Friday Five: 10/13 Edition
1. New Netflix phishing campaign sees hackers targeting business emails to steal your credit card data by India Ashok
Users beware – a new phishing campaign identified by PhishMe is targeting both consumer and business email addresses as miscreants attempt to steal credit card information and credentials of target victims. Leveraging the popular streaming service, the miscreants have specifically targeted large businesses including Wells Fargo, Comcast Chase Bank and TD Bank. This campaign has been active since at least June, and the message is a simple one sent by the attackers asking users to update their account information (with the message masquerading as an official notification from Netflix). The simple ruse can be surprisingly effective as users may not verify the authenticity of the message, and look to update it using a password that they use for other accounts, which the attackers can then harvest and reuse, or sell on the Dark Web.
Discover Card members have been receiving vague notifications from the large credit card company with the subject line “Important: What you can do now about the recent data breach.” When we are living in an age where breaches are the norm, it’s important to be clear what breach is being referred to. Was it Equifax? Was Discover itself breached? The notification did include tips, such as watching for alerts about your account and monitoring your FICO score, but Discover did not specify the origin of the breach. Thankfully it clarified this via social media, stating that Discover itself had not been hacked, but that “the email was referring to a breach at ‘one of the credit bureaus’.” It’s safe to assume they are referring to Equifax here. Discover did not state why it did not mention Equifax by name (to alleviate some confusion) other than that it was a “copy decision” but it’s more important than ever to deliver this type of information concisely, quickly and clearly to consumers, especially in the wake of such a large breach where consumer confidence is already low.
Disqus discovered a breach in early October that has impacted 17.5 million users dating between 2007-2012. Founder and CTO Jason Yan sent an alert out to Disqus users stating that a snapshot of the target database revealed “user names, sign-up and last login dates and email addresses in plain text as well as passwords hashed using SHA1 with a salt for approximately one-third of users.” Disqus is personally emailing all impacted users, although notifying 17.5 million users will take some time. With the rise in breaches impacting helpless consumers, is it time to retire password-based authentication, and what’s a viable alternative?
This week, news reported that parts of Equifax's website was redirecting people to a malicious site with fake Adobe Flash updates. Equifax blamed a third-party service they were using to collect website data. TransUnion, another credit reporting bureau, also was experiencing the same issue with their Central American website, a security researcher discovered. The malicious site would force an automatic "flash" download or deliver an exploit kit to unpatched browsers or browser plugins. Both TransUnion and Equifax said that their systems were not affected but even that knowledge certainly won't help consumers feel more secure.
Once again, payment card systems at Hyatt Hotels have been infected by malware. Just last year, 250 Hyatt Hotels were hit with malware. Names and credit card details may have been stolen from customers who checked in between March and July of this year. This latest malware infection affected 41 hotels in the chain in multiple countries, though nearly half were in China. The hotel chain noticed suspicious activity in July but didn't inform customers until this month, when the investigation was completed. If you checked into a Hyatt hotel between March and July, check your credit card statements for any suspicious activities.