Cyber Insights | September 2024

SCAM ALERT

In this scam, cybercriminals are using Google search results to try to trick you into calling a phone number that they control. If you search for an organisation on Google, scammers can manipulate the search results to display a fake phone number for the organisation. Don't take a chance of losing your investments on a risky phone call.

If you search on Google and call the fake number from one of these manipulated search results, you will be connected to a scammer. They will attempt to trick you out of your money by saying that your account needs updates or you need to transfer funds. They may ask you for your login information so that they can access your account. Once they gain access to your account, they can quickly transfer your funds to accounts that they control. This is one investment that you don’t want to risk!

Follow these tips to avoid falling victim to a phone number scam:

• Confirm that you are on the organisation’s official website if you are going to buy one of their products or use one of their services.
• Double-check that the listed phone number is the same one on the organisation’s official website.
• Report any fake listings, ads, or any other type of disinformation through Google’s Report services.

Exploit: Ransomware

The Washington Times: Newspaper

Risk to Business: MODERATE

The Washington Times, an influential U.S. newspaper, was reportedly compromised by the Rhysida ransomware group, which listed the paper as a victim on its dark web blog. The group claims to be auctioning the Washington Times’ “exclusive” data, including corporate files and employee documents, for 5 bitcoins (approximately $304,518) with a seven-day deadline to start the auction.?Read more?here

Exploit:?Third Party (Misconfiguration)

Toyota: Carmaker

Risk to Business:?MODERATE

Toyota revealed that a misconfigured cloud bucket exposed over 2.15 million customer records to the open internet for over 10 years, from November 2013 to April 2023. The breach affects customers of Toyota’s Connected services in Japan. Additionally, the ZeroSevenGroup cybercrime gang claims to have stolen data “from a U.S. branch”, potentially a Toyota dealer, including employee and customer details, but the provenance of the data they published has not been confirmed. Toyota says that none of its internal systems were breached, pointing to an unnamed third party as the source of the data.?Read more here

What are AI Art and Deepfakes?

AI art is generated using billions of images and examples of art. When you enter a prompt, the AI art generator builds an image for you by combining many of these examples into a single image. Deepfake technology is similar, but it involves manipulating real photographs and videos of people and places. This technology can make it look like a person did or said something that they never did. Both of these technologies can be used in a harmless way, but cybercriminals have learned to use them maliciously.

Deepfake Scams

Scammers can use deepfake technology to impersonate celebrities or other public figures. This type of scam can make it seem like a celebrity has endorsed a product even though they have not. Scammers use this technique to trick people into purchasing a fake product, and they will steal consumers’ personal or financial information. Deepfakes can be used for political figures as well. A deepfake video can make it appear that a government official said or did something that they didn’t say or do. These types of videos can be used to lure people into visiting fake websites or clicking on fake news articles.

AI-Generated Art and Photograph Scams

Cybercriminals commonly use AI in online romance scams. They can generate fake photographs to use in dating profiles to try and steal money or information from their victims. The cybercriminals will also use current events as the subject of their scams. They use AI to create realistic photographs of tragedies and other events. They post the photographs on fake websites to coerce people into donating money to a charity organisation. The organisation is fake, of course, and the cybercriminals will keep any donated money.?

What Can I Do to Stay Safe?

Follow the tips below to keep yourself safe from AI art scams:

• AI-generated images often have subtle differences or mistakes. Keep an eye out for anything in the photograph that appears to be unusual. A hand with more than five fingers or a photograph with strange lighting or shadows are common signs that an image was created with AI
• Always stop and think before clicking or taking action. If a photograph or image seems bizarre or too good to be true, it could be a scam.
• When possible, verify the claim in a different location. For example, if you see a video with a celebrity endorsement, check that person’s official website for proof that they are actually involved with the product.

Tech Insights: Episode 1

The True Cost of a Cyber Breach with Chris Haigh

Join cybersecurity expert Chris Haigh as he shares real-life ransomware examples like the Robin Hood attack, debunks common myths about cyber insurance, and offers practical, actionable security tips.

Listen to the full episode on Apple, Spotify or YouTube

If you would like to discuss your cybersecurity needs, book a complimentary consultation here