Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employees. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing: fraud, impersonation and old-fashioned blackmail.

– Baiting: fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting: this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing: this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Nationwide Cyberattack Paralyzes Auto Dealerships

If you have been trying to buy a car this summer, you might have hit a snag or two. Dealerships have had to go back to good old fashioned pen and paper to complete deals after their operations suddenly came to a complete halt. What happened? Hackers targeted CDK Global, a software company that 15,000 car dealerships nationwide rely on. The back-to-back ransomware attacks occurred in mid-June but car dealerships are still recovering from having their operations paralyzed for about ten days. The good news is that dealerships do not think that customer private information has been stolen but that has not been confirmed. We will notify you if our teams find any data sets related to this attack on the dark web.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Memorial Day Hacks and Hamburgers

Memorial Day Hacks and Hamburgers

Memorial Day is a special time of year to honor the men and women who have died while serving in the U. S. military. Originally known as Decoration Day, Memorial Day originated in the years following the Civil War and became an official federal holiday in 1971. Visit History.com for more information.

Always the last Monday in May, this holiday also marks the unofficial beginning of summer fun … pool season, popsicles, and plenty of barbeques. Americans have traditionally observed Memorial Day by visiting cemeteries or memorials, holding family gatherings, and participating in parades. This year the weekend activities may still look a bit different if social distancing, but we will continue to reflect on the sacrifices our soldiers made for us while lighting up our grills. Speaking of, take a visit to Chowhound.com for some amazing tips for the most perfect hamburger ever (80/20 lean to fat ratio ground chuck always!) and clever grilling hacks. Did you know you can use a spare cooler as an insulated warmer to keep food hot and juicy right off the grill? One tip you won’t see there is a favorite of mine … folding a dollop of mayo into each burger patty for optimal juiciness before they even go on the grill. Try it. You’ll love it!

Unfortunately during this time of year crooks might pop up who feed on our gratitude. Watch out for Memorial Day scams where hackers use a patriotic or military approach when contacting service members for money. The Better Business Bureau (BBB) suggests to be on the lookout for five specific scams during this time of remembrance:

Fake military charities. Scammers will send out emails, phone calls, direct mailers and send texts using the same outreach practices as well-known legitimate nonprofits. Be wary of messages that contain words like “disabled,” “heroes,” and “warriors” and always double-check the exact name and spelling of the charity.

Fake rental properties. Scammers take out classified ads and will use photos from legitimate rental properties that promise military discounts or other incentives.

High-priced military loans. No legitimate lender will guarantee a loan as being instantly approved. Watch for ads that may also say no credit check is required. If this is the case, the loan will likely come with hidden fees as well as outrageously high interest rates.

Veteran benefit buyout plans. These plans offer an attractive cash payment in exchange for a disabled veteran’s future benefits or pension payments. The cash payment is typically only 30-40% of what the veteran is entitled to receive.

Misleading car sales. Some websites post ads that contain false discounts for those in the military. There is also an increase of ads that claim to be from soldiers who need to sell their autos quickly due to deployment.

Stay safe this weekend and please reach out to us if needed. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. We are available for you 24/7/365 at 888.966.GUARD (4827) and [email protected].

Photo courtesy Justin Casey via unsplash.com

 

Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

 

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, misspelled words, links to unfamiliar websites and attachments.

 

– Don’t post sensitive company information on your website.

 

– Stay on top of computer security updates.

 

– Check your credit reports regularly.

 

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

 

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

 

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo by Artem Beliaikin on Unsplash

Cybersecurity Trends in Store for 2020

Cybersecurity Trends in Store for 2020

Did you know that the first documented ransomware attack was more than 30 years ago in 1989? That was around the time when a mobile phone was called a bag phone because it sat in a big black bag in your passenger seat … and that curly cord was wound so tight it hardly let it extend to your ear. If you were lucky, you could store about 30 numbers in it. But back then, that was pretty amazing storage. Then flip phones started to make our lives easier in later years. It was pretty simple but the fact that it could actually fit in your pocket made it truly mobile. There was rarely a thought that anyone was listening in on your conversations or tracking your locations (which they probably were but the average person didn’t think doing so was devious). Boy, have times changed.

 

Attacks involving ransomware, which were originally designed to target individuals, are occurring every 14 seconds now. Shocking isn’t it. After you read this sentence, focus on how long it takes you to breathe … inhale and exhale. Your full circle breathing process is likely anywhere from six to eight seconds, which is how long hackers are trying to increase the speed of ransomware attacks by this time next year.

 

Dave Wallen discussed some of the expected 2020 cybersecurity trends in a blog last week for Security Boulevard so we all can be “better prepared against the ever-evolving nature of cyber threats.” He wrote, “With today’s pervasive use of the internet, a modern surge in cyberattacks and the benefit of hindsight, it’s easy to see how ignoring security decades ago was a massive flaw.” It’s not just the speed of the attacks that is alarming, it is the variety of them that are going to keep things interesting for 2020.

 

So what are some of the trends we will be seeing in 2020?

 

Fear will drive spending. Gartner forecasts that worldwide spending on cybersecurity is going to reach $133.7 billion in 2022. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have pushed businesses and government agencies to a more sophisticated cybersecurity infrastructure than ever. Wallen noted that 76% of organizations plan to increase their cybersecurity budgets this year.

 

The cybersecurity labor market will continue to experience labor shortages. There are many reasons for this skills gap. Not only are there more cybercriminals, but there are also more places for scammers to hide with our ever-expanding reliance on technology. Also, there still needs to be a balance of expanding skills in a very specific area with teaching broad skills that can be useful across many sectors. Think of those with titles such as chief information officer (CIO) and chief information security officer (CISO) – they are currently undervalued.

 

Cloud security will require a more pragmatic approach. The assumption that our data is secure on ‘the cloud’ in applications such as Microsoft and Google will be a thing of the past. In 2019, we saw massive attacks against Office 365 and G Suite that can bypass two-factor authentification making shared accounts exceptionally vulnerable.

 

Mobile devices will become even a greater target. As the number of mobile users increases, so will the amount of business data stored in them. Wallen wrote, “It’s a compelling reason why mobiles are seen as the primary cyberattack vector in 2020.”

 

Election security will be off the charts. With over 70 elections globally planned in 2020, there will be an intense focus on the spreading of disinformation.

 

5G, the fifth-generation wireless technology, will cause an increase in loT-based (Internet of Things) attacks. There will need to be a higher level of security which many current vendors are not able to provide yet. Hackers will take advantage of this gap to “sneak in malware and steal large volumes of your SaaS data at breakneck speed.”

 

AI (Artificial Intelligence) will become even more two-faced. While the benefits of AI are countless and help to protect our security, defakes (fake videos) that can spread misinformation will become more prominent and new types of cyberattacks will result because of them.

 

Organizations will continue to see their biggest asset, their employees, become their biggest threat. As reported in Governing.com, “The problem is that now our most important information, whether it’s sales prospects or customer lists or source code … is spread across the organization and is highly portable on a thumb drive or e-mail … information is less ‘siloed.'” Their study shows that “63 percent of people admit that they took data from their last job and brought it to their current job.”

 

We will also continue to see more fake apps and shopping cart viruses, new account fraud, apps that share our data along with phishing scams (and whaling scams if you’re a high-ranking executive or banker). Identity theft will also be rampant through social media. Lastly, child identity theft will continue to rise. It is suggested that every child have a credit freeze on their file. If you would like more information about how to do so, please reach out to our Member Services team at [email protected] or call 1.888.966.4827. We are here to help 24/7/365.

Founder and CEO on iHeartRadio 700WLW Podcast

Founder and CEO on iHeartRadio 700WLW Podcast

On December 5, 2019, Guard Well Identity Theft Solutions Founder and CEO was interviewed by Rocky and Rachel on Cincinnati’s News Radio 700WLW. Topics discussed during the ten-minute segment (51:50 to 60:52) include the risk of living in a technologically advanced society, what a digital footprint is and how to reduce the risk of your data being collected and sold online.

 

“We all have a social security number. We are all at risk. If you haven’t already been victimized by identity theft or identity fraud, it’s going to happen. It’s a sad reality…” Guard Well’s Founder and CEO stated that there are 3.5 million Google searches every minute and 4.3 billion Facebook posts every day “…all of that information is being collected and sold.”

 

What can be done to help reduce this risk?

– Be careful about what information you put on social media. For example, remove your birthdate from your Facebook account.

– When you search online, do it privately. Don’t allow cookies if possible when looking at websites.

– Try not to share your location with Google Maps.

– Inactivate and delete any old email accounts.

– Search for your own name on Google and see what pops up. If your name is listed on People Search or People Finder, you can submit a request for them to pull your information down.

 

Additionally a service site called DeleteMe.Com was discussed that will facilitate users in deleting their presence on other sites and will provide information on privacy laws in multiple countries to better educate the users on their rights in relation to data privacy.

 

To listen to the full podcast, visit https://www.iheart.com/podcast/eddie-rocky-20799661/episode/rocky-and-rachel-12519-53509284/?fbclid=IwAR2zfrqzsSc8c08pB3-YOiBR6WH3k3jszEVWPJytlzSlnyvJ3qVihPD7j6c

Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email [email protected] or call 888.966.GUARD (4827) for help.