{"id":27708,"date":"2022-08-31T07:52:28","date_gmt":"2022-08-31T11:52:28","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=500703"},"modified":"2022-08-31T11:15:06","modified_gmt":"2022-08-31T15:15:06","slug":"cyber-security-today-august-31-2022-another-email-job-scam-and-how-to-celebrate-international-women-in-cyber-day","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-august-31-2022-another-email-job-scam-and-how-to-celebrate-international-women-in-cyber-day\/","title":{"rendered":"Cyber Security Today, August 31, 2022 \u2013 Another email job scam, and how to celebrate International Women in Cyber Day"},"content":{"rendered":"<p data-ar-index=\"0\">Another email job scam, and how to celebrate International Women in Cyber Day.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, August 31st, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for<em> ITWorldCanada.com.<\/em><\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24220647\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\"><strong>Another victim of an email job offer scam<\/strong> <a href=\"https:\/\/www.linkedin.com\/posts\/shaaahs_jobscam-identitytheft-hiringscam-activity-6965366767665774592-rkvj\/?utm_source=share&amp;utm_medium=member_android\" rel=\"noopener\">has stepped forward<\/a>. At the beginning of the month this person received an email invitation to interview for a job at cybersecurity company Splunk. They were allegedly selected because their profile on AngelList showed their skills would be a good fit. A few days after doing a Skype chat interview with a supposed HR person the victim got a job offer. That was followed by a chat with the supposed CIO, who said they would be given company funds to buy equipment for their home office, including an iPhone. All the victim had to do was link their credit card to a company account, buy the computer equipment, ship that gear to an address for the installation of security software and then the equipment would be sent to the victim. After doing that this person became suspicious. Too late. The Apple equipment presumably went to the fraudsters.<\/p>\n<p data-ar-index=\"5\">The victim missed a couple of clues. One is the email address that supposedly came from the company was \u201cinfo[at]splunkcareers.us\u201d. But the real domain of the company is \u201csplunk.com.\u201d Two, no company will ask you to link your payment card to their firm. To her credit, the victim did look up the profile of the person who would interview her to see if he was a real person. But that wouldn\u2019t tell her the \u201cMatt\u201d she was talking to was the real Matt. The lesson is to be careful in accepting and doing job interviews online. That goes not only for job applicants, but also HR departments as well.<\/p>\n<p data-ar-index=\"6\"><strong>As I said,<\/strong> only doing online checking isn\u2019t always enough to clear suspicions. Here\u2019s a recent example <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/chasing-currents-espionage-south-china-sea\" rel=\"noopener\">from security researchers at Proofpoint:<\/a> Hackers believed to be from China have been emailing and trying to trick targeted government and company people into going to an infected website. In their emails the hackers pretend to be reporters or staff from an online news site called Australian Morning News, with links to the publication\u2019s website. Here\u2019s the thing: The hackers set up a fake website called Australian Morning News. Anyone who went to the site had their computers infected with malware. If a victim didn\u2019t want to risk clicking on a link in the email but just did a search for Australian Morning News and went to the site that way, they\u2019d also be infected. This is why it\u2019s not only wise to be careful with every email, it\u2019s important to keep all your software updated with the latest security patches, including your browser. In addition, you need strong antivirus or antimalware protection on your computing devices.<\/p>\n<p data-ar-index=\"7\"><strong>A judge has certified<\/strong> <a href=\"https:\/\/decisions.fct-cf.gc.ca\/fc-cf\/decisions\/en\/item\/522064\/index.do\" rel=\"noopener\">a class action lawsuit<\/a> against the Canadian government stemming from the 2020 hack of thousands of Canada Revenue taxpayer accounts. In some cases the hackers allegedly used credential stuffing attacks to get into and alter victims\u2019 tax accounts to fraudulently get COVID-19 emergency funds. The hackers were allegedly able to see taxpayers\u2019 personal information such as their Social Insurance Numbers and dates of birth. The lawsuit accuses the government of systemic negligence, breach of confidence and a civil privacy violation. The allegations have yet to be proven in court.<\/p>\n<p data-ar-index=\"8\"><strong>Hackers have stolen<\/strong> a database from the Russian media streaming platform called START. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/russian-streaming-platform-confirms-data-breach-affecting-75m-users\/\" rel=\"noopener\">According to the Bleeping Computer news service<\/a>, it is believed the database \u2014 with usernames, over 7 million email addresses and phone numbers \u2014 was posted on the internet over the weekend.<\/p>\n<p data-ar-index=\"9\"><strong>The data<\/strong> of more than 2.5 million individuals in the U.S. was compromised recently in an attack on a company called Nelnet Servicing. Nelnet oversees student loans. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/f6b4d5be-f7ef-412b-9966-e323ad6443a0.shtml\" rel=\"noopener\">In a filing with the state of Maine\u2019s attorney general,<\/a> the company says the breach started June 1st and wasn\u2019t detected until July 17th. The hackers were able to access people\u2019s names, addresses, email addresses, phone numbers, and Social Security numbers.<\/p>\n<p data-ar-index=\"10\"><strong>Scaring victims<\/strong> into clicking on a link is an old tactic of hackers. One common tactic is an email or text saying you\u2019re late paying an invoice. Another, being used against content creators, alleges something they\u2019ve written or recorded is violating copyright. <a href=\"https:\/\/twitter.com\/_JohnHammond\/status\/1564246090748141568\" rel=\"noopener\">Security researcher John Hammond of Huntress Labs this week tweeted<\/a> that he got one of those notifications on his smartphone, allegedly from YouTube about a video he made. One tip-off: The email address of the sender wasn\u2019t anything close to coming from YouTube. In fact it came form a Google Drive account, to give legitimacy. <a href=\"https:\/\/blog.knowbe4.com\/teach-two-things-to-decrease-phishing-attack-success\" rel=\"noopener\">Security researchers at KnowBe4 say<\/a> there are two questions you should ask to avoid being victimized by a lot of phishing scams. Question one: Does the message arrive unexpectedly? If yes, go to Question Two: Is this the first time the sender has asked you to do the requested action? If the answer is also yes, you need to confirm the message other than by replying to the email or text. Don\u2019t call the phone number in the message. It could be a fake.<\/p>\n<p data-ar-index=\"11\"><strong>Finally,<\/strong> tomorrow \u2014 September 1st \u2014 is <a href=\"https:\/\/womenincyberday.com\/\" rel=\"noopener\">International Women in Cyber Day<\/a>. It\u2019s a day to celebrate the achievements of women in cybersecurity and to encourage women to choose it as a career. It\u2019s also a day IT and corporate leaders should consider ways of increasing the number of women on the cybersecurity teams of their organizations. Start by recognizing that diversity in any team in an organization is a benefit. The more varied voices there are at the table the greater the opportunity to find solutions to a problem. Leaders should offer to be mentors to women and encourage them in their efforts. And leaders \u2014 and women \u2014 should remember that not all cybersecurity-related hires need to have IT training. Smart, imaginative women are willing to learn technology as they go. In fact some in areas of the company, such as online customer support, women may already have some IT knowledge. I\u2019ll have more on this tomorrow in a story on ITWorldCanada.com.<\/p>\n<p data-ar-index=\"12\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"13\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-august-31-2022-another-email-job-scam-and-how-to-celebrate-international-women-in-cyber-day\/500703\">Cyber Security Today, August 31, 2022 \u2013 Another email job scam, and how to celebrate International Women in Cyber Day<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on how a victim fell for an IT job scam, the Canadian government is being sued for negligence in a revenue department hack, watch for fake web site<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-27708","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=27708"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27708\/revisions"}],"predecessor-version":[{"id":27732,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27708\/revisions\/27732"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=27708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=27708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=27708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}