Protect Your Loved Ones From Romance Scams This Valentine’s Day

By |2023-02-10T13:01:03-05:00February 10th, 2023|Cyber Security Awareness, Dark Web Monitoring, Uncategorized|

  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE
  • SECURE YOUR VALENTINE

When you hear “romance scam” you may think of a little old lady falling for the classic “Nigerian Prince” scam. But romance scams have become far more complex and difficult to recognize, adapting to today’s online dating landscape. With the popularity of platforms like Match.com, Tinder, and Bumble, scammers have set their sights on these popular apps and even social media.

In fact in the United States, consumers have lost $770 million to fraud scams started on social media in 2021, according to the Federal Trade Commission (FTC). In the first half of 2021, the FBI Internet Crime Complaint Center (IC3) received over 1,800 complaints related to online romance scams, resulting in losses of approximately $133.4 million.

In Canada, based on fraud reports to the Canadian Anti-Fraud Centre (CAFC), romance scams were responsible for the second highest amount of fraud-related dollar loss in 2021. These scammers are using advanced methods to appear legitimate and trick people into trusting them.

Romance scams can be part of a much larger cybercriminal ecosystem. International cyber gangs will even use dating sites to recruit victims as “money mules” and use them to unknowingly launder funds, according to AARP.

Often, scammers prey on victims experiencing loneliness, which has not been uncommon during COVID-19 pandemic lockdowns. If your friend or relative has started a new online relationship, or even if they’ve been in one for several months, it’s important to check in and look for any red flags.

Some red flags may include:
  • A request for money. A request for money is a major red flag of a scam. Scammers may pressure you into sending money for “urgent” matters, such as medical expenses. They may also say it’s for a plane ticket to visit you. Never send money to someone you haven’t met in person. Scammers may also ask for payment in the form of pre-loaded gift cards or wire transfers.
  • They may often make and break promises to come see you in person. The person claims to live far away, overseas, or be in the military.
  • The relationship is moving fast and the person professes love quickly.
  • There’s pressure to move the conversation off the platform to a different site or want to continue the conversation through text. Dating platforms search for scammers on their sites. Scammers will want to move their victim off-platform to avoid any detection.
If you believe a loved one is the victim of a scam, it is important for them to take the following steps:
  • Cease communications with the scammer immediately and take note of any identifiable information you may have on them, such as their email address.
  • Contact your bank or credit card company if you’ve given them money.
  • Report the scammer if in the United States to the FTC and the FBI.
  • Report the scammer if in Canada to your local police and also the CAFC.
  • Notify the website or app where you met the scammer.

Remember that romance scams can happen to anyone at any age and falling for a scam is nothing to be ashamed of. By speaking out, reporting scams, and encouraging others to do the same, you can help protect others from becoming victims. While you’re at it, watch the Tinder Swindler, which is about a guy that scammed Woman out of millions of dollars, it’s a NEW Documentary on Netflix. For more information, please feel free to Contact Us.

#StaySafeOnline

2022 In Review: An Eventful Cybersecurity Year

By |2023-01-18T14:28:44-05:00January 18th, 2023|Business Continuity Solutions, Cyber Security Awareness, Dark Web Monitoring, Infrastructure Security, IT Support, Uncategorized, Website Security|

Ikea logo

Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022.

No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.

CommonSpirit Logo
One of the largest healthcare systems in the US is experiencing outages impacting patient care after a suspected ransomware attack knocked some hospital systems offline. Subsidiaries of CommonSpirit have reported being affected by the attack including CHI Health facilities in Nebraska and Tennessee, Seattle-based Virginia Mason Franciscan Health providers, MercyOne Des Moines Medical Center, Houston-based St. Luke’s Health and Michigan-based Trinity Health System. The U.S. Department of Health data breach portal — where all healthcare organizations are legally obligated to report data breaches impacting more than 500 individuals — has confirmed that the threat actors accessed the personal data of 623,774 patients during the CommonSpirit ransomware attack.
Finalsite logo

School website services provider FinalSite has suffered a ransomware attack that disrupted access to websites for thousands of schools worldwide. FinalSite provides solutions for over 8,000 K – 12 schools and universities in 115 countries. School districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors. Bleeping Computer reports that in addition to the website outages the attack prevented schools from sending closure notifications due to weather or COVID-19. FinalSite says that approximately 5,000 school websites went offline as a result of the ransomware attack and no data was stolen. An investigation is ongoing.

ICRC logo

The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.
DDSB
A school system in the greater Toronto area has experienced a major technical outage after a hacking incident in late November 2022. The cyberattack impacted at-home schooling, phone and email systems at the board and forced the postponement of the literacy test (OSSLT). The district the board oversees is responsible for public education across 136 elementary and secondary schools in the eastern Toronto area serving an estimated 74,000 students with over 7,000 teaching and educational services staff.
Mircosoft logo
The Lapsus$ gang has released 37GB of source code that they snatched in a hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account.

The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident.

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Verizon logo

Verizon has announced that hackers obtained access to a database. The hacked database includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. According to reports, the hacker contacted Verizon to ask for an extortion payment of $250,000 to prevent the release of the stolen data. Verizon has said that they do not plan to pay.

Information exposed in the database includes employee names, email addresses, corporate ID numbers, and phone numbers. Verizon says that the database does not include Social Security Numbers, passwords or credit card numbers.

Sunwing Airlines Logo

Sunwing Airlines passengers were finding themselves delayed or stranded in airports in Canada and across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline had been forced to manually check in passengers and handwrite boarding passes, causing massive delays for several days, with passengers stranded in the Caribbean, Mexico and Central America. The company in-turn had to subcontract flights with other airline carriers just to get some of its stranded passengers home.

Coke logo

The new ransomware group Stormous claims they’ve pulled off a ransomware attack against The Coca-Cola Company, claiming that it snatched 161 gigabytes of data. The hacking group has been linked with Russian nationalist cybercrime following its public statement vowing to take action against companies that pulled out of Russia in the wake of Russia’s invasion of Ukraine. Financial data, passwords and commercial account records are said to be among the stolen data. Coca-Cola says that it is investigating the matter.

Scarborough Health Network

Toronto healthcare provider Scarborough Health Network has disclosed that it has experienced a data breach. Officials say that an unauthorized actor gained access to the organization’s systems around January 25, 2022. The attacker was shut out of the system by February 1, 2022. The information of anyone treated before February 1, 2022, may have been compromised.

The organization says that patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016 might be impacted as well as patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.

The health network says a big pool of information may have been accessed, including patients’ names, dates of birth, marital statuses, home addresses, phone numbers, email addresses, OHIP numbers, insurance policy numbers, lab results, diagnosis information, COVID-19 immunization records. Staff names and numbers may have also been accessed.

SickKids logo
The Hospital for Sick Children (SickKids) is currently responding to a cybersecurity incident affecting several network systems and has called a Code Grey – system failure. The code went into effect at 9:30 p.m. on Sunday, December 18, and is ongoing. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times. On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. the LockBit ransomware gang apologized for the attack on the hospital and released a decryptor for free. “We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” stated the ransomware gang.
General Motors logo

General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.

Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).

Panasonic logo

The Conti ransomware group has claimed responsibility for an attack on Panasonic’s Canadian operations in February 2022. Panasonic confirmed that it had been the victim of a ransomware attack that impacted its systems, processes and networks. The company says that it has contracted with outside experts to investigate the attack as well as clean and restore servers and rebuild applications. No word was available about what if any data was stolen by the attackers. Panasonic says that relevant authorities have been informed.

Chicago Public Schools

Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident.

The improperly accessed data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations. Employee data included names, employee identification numbers, school and course information and emails and usernames.

Holiday Season 101 – 5 Best Ways to Shop Safely Online

By |2022-12-02T15:00:54-05:00December 2nd, 2022|Cyber Security Awareness, Uncategorized, Website Security|

Holiday season is here, and it’s the time for giving. Everyone loves to give a gift and see the smile on their loved one’s face – but there’s a lot more that goes into buying the perfect gift. We are seeing more online shopping than ever before, especially with the huge influence of Amazon. In the wise words of our favorite superhero’s Uncle Ben, “with great power, comes great responsibility,” but in the case of the cyber world, “with great ideas, comes great risk.”

It’s unfortunate that there will always be someone looking to exploit the innocent, and it has certainly become a lot easier than ever through the world of cyber crime. There are an increasing number of ways for cyber criminals to attack you and your business! Threats and tools continue to get smarter and more sophisticated. Whether you’re clicking on a malicious link in a phishing email, accidentally transferring funds to a fraudulent account, or watching your business cripple from ransomware, it’s important to know the biggest cyber security threats against you, and how to fight against them.

Let’s start with the holiday season – here are the 5 best ways to shop safely online:

1. Never use public Wi-Fi networks to shop.

Public Wi-Fi from your local coffee shops are just that… public – meaning you never know who is on that network, and anyone with the know-how can compromise it. You can think of Wi-Fi this way: public Wi-Fi is like a public water fountain where you saw the person before you coughing on the spout. You certainly wouldn’t touch the spout without making it safe, and most people will ignore it all together. Private Wi-Fi is your own personal water bottle – sure you can share it if you want but no one has access except who you choose. Even better is a private Wi-Fi on a virtual private network (VPN), which is like having a room all to yourself to drink your own personalized filtered Fiji water. All this is to say, public Wi-Fi should only be used for your basic internet browsing, and you should always consider the potential consequences. Huge mega malls with free Wi-Fi are one of the biggest traps for cyber criminals – it’s like open season for hackers.

2. Beware of rock bottom prices

Put your hand up if you don’t love a good sale….No? No one? Everyone loves a good sale, but there’s a reason why everyday retailers won’t go below a certain price. Bottom line: if you’re paying rock bottom prices, expect a rock bottom product or no product at all. You will start to see a lot of social media advertisements across different websites with low prices on they’re “unbelievable” product, but it’s remarkably easy to set up a social media account and pay for advertisements, luring innocent people into buying a product that’ll never arrive. If you start seeing offers that look too good to be true, they probably are. Always double check the vendor, and see if the product is being sold on trusted sites like amazon and what their prices are.

3. Check for website securities

This is a very important step. Website securities are a tell-tale sign of a website that can or cannot be trusted. Look at this picture. What I mean by “website securities” is the padlock icon, and “https” displayed before the website URL. These two symbols show anyone on the website that any credit card transactions, social insurance numbers/social security numbers, login credentials, etc., are all secure transactions through encryption.

In technical terms, it means that the site you are visiting has a Secure Socket Layer (SSL) Certificate. Whenever you’re doing any online shopping, you have to be mindful of this. There is a significant difference between a website displaying “http” vs “https”. A website displaying “http” is not encrypting any information given throughout the website, meaning any hacker can access that information – including your credit card information. A basic rule is to never conduct transactions on a website without an SSL certificate.

4. Email marketing scams

The holiday season is when you’re going to start getting all the marketing emails from your favorite stores promoting their big sales. It’s no surprise that the number of fake marketing emails start to rack up as well. Imitation emails can be so well crafted, that it’s hard to distinguish between them and the real thing. Amazon, Best Buy, PayPal are just a few examples of companies hackers love to imitate during the holiday season. It’s important to be double checking all emails for validity, especially if you weren’t expecting an email from that company. Take the time to review our guide on how to identify phishing emails.

5. Don’t give personal info

A site that will ask for a lot of information in the process of payment are signs that it’s a scam. Typically, a website won’t need much else other than your name, payment method, mailing address and billing address. If the website starts to ask for additional information like your social insurance number/social security number, date of birth, and more personal information, it’s a sign that you might be getting scammed out of your money.

BONUS: Use credit cards

This is more about IF you do get scammed, rather than protection from scamming. Using a credit card is a safer and more secure way to conduct transactions, seeing how you’re not using your actual money but rather you’re using credit. When you report a scam to the authorities or to your bank – which you should always do – you’re more likely to receive your credit back rather than any funds from your debit account. It’s always important to stay ahead of the game when it comes to cyber protection. With the holiday season, it gets even more essential.

Feel free to Contact Us for more information.

Title

Go to Top