Today’s podcast looks at four recent email scams, including one impersonating a Canadian cabinet minister, and advice on how not to be taken in.
Welcome to Cyber Security Today. It’s Monday November 12th. To hear the podcast, click on the arrow below:
Someone’s been impersonating Canadian Justice Minister Jody Wilson-Raybould. They created a fake email and LinkedIn accounts, then sent messages to people in her Vancouver riding asking for money. According to the Globe and Mail, the email says the minister needs $457,000 in Chinese currency to help an unnamed firm in China. There are no details on what the fake Today’s podcast looks ataccounts looked like, so I can’t say what should have tipped people off – other than this was a suspicious request for money. Apparently a number of people thought so, and rightly called the government and police.
Here’s another reminder of why you have to slow down and read every email before clicking on an attachment: Someone hacked the email of the police and fire chiefs in two North Carolina towns, then sent a fake message to everyone on their contact lists asking them to open a document or invoice. So the sender’s email address was real, but the attachment was likely infected. It’s a tough world today – even a legitimate email can carry malware. At the very least you need up to date malware protection on all your devices. As an added precaution, even when someone you know sends a document by email, phone them to confirm its legit. The unanswered question is how were the police and fire chiefs email hacked in the first place.
Last week a hospital in Washington State notified almost 2,400 patients their personal information had been stolen after an employee’s email was hacked over the summer. Patients’ names, Social Security numbers, driver’s license numbers, medical information and credit card numbers were among the data lifted. This is the sort of thing that can be prevented by enabling two-factor authentication on an email account. That will send a warning if someone is trying to access your email account from a computer other than yours.
Finally, remember that any attack, including an email attack, tries to exploit unpatched software holes on your computer. This comes to mind from a report by Palo Alto Networks on an ongoing attack campaign in Europe. The first step is sending an infected email document to a target company or government official. The document doesn’t have malware itself. Instead it sends a message out to its master saying ‘I’m here.’ Then the infected payload is sent. The thing is, that particular payload takes advantage of two holes in Microsoft Office. A fix for one of then was fixed in a patch a year ago, the other six years ago. Organizations that don’t patch Office get stung regularly.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.