More than 400 million Facebook phone numbers were recently compromised, ransomware attacks are ramping up, and the old “your uncle has left you a fortune” email scam is back – but with a new twist.
Those are three emerging threats on the cybersecurity radar, says Craig Petronella of Petronella Technology Group Inc.
Petronella is a cyber safety specialist based in Raleigh, NC who blogs on emerging cyber risks. Following are three of his latest alerts.
Want to learn more about email scams and social engineering threats? Attend our free one-hour cyber safety CLE webinar coming up in December. Free webinars are just one of the many benefits of belonging to Alta Pro Lawyers RPG. You also get access to the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.
Server Error Exposes Facebook Data
“A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally,” writes Petronella. “Each accessible record contained a user’s Facebook ID, phone number, and location. Some even had the user’s name.”
“This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam calls and SIM-swapping schemes, even a force-reset password on any internet account associated with that number.”
“‘This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,’ stated a Facebook spokesperson. ‘The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.’”
“Regardless, the data was there, and serves as a reminder to us all that data should never be stored online or publicly without a password.”
Ransomware on the Rise
So far in 2019, there have been more than two dozen reported public-sector ransomware attacks on US cities, signaling a sharp rise in frequency since 2018. The attacks target local US government facilities such as cities, police stations, and schools. Some of these attacks have cost millions of dollars in ransom to get functioning again.
“Recorded Future, a cybersecurity firm that has tallied ransomware assaults demanding payment (usually in bitcoin) in exchange for unlock keys, found that at least 170 county, city, or state government systems have been attacked since 2013.”
Baltimore, Albany NY and Lake City, FL are three recent victims.
“Experts estimate that ransomware costs billions of dollars a day worldwide, though the cost may be even higher because there is no global tracking system of incidents, nor are all incidents are reported. Individuals are less likely to be hit with ransomware due to the low payout to the hackers. They are also less likely than major businesses or government entities to report an attack.”
“Ransomware attacks are usually carried out by a multitude of individuals, either working alone or in criminal gangs. Often attacks originate in countries where the US cannot extradite the criminals. Some of the world’s most destructive ransomware worms, WannaCry, NotPtya, and SamSam, have all been created in places the US can’t reach the culprit.”
Claim Your Inheritance Now!
“Advance fee or 419 scams have been around for years. The scam works via an attempt to contact the victim so they can be gifted an exorbitant amount of funds left unclaimed by a deceased individual who has the same last name as the victim or is their long-lost relative. Or in the case of our prince, begging assistance from someone to launder a large amount of money out of the country of origin. The victim, believing the get rich scheme sends off funds in advance payment to ‘establish’ themselves as the relative/partner in question. The victim, of course, gets nothing.”
“Once email began, these scam letters started reaching out to people digitally. Now, it looks like the vintage snail-mail has made a comeback with a pinch of modern updates. You can see the recent version of it here where the scammer provides an email address for the recipient to contact him.”
“While the poor grammar and clumsy misspellings are typical warning bells for fraud, there are still some people who fall victim—nameless elderly individuals or those in monetary need. Sending these scams via USPS makes these even more appealing to people. And these letters go out en masse, so if the scammers get even a handful of responses per 1000 letters, they can net some serious reward.”
“If you receive a letter or e-mail similar to the one above, do NOT reply. Report the letter to the authorities. You can also register a complaint with the Federal Trade Commission’s Complaint Assistant. If the letter arrives via email, notify your security department immediately. Do not click on any links or respond in any way.”
Read Petronella’s post here.
Get protection and peace of mind with cyber liability insurance protection. Want a no-obligation quote on coverage to suit your practice needs? Contact Alta Pro Insurance today.
About Craig Petronella
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721