This Cyber Weekly includes: LinkedIn users are getting scammed; Canada updates its privacy regime; Microsoft vulnerabilities bring up a bigger conversation; Capital One may be liable for $800 million class-action lawsuit.

‍

If you like receiving the cyber news every week, be sure to show your support by sharing the weekly posts. It helps a lot!

‍

LinkedIn Scammers Spend Months Gaining Trust Before They Attack

‍

LinkedIn is social media for businesses and business people. Most don’t assume they can get scammed on the platform. However, in recent months, the number of scams on the platform has increased, exploiting victims of millions of dollars. Although their platform has automated defenses catching 99.1% of spam and scams, there were still 127,000 removed after they were reported by members of the platform.

‍

Here is how the scam unfolds. The scammer connects to as many people as possible. They become friendly and gain their trust. Then they bring up investing in cryptocurrency – the potential to make money. The victims trust the scammers because of the months of engagement and their profile indicating they work for a reputable company.

‍

CNBC spoke to 5 people who were scammed. Their losses ranged from $200,000 to $1.6 million.

‍

“We just never thought there could be such malicious intent behind a LinkedIn profile,” one victim who lost $350,000 said. (CNBC)

‍

My thoughts: Fraud is ever-evolving. It is in no way the fault of the victims. But by talking about it, we help more people. Please spread this story.

‍

Canada Updates its Privacy Regime

‍

This month, Canada updated its federal privacy and AI legislation: The Consumer Privacy Protection Act, The Personal Information and Data Protection Tribunal Act and The Artificial Intelligence and Data Act. It would replace the current legislation called PIPEDA and give Canadians more confidence in how their personal information is handled within companies.

‍

Further, if passed, non-compliant organizations would face penalties of up to 5% of global revenue or $25 million, depending on which monetary fine is greater. (IAPP)

‍

Here is the first version of the Bill, currently named Bill C-27.

‍

My thoughts: This is great news for Canadians as cyber attacks become more and more common. Also, as we offer the Bill 64 training to Quebec companies, we will monitor this new Bill and incorporate how it affects and compares to Quebec’s Bill 64.

‍

Microsoft Vulnerabilities

‍

You may have heard that Microsoft has been dealing with vulnerabilities for six months. They were notified in February about the vulnerability and only launched a patch in April. However, this was only a temporary fix. At the end of May they deployed a more consistent fix for the problem.

‍

“SynLapse and previous critical cloud vulnerabilities such as Azure Auto Warp, AWS Superglue and AWS Breaking Formation, show that nothing is bulletproof and there are numerous ways attackers can reach your cloud environment. That is why it is important to have complete visibility into your cloud estate, including the most critical attack paths.”

My thoughts: In the last Cyber Weeklys, we have mentioned several stories about third party vendors getting hacked and affecting their partners. In this case, Microsoft could have been responsible for devastating cyber crimes. This time we were lucky that nothing was exploited. Always patch your applications!

‍

If Found Guilty, Capital One May Be Liable up to $800 Million

‍

Capital One bank issues credit cards for Costco Wholesale and the Hudson Bay Company to Canadians. However, in a recent data breach, the bank was a victim to a cyber attack that affected six million Canadians and 100 million Americans.

‍

The breach included information between 2005 and 2019 including name, date of birth, mother’s maiden name, address, email address, phone number, employer name, housing situation, annual income, status of mortgage, and banking information.

‍

If found negligent, the bank will need to pay up to $800 million in damages in an on-going class-action lawsuit. (CoastReporter)

‍

My thoughts: These large class-action lawsuits will set the precedent for future data breaches. It’s interesting to see how they unfold especially as the laws in Canada change.

_____________________________________________

Just a Heads Up!

Assurance IT is launching a new Veeam promo. When you renew your Veeam Support Contract with us, you get 1TB of Cloud Connect Backup for free, for making the switch. The promo is going to launch in the near future.

If you want to learn more about the 3-2-1 Backup Rule and how many companies use it to protect their data, here is an article that highlights its importance.

I'll keep you posted on when we launch the promo. Reach out if you have any questions.

‍