Security News Digest January 23, 2018 Be a Security Star in 2018 by taking the ‘Security New Year’ Quiz Tax Scams on Increase in Victoria, Police Say http://www.timescolonist.com/news/local/tax-scams-on-increase-in-victoria-police-say-1.23147658 Canada Revenue Agency scams are increasing in Victoria, say Victoria police. “So far in 2018 alone, losses reported to VicPD as a result of the scam have totalled $25,000,” police said in a statement on Wednesday. “Investigators are also seeing more spoofing [impersonating/ falsifying] of phone numbers where, in one investigation, the victim divulged his accountant’s information then moments later got a call from his ‘accountant,’ which really was one of the fraudsters.” These scams come in the form of unsolicited calls. Fraudsters are often aggressive, police said. Potential victims are told that they committed fraud on their tax returns and are facing legal action. “Often, the fraudster claims police are on their way to arrest the potential victim unless he or she pays an immediate reduced fine,” police said. “With the scammers often calling from overseas locations, once paid, victims are often left with little recourse to recover their lost funds.” The Canada Revenue Agency never contacts people over the phone to discuss fraud concerns, and never threatens arrest over the phone, say Victoria police fraud investigators. It also does not accept payment in Bitcoin, a digital currency. If you have concerns after being contacted by someone claiming to be from the CRA, you can call the CRA yourself at 1-800-959-8281. With fraudsters targeting older individuals, investigators recommend speaking to relatives and friends about the scam. Police Probing Bell Canada Data Breach; Up to 100,000 Customers Affected https://www.theglobeandmail.com/report-on-business/police-probing-bell-canada-data-breach-up-to-100000- customers-affected/article37701579/ Police are investigating a new data breach at Bell Canada, which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses. BCE Inc.-owned Bell confirmed Tuesday that up to 100,000 customers were affected by the hack, which comes about eight months after hackers accessed nearly 1.9 million Bell customer e-mail addresses as well as 1,700 names and phone numbers. "We apologize to our customers and are contacting all those affected," said BCE spokesman Mark Langton. "There is an active RCMP investigation of the incident and Bell has notified appropriate government agencies including the Office of the Privacy Commissioner." Mr. Langton said that, in this case, hackers accessed names and e-mail addresses and "in some cases phone number, user name and/or account number." He added there was "no indication that any credit card or other banking information was accessed." Several customers on Tuesday reported receiving an e-mail from John Watson, executive vice-president of customer experience at Bell, informing them that some of their customer information was illegally accessed. Mr. Watson apologized for the breach and advised affected subscribers: "It is good practice to change your passwords and security questions frequently and to regularly review all your service and financial accounts for any suspicious activity." Even non-financial information such as user names can be used by hackers to attempt to break into other accounts owned by the same person, and e-mail addresses can provide a potential list of targets for social engineering scams known as phishing, in which hackers try to convince people to click on malicious links or attachments. Mr. Langton said Bell - which is Canada's largest communications company and has almost 22 million combined wireless, television, internet and home telephone customers - works closely with police and other government agencies to address cyber crime, adding, "we have successfully supported law enforcement in past prosecutions of hackers." Payment Scam Using Administration Cards Costing Calgary Businesses Thousands https://globalnews.ca/news/3969385/payment-scam-using-administration-cards-costing-calgary-businesses- thousands/ [Jan16] A Calgary restaurant is trying to warn other businesses about a scam it says is making the rounds in the city. Around 8:30 p.m. Saturday night, Chianti Cafe & Restaurant’s surveillance video captured a man entering their establishment to pick up a takeout order. He paid his bill for $88.11 cents using a MasterCard, adding a $20 tip. But when the payment went through, it was for a total of $902.11. “I thought I made a mistake entering the money. So I refunded the money,” general manager Todd Duly said, adding he thought he had somehow charged the customer $881.11 instead of the $88.11 owing. The total was refunded back to the client, without staff realizing he had swapped the original MasterCard used for payment with a debit card for the refund. “Everything looked like it was above board until I looked at the small print and I was like, ‘Wait a minute. Something’s up here.’” It was only when Chianti reported the problem to payment processing company Moneris that they realized what had happened: Moneris told them the customer had used an administration card to change the amount owed, and the original MasterCard that was billed in the sale had been stolen. “We phoned Moneris and they said they couldn’t do anything about it,” owner Barbara Masterson said. “They knew that we were scammed. They said that he did use an admin card to change the settings and there was nothing they could do.” After posting the surveillance video to Facebook, Masterson said she soon realized her business wasn’t alone. Reports of similar scams came pouring in from several businesses all over the city. “They had somehow manipulated the machine with an administrative card and had manually put something in and then had it refunded to a different card. So we ended up being out a couple thousand dollars,” Dennis Madden, general manager of the Calgary Rose and Crown said. Various Mr. Sub locations have also been hit by a similar scam, costing the company over $1,600. Surveillance tapes appeared to show the same man that Chianti captured Saturday. It’s not just restaurants that are being targeted by this type of scam. Great Clips hair salon said over the past year they’ve seen a similar scam attempted, hitting at least five of their locations in Okotoks and Calgary. “They would proceed to put through a tip amount of about $900. It seemed to be the same on just about every single transaction. They realized that it’s a mistake and then say, ‘That’s a mistake, I need a refund,’” regional manager Rita Alberto said. Moneris said in a statement to Global News on Tuesday that while it can’t discuss the details of merchant accounts, it is “currently investigating the events with our fraud and risk team.” “Moneris takes issues of fraud seriously,” the statement reads. “We actively provide merchants with tips and guidance to avoid fraud. When a merchant starts working with Moneris, we provide documentation on proper card acceptance and device management procedures as part of the merchant agreement and operating manual.” The company went on to say it also provides clients with resources to help identify potential fraud situations. A Calgary police investigation into the matter is ongoing, but businesses aren’t wasting time warning others about the scam. “These machines should be safe. Nobody should be able to change these machines,” Masterson said. “It’s not the restaurant’s fault. It’s not the waiter’s fault. People need to be aware. They need to put passwords on their machines and these companies need to make us aware of that.” How To Keep Personal Data Safe When Companies Can't (Or Won't) http://www.huffingtonpost.ca/ale-brown/how-to-keep-personal-data-safe-when-companies-cant-or-wont_a_23331062/ Organizations came under fire in 2017, a year of reckoning for businesses on how they managed corporate and personal data. The increase in cyberattacks, and in particular the use of ransomware, has become so pervasive that an underground ransomware market has developed in strength. According to Carbon Black, the number of ransomware applications available for purchase, which currently accounts for approximately 45,000 different ransomware products, has grown from US$250,000 in 2016 to US$6.25 million in 2017. A staggering 2,500 per cent increase. The stats continue with ransomware payments from affected individuals and organizations totaling close to $1 billion dollars in 2016, up from $24 million in 2015. Ransomware is becoming sophisticated, easy to access and, most important of all, the best way to make a profit out of malware. One thing is clear: cyberattacks, in their many forms, are here to stay. But the question remains are organizations incentivized to prioritize our safety, or are they more driven by self-preservation? A tale of two cyber gaffes - Equifax and Uber were two high-profile cases last year that rocked consumer confidence and suggested the latter - self-preservation. The lack of privacy management processes shown by the two companies before, during and after the breaches have resulted in them facing serious financial and legal consequences that have significantly hindered both their profits and their credibility. These are lessons worth learning for other businesses. Thinking of other long-lasting implications, such as loss of customer trust and reputational damage, some companies may be forced to close their doors completely. [go to this lengthy article for comments on Equifax and Uber] Consumer impact: another important consequence of a data breach: Data breaches can have very hefty financial implications for a consumer. A consumer will spend on average about 20 hours and $770 on lawyers and time lost to resolve the case when they find themselves on the receiving end of a data breach.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages9 Page
-
File Size-