebook out of $123 million by using fake invoices to trick employees into wiring money him. He did it by setting up a company with a name similar to a computer supplier called Quanta that both Google and Facebook use. Then using that similar company name he emailed invoices to Google and Facebook, correctly betting accounting staff wouldn’t notice the slight difference. The man faces a maximum sentence of 30 years in prison.

There are criminal ways of earning money by hacking, and legitimate ways. One legit way is by participating in a bug hunting contest. One has been underway this week in Vancouver, British Columbia at the annual PwnToOwn (prounouned “POWN TO OWN”) contest organized by Trend Micro. On the first day a two-person team earned $160,000 of the $240,000 given out for finding holes in various pieces of software like the Safari browser. The prize pool for the three-day event is over $1 million. Contests like these help find bugs before criminals do, and help teach companies how to code better.

Finally, police in the U.K. have opened a criminal investigation into a ransomware attack that hit the computer systems and email service of the police association. The incident started over a week ago but word is only now getting out. Data on computers was encrypted. Unfortunately the attack also deleted crucial backup data. That’s usually a sign the backup system wasn’t properly isolated from the main network. Backups are an essential defence against ransomware. If your backup is connected all the time to your system, it’s going to be infected as well. The police association doesn’t think it was a targeted attack.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast