Who really is that voice, 80 indicted for email fraud and ditch old software
Welcome to Cyber Security Today. It’s Monday August 26th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast, click on the arrow below:
Smart organizations have strict policies over how employees handle money. Certain verbal or written permissions should be needed before a staffer can transfer money by wire or change the regular bank account of a supplier. Those rules should include checking twice when instructions come by email, which can easily be faked. Well, there’s a new threat coming, say experts: Fake voicemail. The ability for bad guys to create so-called deepfake audio recordings of real people like your boss is increasing. Last month a security company reported three cases of these fake recordings of executives that try to trick employees into transferring cash. So, business listeners, it’s time to add policies about getting independent verification about financial requests from voicemail as well as email. If you get a request, don’t reply to the email. Speak to a supervisor or phone someone senior using a phone number you know, not one in the email.
Speaking of email fraud, employees at Portland, Oregon’s public school board recently fell for it and transferred almost $3 million to an unapproved bank account. According to a news story last week the board was able to freeze the money before the fraudster withdrew it.
More good news on this front: The U.S. Department of Justice last week indicted 80 people for allegedly being involved in a global business email and romance scam network that stole $6 million from victims. Most of the accused are in Nigeria, but 14 people were arrested in the U.S. According to the indictment, stolen money was laundered through bank accounts in the United States. Some victims lost hundreds of thousands of dollars. Many were elderly.
I often talk about the need to make sure all software on your devices have the latest patches or versions. That also means abandoning old software that isn’t supported anymore. A report last week from security vendor Trend Micro shows another reason why. It says there’s a new version of malware circulating that takes advantage of a seven-old old vulnerability in Microsoft Office, and a nine-year-old hole in Adobe Acrobat and Acrobat Reader. Some of you may be using an old version of Microsoft Office because it’s expensive to buy a new one. Well, it will be expensive if you’re hacked. Buy a new one or use one of the free office productivity suites like Microsoft Office Online, LibreOffice, Google Docs or Polaris Office. As for Acrobat Reader, this free PDF reader needs to be regularly updated. It’s free, so why not?
Finally, you’ve probably heard of Windows support scams. Three’s also an Apple scam. You get a recorded voice call saying there’s a problem with your Apple account. The message says don’t do anything until you speak to an Apple support person, who is waiting on the line. Hang up. Tell your family and friends to do the same.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA