It’s somewhat of an oxymoron to have St. Patrick’s Day come only two days after the Ides of March. And with all the buzz that comes with celebrating the luck of the Irish, it’s easy to forget to heed the warning that was given to Julius Caesar: Beware the Ides of March!
I should have known that the week had some misfortune in store; alas, I was caught by surprise when I received a text message from Bank of America saying that someone was attempting to use my debit card at a Target in Texas. The (888) number should have been an indicator of fraud, but the alert itself raised my anxiety. I responded that no, I was not in Texas dropping $1,209 at Target. Immediately, I received a phone call reportedly from a “concerned” BoA fraud agent who was to solve all my problems. By now, I’m sure you know that this was a scam. No, I didn’t fall for it, but I know plenty of folks who might have. In fact, according to the FBI’s 2020 Internet Crime Report (IC3), Americans were the unlucky targets of 241,342 phishing, vishing, smishing and pharming attacks last year.
Likewise, scams are on the rise across Europe. Europol raised alarm bells on March 15 with a news alert that advised of an email scam invoking the name of Europol’s Executive Director and warned, “Don’t be misled – this correspondence is fake. Europol’s Executive Director would never directly contact members of the public requesting an immediate action or threatening individuals with opening a criminal investigation.”
We saw more than scams this week, so let’s take a look at what else made cybersecurity news.
Mar. 19: Infosecurity Magazine reported, “ESET has uncovered malware designed to leverage the growing popularity of invite-only social media app Clubhouse.”
Mar. 19: Website Planet, which reviews and recommends website builders, intentionally created misleading information about COVID as part of its research to understand how websites report or deal with misinformation and found that only two of the seven sites tested removed fake news.
Mar. 18: To protect users against threats to mobile accounts, Facebook announced the rollout of physical keys to verify user accounts on both Android and iOS devices.
Mar. 18: A new report from the Government Accountability Office found, “The U.S. electricity grid’s distribution systems—the parts of the grid that carry electricity to consumers—are becoming more vulnerable to cyberattacks.”
Mar. 17: Reflecting upon the lessons learned about the vulnerabilities in US critical infrastructure after the hack of a water facility in Oldsmar, Florida, CPO Magazine wrote, “Unlike the high-profile ‘critical infrastructure’ sites, which benefit from support from Homeland Security and dedicated budgets for security personnel and tools, most public utilities don’t enjoy resources for anything related to security.”
Mar 17: The nation-state hacking group, Mustang Panda, believed to have links to the Chinese government, reportedly have been conducting espionage attacks against telecom companies in the US, Asia and Europe.
Mar. 17: The US Attorney’s Office in Washington announced, “A Seattle man employed as a cyber security consultant was indicted today by a federal grand jury for conspiracy to engage in cyberstalking, three counts of cyberstalking in violation of criminal order, and two counts of cyberstalking.”
Mar. 16: Dark Reading reported, “Microsoft has released a mitigation tool to help organizations that lack IT and security support as they work to patch their Microsoft Exchange Servers and defend against ongoing attacks.
Mar 15: “Microsoft is reportedly investigating a potential partner leak that could have exacerbated the current wave of attacks against Microsoft Exchange servers,” ZDNet reported.