Equifax has been sending customers straight into a hacker’s trap for weeks

The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.

The Verge reported Wednesday that Equifax representatives sent customers looking for help with the massive data breach — which potentially compromised 143 million people’s private information — to a copycat site thanks to a typographical error.

After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.

“If users end up on the wrong site, they could end up leaking the data they’re already concerned was stolen,” the Verge reported.

On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

The company deleted the erroneous tweet, but a quick scan of their Twitter feed showed that they have sent multiple customers to the phony address. Those tweets have been deleted now, as well.

Fortunately for users who followed the mistaken link, www.securityequifax2017.com is a “white hat” hacker site set up by developer Nick Sweeting as a demonstration of popular phishing techniques.

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting told The Verge. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

Sweeting says he notified Equifax of their vulnerability and emailed them about his decoy site, but never got any response.

The Verge said, “Equifax’s entire response to the breach has been a mess. The company’s website set off alarms for lawyers who worried it might waive victims’ right to sue the company, and the response phone line representatives actually had no information and just directed concerned consumers back to the website.”

Read more details here.

Author: David Ferguson

Destruction of service: How ransomware attacks have changed

The latest wave of ransomware attacks, including WannaCry, Petya and NotPetya, show not only an increase in sophistication of these types of attack, but also a change in motivation. Although NotPetya is ostensibly a ransomware variant, the threat actors appeared to have no interest in making money, and were more concerned about damaging companies by disrupting operations.

Now dubbed destruction of service, this latest trend is something I’ve been concerned about for a while, having tested many companies’ internal networks and witnessing firsthand how vulnerable they are.

A different kind of ransomware

Getting malicious software inside a company’s network is quite easy — an email phishing attack usually works.

However, NotPetya also appears to have spread by compromising M.E.Doc, a Ukrainian financial services software maker, and then altering an automatic update to include NotPetya, delivering it to every client. The vast majority of antivirus and antimalware software was unable to detect the malicious content. It then restarted the victims’ machines, encrypting the data, and then overwriting the master boot record with its own custom loader. Once this process was completed, the data on the machines was unrecoverable unless it could be restored from backup.

For a hacker who is concerned with destroying data and causing as much damage as possible, the next step is to give the ransomware variants the ability to spread.

Read more details here.

Author: Rob Shapland

Getting A Grip On the Latest Hacking Attacks

The world is feeling scarier by the day.

North Korea’s missile threats are no laughing matter. The television news pairs feel-good stories about Fourth of July celebrations with ominous notes about shows of force by police at those same events. And nobody seems to know quite what to think about an outbreak of hacking attacks that commands headlines around the world.

No sooner did Fortune put to bed its July cover packaged titled simply, “Hacked,” then another assault hit computers around the globe. The list of victims is dizzying. Lawyers at DLA Piper were forced to work from home. A Pennsylvania hospital delayed operations. Shipping giants Maersk and Federal Express (FDX, -0.03%) saw operations ground to a halt.

Worse, no one seems to be quite sure who’s doing the attacking or why. Reasonable people are scared. I came home from a week-long vacation to find multiple emails from my corporate IT department warning me not to open “phishing” attempts.

Read more details here.

Author: Adam Lashinsky

An estimated 91-percent of hacking attacks begin with a phishing or spear-phishing email

Your IT department has no doubt warned you not to click on suspicious links in e-mails, even when the missive promises a hilarious video or comes from a seemingly trustworthy source. If the link looks suspect: Do. Not. Click.

That’s because these emails are often phishing scams designed to trick you into clicking on a malicious attachment or visiting a malicious web site. In the latter case, the web site may appear to be a legitimate bank site or email site designed to trick the user into disclosing sensitive information—such as a username and password or bank account information—or may simply surreptitiously download malware onto the victim’s computer.

Just ask the White House employee who apparently clicked on a phishing email purporting to come from the State Department and allowed hackers into several government networks.

TL;DR: Phishing refers to malicious emails that are designed to trick the recipient into clicking on a malicious attachment or visiting a malicious web site. Spear-phishing is a more targeted form of phishing that appears to come from a trusted acquaintance.

Spear-phishing is a more targeted form of phishing. Whereas ordinary phishing involves malicious emails sent to any random email account, spear-phishing emails are designed to appear to come from someone the recipient knows and trusts—such as a colleague, business manager or human resources department—and can include a subject line or content that is specifically tailored to the victim’s known interests or industry. For really valuable victims, attackers may study their Facebook, LinkedIn and other social networking accounts to gain intelligence about a victim and choose the names of trusted people in their circle to impersonate or a topic of interest to lure the victim and gain their trust.

Read more details here.

Author: Kim Zetter

Who’s Behind the Gmail Phishing Attack?

“The Gmail phishing attack that played out across Google’s billion-user email platform Wednesday afternoon was “particularly insidious” and created by someone with considerable skill, say cybersecurity experts.

The scam involved sending users a malicious link from what looked like a familiar contact; when users clicked it and logged on, the hacker gained access to their Gmail credentials, thereby getting the keys to the kingdom for a user’s entire online life — and enabling the virus to replicate itself.

While Google says it has fixed the problem, it still remains a mystery who may have launched the worm that quickly made the rounds online.”

Read more details here.

Author: Alyssa Newcomb, NBC News

Phishing Attack Results in $400,000 HIPAA Breach Fine

“Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) found that MCPN violated the HIPAA Security Rule by failing to do proper risk assessments or implement adequate cybersecurity measures and procedures.

“Specifically, MCPN has failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by MCPN,” OCR wrote in the official Resolution Agreement.

“Further, MCPN has failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.”

Investigators indicated the financial component of the settlement might have been higher but OCR considered the public benefit of the services provided by the nonprofit.”

Ensure that your business is fully HIPAA compliant by calling us at (651) 379-2035 or emailing us at info@proactivemanagedit.com

Read more details here.

Author: Aldrin Brown

Lithuanian man’s phishing tricked US tech companies into wiring over $100m

“Two major American tech companies were tricked by a Lithuanian man’s phishing scheme into wiring him over $100m, according to the justice department.

Evaldas Rimasauskas, 48, was arrested last week by Lithuanian authorities and charged on Monday by prosecutors in the southern district of New York. Announced on Wednesday, the charges of wire fraud, money laundering and aggravated identity theft could carry a sentence of 20 years in prison.

According to the criminal complaint, Rimasauskas posed as a computer hardware manufacturer by creating his own company, registered in Latvia, with the same name as a legitimate one in Asia.”

Read more details here.

Author: Alan Yuhas

Victims of W-2 phishing scams (2017 list)

“When someone appearing to be your boss emails you and says they urgently need you to send them employees’ W-2 information from 2016, what do you do? Well, if you haven’t been trained properly or reminded often enough – or if your employer doesn’t have safeguards in place that might prevent you from just sending an email with an attachment out of the system – you might fall for the scam and email criminals the requested information.

If you don’t want to be hated by your colleagues whom you have put at risk of tax refund fraud and identity theft, when you get a request to email W-2 information, STOP and consult with a supervisor and ask them to confirm up the chain that this is a legitimate request.

Last year, this site compiled 145 such incidents before I somewhat waved a white flag in terms of trying to keep up. Let’s see how 2017 goes.”

Read more details here.

Author: Dissent