Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing – fraud, impersonation and old-fashioned blackmail.

– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Memorial Day Hacks and Hamburgers

Memorial Day Hacks and Hamburgers

Memorial Day is a special time of year to honor the men and women who have died while serving in the U. S. military. Originally known as Decoration Day, Memorial Day originated in the years following the Civil War and became an official federal holiday in 1971. Visit History.com for more information.

Always the last Monday in May, this holiday also marks the unofficial beginning of summer fun … pool season, popsicles, and plenty of barbeques. Americans have traditionally observed Memorial Day by visiting cemeteries or memorials, holding family gatherings, and participating in parades. This year the weekend activities may still look a bit different if social distancing, but we will continue to reflect on the sacrifices our soldiers made for us while lighting up our grills. Speaking of, take a visit to Chowhound.com for some amazing tips for the most perfect hamburger ever (80/20 lean to fat ratio ground chuck always!) and clever grilling hacks. Did you know you can use a spare cooler as an insulated warmer to keep food hot and juicy right off the grill? One tip you won’t see there is a favorite of mine … folding a dollop of mayo into each burger patty for optimal juiciness before they even go on the grill. Try it. You’ll love it!

Unfortunately during this time of year crooks might pop up who feed on our gratitude. Watch out for Memorial Day scams where hackers use a patriotic or military approach when contacting service members for money. The Better Business Bureau (BBB) suggests to be on the lookout for five specific scams during this time of remembrance:

Fake military charities. Scammers will send out emails, phone calls, direct mailers and send texts using the same outreach practices as well-known legitimate nonprofits. Be wary of messages that contain words like “disabled,” “heroes,” and “warriors” and always double-check the exact name and spelling of the charity.

Fake rental properties. Scammers take out classified ads and will use photos from legitimate rental properties that promise military discounts or other incentives.

High-priced military loans. No legitimate lender will guarantee a loan as being instantly approved. Watch for ads that may also say no credit check is required. If this is the case, the loan will likely come with hidden fees as well as outrageously high interest rates.

Veteran benefit buyout plans. These plans offer an attractive cash payment in exchange for a disabled veteran’s future benefits or pension payments. The cash payment is typically only 30-40% of what the veteran is entitled to receive.

Misleading car sales. Some websites post ads that contain false discounts for those in the military. There is also an increase of ads that claim to be from soldiers who need to sell their autos quickly due to deployment.

Stay safe this weekend and please reach out to us if needed. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. We are available for you 24/7/365 at 888.966.GUARD (4827) and [email protected].

Photo courtesy Justin Casey via unsplash.com

 

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock has notified their customers that hackers have breached their Password Manager accounts. This latest breach dates back to December 2022 when thousands of customers were told that their accounts were compromised. Just recently, the parent company of NortonLifeLock, Gen Digital (formerly Symantec Corporation), reported that “the likely culprit was a credential stuffing attack.” This type of attack involves credentials that had previously been exposed or breached being used to break into accounts on different websites that share the same password.

By far, password protection is critical for online safety. Enabling multi-factor authentication (MFA) and having exceptional password hygiene habits are great practices to follow. For example, every account that requires a password should have their own unique, complex and random password. Try to avoid using combinations that utilize information that could be connected to your social media accounts, such as a loved one’s birthday or a pet’s name. Hackers are well-known to comb their intended victims’ social media accounts.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of https://unsplash.com/@flyd2069.

Online Music Streaming Service Breach Impacts Billions

Online Music Streaming Service Breach Impacts Billions

Our security teams have recently discovered that a former deezer.com partner experienced a data breach in 2019 that has impacted 257 billion users. Deezer is a France-based music streaming platform. Leaked information includes users’ dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages and/or surnames. The hacking dates back to mid-2019 when a Deezer third-party fell victim to a breach exposing user data, which was then sold on a popular hacking forum.

The hacker claimed that the data breach affects users in the United States, the United Kingdom, Brazil, Columbia, France, Germany, Guatemala, Italy, Mexico and Turkey.

Other music streaming platforms, such as Spotify, have suffered data leaks in recent years. In December 2020, Spotify confirmed that an incident may have affected over 300,000 users’ email addresses, display names, passwords, genders and dates of birth.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by Uriel SC via Unsplash.com.

Twitter Data Breach Alert

Twitter Data Breach Alert

Just recently our security teams have found that Twitter, a popular social media service, has been breached. At least 5.4 million accounts have been compromised. The breach origin date is July, 2022 and data exposed includes name, phone number, email address and account holder user IDs.

Twitter acknowledged publicly that they received a report through their bug bounty program of a vulnerability in Twitter’s systems in January 2022. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email address or phone number was associated with, if any. Twitter then explained that the bug resulted from an update to their code in June 2021. When Twitter learned about this, they immediately investigated and fixed it. Twitter announced that at that time, they had no evidence to suggest someone had taken advantage of the vulnerability. Twitter has said that it would directly notify every account owner it could confirm was affected by the exposure. In the meantime, it is highly suggested to add two-factor authentication.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Bermix Studios via unsplash.com.

Romwe.com Breach Impacting 23 Million

Romwe.com Breach Impacting 23 Million

Our security teams have recently discovered several large sets of compromised data on the Dark Web. The website, Romwe.com, has been affected.

 

Romwe is a Chinese fashion retailer founded in 2008. Headquartere in Nanjing, China, Romwe deals with a wide range of trending fashion items for men, women and children. The breach date was July 2020 and impacts 23 million people. The type of data exposed includes email, password and telephone number.

 

If you have visited the romwe.com website or have engaged in business activity with this company, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

Zoombombing … the New Social Distancing Phenomenon

Zoombombing … the New Social Distancing Phenomenon

Video calls have gone from a novelty to a necessity practically overnight. The term ‘social distancing’ and the app, Zoom, have both become household names as millions of people are being forced to stay home to help stop the spread of COVID-19. The desire to stay connected with our loved ones and friends during this difficult time has sparked creative ways to virtually stay social through video birthday parties, happy hours, trivia nights, yoga sessions, and even weddings. CNBC reported this week that “the [Zoom] app has been the top free app for iPhones in the United States since March 18 … daily users spiked to 200 million in March, up from 10 million in December.”

 

Before the COVID-19 pandemic, Zoom, a privately-held company headquartered in San Jose, CA, was used mostly for web conferencing webinars. Now it is being used by 90,000 schools across 20 countries. But, there are online security issues with the app and school districts have started to ban Zoom because of them. Why? Because of ‘Zoombombing,’ a phenomenon where uninvited guests (pranksters) join Zoom calls and broadcast porn or shock videos. How? Due to Zoom’s default settings, which don’t require a password to set a meeting and allow any participant to share their screen. Most Zoom meetings have a public link that, if clicked, allow anyone to join.

 

The Verge just reported that “Zoom adjusted their default settings for education accounts last week in an effort to increase security and privacy for meetings.” They also noted, “For everyone else, you’ll need to tweak your Zoom settings to ensure this never happens.” The process isn’t very simple…

 

If you schedule a meeting from the web interface, you won’t see the option to disable screen sharing. Instead:

 – Click on “Settings” in the left-hand menu

– Scroll down to “Screen Sharing” and under “Who Can Share?” click “Host Only”

– Click on “Save”

 

If you forget to change the setting before you start your meeting, there’s a way to modify your settings after it starts:

 – Once your Zoom meeting is running, click the caret to the right of the green “Share Screen” button in the center of the bottom row of icons

– Click “Advanced Sharing Options”

– A dialog box will pop up allowing you to switch screen sharing availability from all participants to the “Only Host”


Yes, these are very confusing times. Stay strong and please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888.966.GUARD (4827) and [email protected].

 

 

 

How to Detect a Fraudulent eCommerce Site

How to Detect a Fraudulent eCommerce Site

The Washington Post just reported that U.S. consumers are expected to shell out a record $9.4 billion today on Cyber Monday, a 19% increase from last year. While Walmart, Target, Best Buy and Amazon are many holiday shopping ‘go-to’ websites, there are many others that you may visit, especially when looking for that perfect personalized gift. Unfortunately, fake eCommerce websites and scams during the holiday season are on the rise.

 

How do you decipher a legitimate website from a fake one? Yes, it is confusing … and that is by design. It’s not easy. There are some detailed things to watch out for:

 

– Scammers’ tactics include manipulation and will urge you to purchase. If you’re trying to make a purchase online and are offered help with the checkout process, do not give any personal identifying information (PII) in a chat room. If you are asked to do so, exit immediately.

 

– Hover over hyperlinks to make sure they’re going to a legitimate website. If there isn’t a padlock symbol and an ‘https’ in the address bar, exit immediately.

 

– A legitimate retailer will have full contact details, including address, email and phone number, on the website. If any of those are missing, exit immediately.

 

– Check out the website’s customer reviews. While many are legit, if you read beyond the star rating and check the reviewer’s history (especially if it is a very positive post), you may find that the reviewer uses the same phrases for other products and companies. Red flag! Also, if their reviews are not specific about the product, they have reviewed the same product before or they do not give useful feedback, recognize that they may not be legitimate and … guess what? … exit immediately. There are online tools such as Fakespot that can help you determine a customer’s review reliability.

 

– Don’t use a debit card for online purchases. Credit card companies won’t insure your purchase if you use a debit card. Dedicate one credit card for all online purchases and check the statement often. If you see any unusual activity, dispute the transaction immediately.

 

If you suspect identity theft or fraud, please contact us day or night at 888.966.GUARD (4827) or email [email protected]. We’ve got your back and are always open for you.