Welcome to Cyber Insights. In this edition we highlight the scam relating to WhatsApp, share the latest security breaches and provide our top cybersecurity tips for spotting a multi-vector attack.
SCAM ALERT
WhatsApp is an application that allows you to message and call your friends and family worldwide. However, due to a new scam, the next WhatsApp message you receive may come from a cybercriminal instead of a trusted contact.
To start the scam, a cybercriminal will send you innocent WhatsApp messages to earn your trust. After you start talking to the cybercriminal, they will try to convince you to call a phone number that begins with a **21* prefix. If you call this phone number, your mobile carrier will forward your personal phone number to the cybercriminal’s phone.
Then, the cybercriminal can use your phone number to get a temporary WhatsApp password, reset your existing password, and lock you out of your account. Once the cybercriminal has access to your WhatsApp account, they can impersonate you and convince your contacts to send them money.
Don’t fall for this scam! Follow the tips below to keep your WhatsApp account secure:
- Be cautious of who you call on WhatsApp. Only call phone numbers that belong to trusted contacts.
- Learn about common social engineering red flags. Educating yourself on common scam tactics can help you avoid social engineering attacks.
BREACH UPDATE
TWITTER
Exploit: Hacking
Risk to Business: Moderate
Cybercriminals say that they’ve exploited a vulnerability in the Twitter platform to obtain data of about 5.4 million accounts. Altogether, bad actors claim to have snatched data from 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Twitter was alerted to the exploit in January 2022 and fixed it quickly, but the damage had already been done. The method used to scrape the data was similar to an attack on Facebook in 2021. Twitter has not confirmed or denied the attack as of press time, saying that the incident is under investigation. Read more here >>
MARRIOT INTERNATIONAL
Exploit: Ransomware
Risk to Business: Moderate
Marriott is looking at another big data breach after a group of cybercriminals claims to have stolen an estimated 20 gigabytes of data, including financial data like credit card information and confidential information about guests and workers from an employee at the BWI Airport Marriott in Baltimore. The group identified themselves as GNN or “Group with No Name” to media outlets and sent along samples of the purportedly stolen data. Marriott contends that the stolen data consisted of “non-sensitive internal business files regarding the operation of the property.” The incident remains under investigation. Read more here >>
CYBERSECURITY TIPS
You probably know that cybercriminals can use malicious emails and phone calls to steal your sensitive information. But did you know that cybercriminals can use multiple attack vectors simultaneously to make their attacks even more effective? While it may be easy to spot a single suspicious email or phone call, multi-vector attacks can be difficult to catch. According to a new IBM report, a standard email-only attack yielded a 17.8% click rate from its target audience. When cybercriminals paired the same email attack with a matching phone call campaign, the click rate increased to 53.2%. That’s three times the email-only click rate! By using multiple attack vectors at once, cybercriminals can make their messages seem more credible and urgent. Don’t let a multi-vector attack trick you. Follow the tips below to keep your sensitive information safe:
|
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
