LinkedIn Scam Alert & 40% of Australia affected by One Cyber Breach

In this week's Cyber Weekly:

1. LinkedIn Scam Alert
2. 40% of Australian population attacked
3. Airline didn't know they were breached

Thanks to all 6347 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Share the post in the top right corner of the article.

1. LinkedIn Job Scam Goes Viral on TikTok

‍

Callie Heim was excited to start a social media manager at the self-driving car company, Waymo. She had just graduated college and thought this opportunity was a great start after having a rough year. Unfortunately, the 22-year-old lost her mom earlier in the year.

‍

Heim went to LinkedIn to search for jobs via LinkedIn’s “Easy Apply.” She had a few interviews for the remote job but here is where things got weird.

‍

They asked Callie to download an encrypted messaging app. They asked her to buy her own laptop and work phone from the company portal and told her they would pay her back by check. She got suspicious of the scam when the check she received looked photoshopped.

‍

She immediately went to freeze her compromised account. At this time, she had already told her family and friends about the opportunity and had to tell them it was a scam.

‍

Heim was lucky to not lose any money. She took to TikTok to share her experience to help warn others of the scam because not everyone gets so lucky.

‍

“Americans were scammed out of $86 million due to fake business and job opportunities in the second quarter of 2022, according to the Federal Trade Commission. People reported nearly 21,600 incidents of business and job opportunity scams during that time, with roughly a third of those resulting in a financial loss…

‍

The FBI says these are some warning signs to look out for through the hiring process:

• Interviews are not conducted in-person or through a secure video call, but rather on a teleconferencing app using an email address instead of a phone number
• Potential employers contact victims through non-company email domains and teleconference applications
• Potential employers require employees to purchase start-up equipment from the company, or pay for background screenings
• Potential employers request credit card information
• Job postings appear on job boards, but not on the company’s website
• Recruiters or managers don’t have profiles on the job board, or the profiles do not seem to fit their roles” (CNBC)

‍

My thoughts: If you know someone who is looking for a job, let them know of this scam that is very hard to detect from the surface. LinkedIn job’s “Easy Apply” works for scams and real-jobs. Please share this story with your network.

‍

‍

2. Cyber Attack on Phone Service Provider Affects 9 Million People

‍

Australian Phone Service Provider, Optus, was the victim of a cyber attack last Thursday affecting 9 million customers. The phone numbers, email addresses and names were stolen and at least 2.8 million customers also had their passport, driver’s license, home address and date of birth stolen.

‍

Optus immediately opened an investigation and let their customers know about the situation. Within 24 hours of the attack, the CEO held a press conference to discuss the incident. She tearfully apologized to the customers. She admitted her anger and admitted how this cyber attack overshadows the companies hard work and values. (Shynews)

‍

The Australian government is now also looking to toughen privacy rules. The Optus cyber attack affects about 40% of the country’s population. (Reuters)

‍

My thoughts: It will be interesting to see how the hackers got into their systems. It’s always our assumption that huge corporations like Optus have the budget to secure themselves. Customers of Optus will need to be weary of identity theft and online scams as their data will be sold on the dark web and used as a weapon. We will definitely see how countries will increase their data privacy legislation – like Quebec did last week.

‍

‍

3. American Airlines Didn’t Know they got Breached

‍

Over 1700 American Airlines customers and employees were affected by a breach – unbeknownst to the company. The Cyber Security Response Team were made aware of the attack when the targets of a phishing scam were using the airline’s Microsoft 365 account to send the spam emails.

‍

The investigation revealed the criminals access several other employee accounts that could have potentially been used in other phishing attacks.

‍

By accessing the airline’s email accounts, the criminals were also able to access files stored on Sharepoint.

‍

It is not yet known exactly how much data was stolen. At this time, customer data that was stolen includes names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, or certain medical information.

‍

“The company says it will offer affected individuals two years of Experian's IdentityWorks free membership with identity restoration services, triple bureau monitoring, and up to $1 million in identity theft insurance to help with identity theft detection and resolution.” (BleepingComputer)

‍

‍

My thoughts: What’s worse than getting breached is not knowing about it until a customer tells you. Then you have to give your data to an unknown company for them to help you. Personally, I had to look up Experian’s IdentityWorks.

‍

I didn’t write it above but when asked how many people were compromised, the company responded “not many.” I just want to make it clear that one person’s data being compromised is not acceptable.

‍

Finally, if you want to back up your Microsoft Office 365, email info@assuranceit.ca and we will set up a 30-day free trial for you. Conditions apply.

‍