Phishing Watchdog – Stay Safe with Instant Alerts


Rights Group: APP Bank Fraud Cost Consumers £1bn

18th March 2020 | Target: Right Group | Reported Here

Financial institutions could have prevented hundreds of millions of pounds worth of fraud over the past three years by implementing a simple payee-checking service online, a consumer rights group has claimed.

Which? estimates that £1.1 billion has been lost to bank transfer fraud since 2017. In these cases, a scammer posing as a trusted entity tricks the victim to transfer money to a bank account under their control — known as “authorized push payment” (APP) fraud.


[above via Security Intelligence post] Update 1


Ryuk Ransomware Takes Out Durham, North Carolina

8th March 2020 | Target: Durham, North Carolina | Reported Here

The city of Durham, North Carolina temporarily disabled its phone system last weekend after suffering a Ryuk ransomware attack.

The city of Durham and Durham County published a joint statement on March 8 in which they revealed that a malware attack had affected their IT services. According to the statement, the government bodies first learned of the security incident on March 6. Both entities relied on their notification systems to alert IT teams of the attack.


[above via Security Intelligence post] Update 1


266,000 Passwords Stolen in Trident Crypto Fund Data Breach

6th March 2020 | Target: Trident Crypto Fund | Reported Here

In a major privacy breach, the usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.

Technical director of cybersecurity firm DeviceLock Ashot Oganesyan told Russian news outlet IZ the database — which contains email addresses, cellphone numbers, encrypted passwords and IP addresses — had been uploaded to various file sharing websites on February 20.


[above via Coin-Telegraph post


UK ICO Fines Cathay Pacific with £500,000 for 2018 Data Breach

4th March 2020 | Target: Cathay Pacific | Reported Here

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.


[above via Ico post] Update 1 / Update 2


Ransomware Attack: Georgia City Pays $380K Ransom to Hackers

2nd March 2020 | Target: Cartersville, Georgia | Reported Here

Almost one year after a ransomware attack struck the city of Cartersville, Ga., municipal officials revealed that they paid a ransom of $380,000 to regain access to their files.

The news was made known after the local Daily Tribune News filed a Freedom of Information Act request, which disclosed the payment to mitigate the May 4, 2019 attack. The Daily Tribune found that the initial ransom demand was for $2.8 million, payable in bitcoin, and that the city’s insurance paid the majority of the cost.


[above via Sc-Magazine post] Update 1


Desjardins Group Breach Cost $38m Higher Than Expected

27th February 2020 | Target: Desjardins Group | Reported Here

Last year, the Quebec based financial institution Desjardins Group suffered from a data breach carried out intentionally by a malicious employee who had access to baking details. As a result of this individual’s actions, the data of 4.2 million Desjardins customers was exposed and 1.8 million credit cardholders who were not Desjardins members were affected as well. Original reparation estimates were around $70 million, but earlier this week the company has stated that the breach is likely to cost them roughly $108 million.


[above via Oodaloop post] 


Shark Tank Star Corcoran Loses $400K in Email Scam

26th February 2020 | Target: Barbara Corcoran | Reported Here

“Shark Tank” judge Barbara Corcoran lost nearly $400,000 in an elaborate email scam that tricked her staff.

Corcoran said someone acting as her assistant sent an invoice to her bookkeeper earlier this week for a renovation payment. She told People that she had “no reason to be suspicious” about the email because she invests in real estate, so the bookkeeper wired $388,700 to the email address.


[above via Cnn post] Update 1 / Update 2 / Update 3


Ransomware-hit US gas pipeline shut for two days

18th February 2020 | Target: US Natural Gas Pipeline  | Reported Here

A ransomware attack on a US natural gas facility meant a pipeline had to be shut down for two days, the US Department of Homeland Security (DHS) has said.

However, it did not name the facility or say when the attack happened.

A malicious link sent to staff at the facility eventually caused the shutdown “of the entire pipeline asset”.


[above via Bank Info Security post] – Update 1


Official: Puerto Rico Govt Loses $2.6M in Phishing Scam

12th February 2020 | Target: Puerto Rico | Reported Here

Puerto Rico (AP) — Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official.

The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.


[above via Ap News post] – Update 1 / Update 2


A tail of two ransomware attacks

7th February 2020 | Target: Two schools | Reported Here

Two schools, two ransomware attack and two different outcomes.

The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.


[above via Zephymet post]