In this week's Cyber Weekly:
Thanks to all 6347 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Share the post in the top right corner of the article.
Callie Heim was excited to start a social media manager at the self-driving car company, Waymo. She had just graduated college and thought this opportunity was a great start after having a rough year. Unfortunately, the 22-year-old lost her mom earlier in the year.
Heim went to LinkedIn to search for jobs via LinkedIn’s “Easy Apply.” She had a few interviews for the remote job but here is where things got weird.
They asked Callie to download an encrypted messaging app. They asked her to buy her own laptop and work phone from the company portal and told her they would pay her back by check. She got suspicious of the scam when the check she received looked photoshopped.
She immediately went to freeze her compromised account. At this time, she had already told her family and friends about the opportunity and had to tell them it was a scam.
Heim was lucky to not lose any money. She took to TikTok to share her experience to help warn others of the scam because not everyone gets so lucky.
“Americans were scammed out of $86 million due to fake business and job opportunities in the second quarter of 2022, according to the Federal Trade Commission. People reported nearly 21,600 incidents of business and job opportunity scams during that time, with roughly a third of those resulting in a financial loss…
The FBI says these are some warning signs to look out for through the hiring process:
My thoughts: If you know someone who is looking for a job, let them know of this scam that is very hard to detect from the surface. LinkedIn job’s “Easy Apply” works for scams and real-jobs. Please share this story with your network.
Australian Phone Service Provider, Optus, was the victim of a cyber attack last Thursday affecting 9 million customers. The phone numbers, email addresses and names were stolen and at least 2.8 million customers also had their passport, driver’s license, home address and date of birth stolen.
Optus immediately opened an investigation and let their customers know about the situation. Within 24 hours of the attack, the CEO held a press conference to discuss the incident. She tearfully apologized to the customers. She admitted her anger and admitted how this cyber attack overshadows the companies hard work and values. (Shynews)
The Australian government is now also looking to toughen privacy rules. The Optus cyber attack affects about 40% of the country’s population. (Reuters)
My thoughts: It will be interesting to see how the hackers got into their systems. It’s always our assumption that huge corporations like Optus have the budget to secure themselves. Customers of Optus will need to be weary of identity theft and online scams as their data will be sold on the dark web and used as a weapon. We will definitely see how countries will increase their data privacy legislation – like Quebec did last week.
Over 1700 American Airlines customers and employees were affected by a breach – unbeknownst to the company. The Cyber Security Response Team were made aware of the attack when the targets of a phishing scam were using the airline’s Microsoft 365 account to send the spam emails.
The investigation revealed the criminals access several other employee accounts that could have potentially been used in other phishing attacks.
By accessing the airline’s email accounts, the criminals were also able to access files stored on Sharepoint.
It is not yet known exactly how much data was stolen. At this time, customer data that was stolen includes names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, or certain medical information.
“The company says it will offer affected individuals two years of Experian's IdentityWorks free membership with identity restoration services, triple bureau monitoring, and up to $1 million in identity theft insurance to help with identity theft detection and resolution.” (BleepingComputer)
My thoughts: What’s worse than getting breached is not knowing about it until a customer tells you. Then you have to give your data to an unknown company for them to help you. Personally, I had to look up Experian’s IdentityWorks.
I didn’t write it above but when asked how many people were compromised, the company responded “not many.” I just want to make it clear that one person’s data being compromised is not acceptable.
Finally, if you want to back up your Microsoft Office 365, email firstname.lastname@example.org and we will set up a 30-day free trial for you. Conditions apply.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.