Netizen Cybersecurity Bulletin (April 13th, 2021)

Overview

  • Phish Tale of the Week
  • 533 Million Facebook Users’ Personal Identifiable Information Leaked Online
  • Fleecware Apps Accumulate $400M in Revenue
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting JPMorgan Chase account holders. This email appears to be a warning notice that the client’s account has been put on hold. This email contains Chase’s official logo as well a shortcut to fix this issue right in the email, so why not click “verify account”. Unfortunately, there’s plenty or reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender address. Big corporations like JPMorgan Chase will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
  2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
  3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that our account has been put on hold. We are then given a shortcut to verify account an unfreeze our account. Phishing campaigns like this will almost always try to convince you to click on a link or shortcut to navigate you out of your email browser. Remember, if a link or shortcut looks suspicious, do not click on it.

For Chase specific recommendations find more here.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

533 Million Facebook Users’ Personal Identifiable Information Leaked Online

Facebook has come under heavy fire after it was reported that over 533 million Facebook users worldwide had personal identifiable information (PII) leaked earlier this month on a popular hacking forum. troves of information are believed to have stemmed from the 2019 data breach that saw Facebook housing hundreds of millions of users’ records on a public server. The personal information that was leaked included full names, Facebook ID’s, locations, gender, email addresses, and other profile details for the over half a billion users affected. In a shocking discovery, it was also revealed that the personal phone numbers of Facebook CEO Mark Zuckerberg, and co-founders Dustin Moskovitz and Chris Hughes were also leaked in this breach. In total, over 533 million Facebook users in 106 different countries were impacted by this leak.

Researchers have rushed to uncover how this data was leaked and it appears the culprit was an old Facebook tool put in place to connect users’ phone records to potential friends on Facebook. Prior to 2019, Facebook had a contact importer tool to help users link up existing contacts on their phones to simplify the whole process of adding contacts manually. The tool would reference contact list phone numbers to any Facebook accounts associated with them and then suggest these users to be added as friends on Facebook. The whole process was created to help make it easier to get started when you first sign up for a Facebook account. However, in 2019 Facebook became aware that malicious actors had exploited this tool to mass scrap millions of user records from their site.

Since the news of this most recent leak, Facebook announced that they have no plans to notify users who had their data exposed. They noted that this data was already scraped from public profiles using their “contact importer” feature in 2019, but have since adjusted this feature to prevent this from happening in the future. Additionally, Facebook claimed that since this data was scraped from public profiles that they would have no way to be certain about which users were affected and would need to be notified. Luckily, we’ve found a website on link that will tell you if your email or phone number has been used in a data breach. Visit https://haveibeenpwned.com/ to check if you’ve been affected.

To read more about the latest Facebook breach, click here.

Fleeceware Apps Accumulate $400M in Revenue

What happens when you forget to cancel that 1-month free trial you agreed to for a new app on your phone? Sometimes you will be charged a small fee or an instant renewal cost, but in some cases those charges may be a lot higher than people expect. Researchers from Avast have uncovered approximately 204 fleeceware apps in Apple’s App Store and the Google Play Store. “Fleeceware” is type of mobile malware application that comes with hidden, excessive subscription fees. These apps prey upon people who do not know how to cancel a subscription or are less likely to, leading to exorbitant account charges over a period. Fleeceware usually lures targets in with a free trial, before the automatic payments begin to kick in. Avast reported that some of these subscriptions can reach up to as much as $3,400 a year.

To break these apps down by operating system, a total of 134 apps were found on Apple’s iOS platform with projected revenues of $365 million, while 70 fleeceware apps were uncovered in the Google Play Store with projected revenues of $38.5 million. What makes these apps so profitable is the niche that they fulfill. Most of these apps are easily marketable, viral applications like photo editing software, horoscope readers, music lessons, or astrology boards. These applications are ones that people would normally scoff at paying money for, with so many free options in the marketplace. However, when an advertisement to “test trial” the paid version of these applications with promises of “exclusive features” gets to most users, people want to try these applications themselves.

The crazy part about this scam is that these apps appear to be real, legitimate applications when viewed in their respective app store. They have product descriptions, impressive user reviews, and visually pleasing API’s, all to make these apps look as real as possible. One of the first ways to spot scams like these is to scan through a few pages of user reviews. Scammers will often try to bury bad reviews under a mountain of fake reviews, but most app stores will prioritize “active” community member reviews on most applications. To get to these reviews select the “most helpful” or “most relevant” drop down and see what actual people have to say about these applications. Another way to combat these scams is to always read the fine print. Make sure to comb through the “in app purchases” section and familiarize yourself with the terms and conditions you are agreeing to. Many times these scams will rely on people not noticing the exorbitant costs that are right in front of them, and instead skipping over all the terms and services with their purchase. Finally, keep a critical eye on all purchases over the internet. Today’s digital age has seen a massive increase in the number of malicious actors looking to dupe unsuspecting individuals into giving over payment or personal information. If an advertisement looks too good to be true, chances are it is.

Find more about this article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.