Cyber Insights | March 2024

SCAM ALERT

Search engines, like Google, are so popular that many people use the search feature instead of typing a URL. For instance, people may quickly search for their electricity provider's name to find the online payment portal. For this scam, that's precisely what cybercriminals want you to do. This scam tries to trick you into clicking on a fake ad instead of the billing portal you’re trying to find. The scammers purchase a variety of counterfeit utility payment advertisements, and you see those ads during your searches. They know that they can trick you more efficiently if you contact them instead of them reaching out to you.

If you click on one of these ads, you will be prompted to dial a phone number. Dialing the number puts you directly in contact with a scammer. They may try to scare you by saying your bill must be paid immediately. Or they may tempt you with an offer to help you save money—but only if you act now. Neither the advertisement nor the person you are talking to is legitimate. Paying them won’t help with your utility bills, but the scammer might use you to help pay them!

Follow these tips to avoid falling victim to a utility bill scam:

• Remember, anyone can purchase an advertisement. Be cautious when clicking on ads, even if they seem relevant.
• Scammers often ask you to make payments using unusual methods, such as gift cards or money transfers. If something seems strange about a financial transaction, stop immediately!
• If an offer seems too good to be true, it probably is. Always stop and think before taking action.

Exploit: Ransomware

Hyundai: Carmaker

Risk to Business: SEVERE

The Black Basta ransomware group claims that it has stolen 3TB of data from Hyundai Motor Europe. The carmaker confirmed that it is investigating a cybersecurity incident in which an unauthorised third party accessed a limited part of its network. As proof of the supposed hack, the group shared images of folders related to various departments at the company, including legal, sales, human resources, accounting, IT and management. No extortion demand was made public, and the incident remains under investigation.?Read more here

Exploit: Third-Party Risk

Tangerine: Telecom

Risk to Business: MODERATE?

Officials at Tangerine say that the compromise of a contractor’s credentials is to blame for a cyberattack that has resulted in a data breach. The incident came to light last Tuesday. Approximately 232,000 customers have been affected. Exposed customer data includes names, birthdates, mobile numbers, email addresses, postal addresses and Tangerine account numbers. The telecom said that no credit or debit card numbers, driver’s license numbers, ID documentation details, banking details or?passwords have been exposed?due to?this incident. Read more here

What is an “insider threat”?

An insider threat is a security threat from within the company or organisation targeted for an attack. It could be a present or former employee, a board member, or anyone with access to the office building or confidential company information. Insider threats are more challenging to prevent, and your organisation needs your help to keep your network safe and secure.?

Follow the tips below to help protect your organisation and prevent insider threats:

• Report any suspicious behaviour from employees, contractors, or anyone inside the building. If you see something that looks suspicious, tell your manager immediately.

Examples of suspicious behaviour can include:

A disgruntled or angry employee wanting to retaliate against the organisation.

An employee who often works outside business hours for no specific reason.

People bringing unauthorised devices into the workspace.

A contractor or inspector wandering outside the area they should be attending to.

• Keep your desk free of any confidential information.
• Securely lock confidential information in a filing cabinet when not in use. No passwords on Post-its, period!
• Lock your computer every time you step away.

This is important to prevent those passing by from seeing confidential information on your screen.

• Be aware of the threat of shoulder-surfing.
• Watch out for people hanging around your desk acting suspiciously, looking at your screen or items on your desk. They might be looking for confidential information or watching you enter passwords.?

If you would like to discuss your cybersecurity needs, book a complimentary consultation here