A new “phishing” campaign has surfaced that uses Google Translate as the hook.
From the article:
“When Google Translate is used, an email is sent from what appears to be Google, telling users their account was accessed from a new Windows device.
On the email, is a button for the user to ‘Consult the Activity’ to find out more information about the threat. If the user clicks on the link, it will take them to another page asking for their Google login.”
Source: Hackers Are Using Google Translate for Phishing Attacks – Latest Hacking News
At least eight airlines, including Southwest, use e-ticketing systems that could allow hackers to access sensitive information about travelers merely by intercepting emails, according to research published Wednesday by the mobile security company Wandera. The systems fail to secure customers’ personally identifiable information, including names, boarding passes, passport numbers and flight numbers, Wandera said. The email vulnerabilities still exist, Wandera found, even though researchers notified affected companies weeks ago, and despite growing corporate awareness about the risks associated with sacrificing security for convenience. The weakness is a check-in link that is emailed to customers, Wandera researchers found. Customer information is embedded in the links, allowing travelers to travel from their email to a website where they check in for a flight without needing to enter their username and password. However the links are unencrypted and re-usable, presenting a tempting target for hackers, according to Michael Covington, vice president of product at Wandera. […]
Source: E-ticketing system exposes airline passengers’ personal information via email
The latest and greatest “phishing” attack is aimed at higher level executives. Remember that “phishing” attacks can only be successful if you click an attachment in an email.
From the article: “Getting an email from the boss isn’t always a good thing, but in this case, it could be even worse. A widespread phishing campaign has been discovered that is targeting executives at many companies. The campaign uses fake messages from bosses to try and obtain usernames and passwords.
The email is simple, it tells the employee that a meeting has been cancelled and that they need to choose a new date. When users click on the link to reschedule they are taken to what appears to be a page for Microsoft Outlook and Office 365.
However, the page is part of a phishing site and any information entered into it will be gathered by the hackers. Viewing the message on a mobile device shows a slightly different message, but the effect is the same.”
Source: Phishing Attacks Disguised as an Email From the Boss – Latest Hacking News
If you have put off monitoring your credit, relying on Equifax’s free offer, it’s now time to take action. The thieves who stole the data also know that the free freeze expires tomorrow, with a large majority of victims not taking action. TAKE ACTION NOW!
Consumers who don’t have a credit freeze on their Equifax credit reports should strongly consider getting one before the calendar turns to February, if they signed up for the company’s TrustedID Premier product. TrustedID Premier, which the company offered consumers after its massive data breach, expires January 31, 2019. Consumers who used TrustedID Premier to monitor their credit and lock their Equifax credit reports for the past year will automatically have their Equifax reports unlocked when the service expires.
Source: Equifax’s Original Credit Lock Expires Tomorrow | U.S. PIRG Education Fund
From the article: In a series of orders handed down in a Georgia federal district court on Monday, the evocatively named Judge Thomas Thrash Jr said that legal challenges from payment card issuers and ordinary citizens can proceed against Equifax. A class-action lawsuit brought by ten “small businesses” – which included corporations and limited liability companies – was denied, though. The small biz owners can join in with the consumers.
In effect, payment card issuers are going ahead as one set of lawsuits, and normal folk are bunched into another set, against Equifax. The credit agency had sought to dismiss the claims against it.
Source: And it’s go, go, go for class-action lawsuits against Equifax after 148m personal records spilled in that mega-hack • The Register
Coats told lawmakers that China’s pursuit of intellectual property and personal data on Americans remains a top threat to the U.S., and that a “significant amount” of China’s economic rise was supported by stolen U.S. intellectual property.
“Coats told lawmakers that China’s pursuit of intellectual property and personal data on Americans remains a top threat to the U.S., and that a “significant amount” of China’s economic rise was supported by stolen U.S. intellectual property.”
Source: Cyberthreats rise to the top at Senate hearing on worldwide dangers for U.S.
Yet another example of why you need to be monitoring your credit reports.
From the article:
“Some, not all, of the documents “contained highly sensitive data, such as social security numbers, names, phones, addresses, credit history, and other details which are usually part of a mortgage or credit report. This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” Diachenko wrote.”
Source: ‘Gold mine’ of customer loan, tax and other records exposed on open server
Just another example of why you must monitor your credit reports. You don’t have any control otherwise.
From the article:
“The Oklahoma Department of Securities is the latest governmental body to report a breach. This time over a million files consisting of department files and FBI investigation records were disclosed via an open server, making it all available to the public. ”
Source: Oklahoma Department of Securities Breached – Latest Hacking News
An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.
Source: Over 87GB of email addresses and passwords exposed in Collection 1 dump | ZDNet