The Bigger the Giant the Harder the Fall
By Hodgson Consulting & Solutions | September 20, 2019
The bigger the giant, the harder the fall. At least that’s what hackers are hoping for with their latest cyber schemes towards Amazon users. “HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing emails purport to be notifications from Amazon informing the recipient that they need to update their information within twenty-four hours or their account will be permanently disabled.” (knowbe4.com, 2019) Hackers are banking on Amazon users falling for this phishing attack and providing all of their account information, so that they then have access to the user’s credit card and bank account information. They achieve this in a little as three short steps: 1.) Send phishing email 2.) Redirect users to a lookalike Amazon login page and 3.) Redirect users to a form used to collect all of their demographic information. The most convincing part of this scam is that once steps 1-3 are completed, users are then returned to Amazon’s actual website. “However, there are multiple red flags that could have alerted observant users. The email has numerous typos and grammatical errors, and the urgent language and deadline are common social engineering ploys. Additionally, while the site’s URL attempts to hide behind a subdomain called “login-info-accountsetting-update,” the actual domain name clearly isn’t Amazon’s.” (knowbe4.com, 2019) Most people use Amazon for either business purchases, personal purchases, or both. Amazon isn’t the problem here. However, learning to spot a spoofed email or a call to action is.
Hackers use phishing attacks to play on your cyber vulnerabilities. Unfortunately, sometimes they purposely target those who are also physically vulnerable. As reported by Kare 11 news, a shared public transportation service (Metro Mobility), for riders who cannot use traditional “Metro Transit bus routes due to a disability or health concern”, was the target of a phishing attack. (kare11.com, 2019) A whopping 15,200 people were potentially affected by this breach. “According to Metro Mobility, the information from rides that were taken between about June 13 and Aug. 14 could have been accessed. [And] that information includes:
- Pickup and drop-off addresses
- Times of rides
- Use of mobility aids
- Special instructions for drivers about disabilities and needs
- Phone numbers, in some cases” (kare11.com, 2019)
This could have huge impacts on riders who may be on a fixed income and/or have just a single financial account to their name. While “investigators don't believe that financial data was accessed, as a "routine practice" they recommend that riders take precautions like monitoring personal credit reports.” (kare11.com, 2019) The primary takeaways from both of these attacks is that you should always be aware of your account activity. And that hackers have no moral code when considering who they will target, therefore you are responsible for ensuring that you have all eligible protections in place for securing your accounts, your identity, your business, and your all around well-being. Hackers don’t care who they hurt, so the burden of care lands on you.
How it Could Affect You:
Hackers are counting on you and your employees not being vigilant and aware. The best way to combat phishing attacks like those listed above, is to not fall for them. And the best way to avoid falling for them, is learning how to spot them.
- Review the sender of all incoming emails and make sure that the associated email address matches that person’s/company’s name
- Beware of any links included in emails, especially unexpected ones. Always check to be sure the displayed link and the hyperlink are reflective of the same site
- Beware of emails containing unexpected attachments
- Train yourself and your employees/coworkers on how to spot phishing emails and phone calls
Learning to spot phishing emails, phone calls, and other spoofing techniques used by hackers is important for your own protection. Let Hodgson help locate and protect your security vulnerabilities, before hackers find their way in.
Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE Cyber Security Risk Assessment and learn more about our Managed Security Service Plans.