Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

A breach at UK car insurance company, the AA, has exposed information on more than 100,000 customers, including names, email addresses and partial credit card details, according to security researchers.

The company said a ‘server misconfiguration’ was responsible for the information being openly available on the web for a few days in April of this year.

The AA have been criticized for its handling of the incident: After claiming no sensitive information was included in the exposed cache, the company was called to task when security researcher Troy Hunt said he found 117,000 unique email addresses, names and partial credit card info among the details.

The company never notified its affected customers, he added.

Source: Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

What you need to know about botnets – Threat Intel – Medium

You have probably heard the word botnet in recent months, with the Mirai botnet putting the term firmly on the map at the end of 2016.

However, while the word may be familiar, it is possible you are not familiar with what a botnet actually is. You also may not know that they are a far from new innovation on the part of cyber criminals, with botnets being used in various nefarious activities for many years.

The two most common uses of botnets are probably to carry out spam email campaigns, and to conduct distributed denial of service (DDoS) attacks.

Bots can also be used to send out email malware. Different types of malware can have different goals, including harvesting information from infected computers. This could include passwords, credit card information, and any other information that can be sold on the black market. If computers on a corporate network are turned into bots then sensitive corporate information could also be at risk of being stolen.

Bots are also commonly used for click fraud — visiting websites to create false traffic and generate money for those behind the bots. They have also been used in bitcoin mining.

Source: Web of woe: What you need to know about botnets – Threat Intel – Medium

Nasty Scam Mail Costing Warwickshire Residents Thousands

Nasty scam mail containing false promises of good luck and riches are being targeted by Warwickshire County Council’s Trading Standards Service this July as part of Scams Awareness Month 2017.

Warwickshire Trading Standards are aware of many scam mail victims, some of whom have lost thousands to bogus clairvoyants and scam lotteries.

One elderly Leamington Spa resident was sending money to so many scam mail fraudsters that she couldn’t afford to pay her utility bills and fell in to debt. She was constantly promised big prize pay-outs, but this was really a ruse to sell her cheap ornaments and other products she didn’t really want or need. Another Leamington resident paid out over £12,000 in the course of a year and was sending between £500 and £1000 each month to receive her ‘prizes’. She had received scam letters from the USA and Australia, telling her she had won large prizes in lotteries and prize draws.

A man from Rugby who had savings of over £20,000 found himself in debt after sending money to postal scam fraudsters who had promised that he had won cars, lotteries and other prizes, despite the fact that he had never entered any competitions!

A South Warwickshire resident paid out over £1000 is a single month to postal fraudsters who she believed were her ‘friends’. She was told she had won a large sum of money, but instead, the fraudsters were actually selling her huge quantities of vitamin pills. In a similar case another resident was reported to have been bombarded with prize draw letters claiming she had won £133,683.64. She sent money to receive her prize, but in reality, this simply paid for some cakes and biscuits, no ‘winnings’ ever materialised.

At another residents property, Trading Standards Officers recovered over 29 bags of scam mail and in North Warwickshire a postal scam victim was regularly  sending £20 notes in the post to ‘claim a prize’ and had revealed his bank account and card numbers to fraudsters.

Warwickshire County Councillor Howard Roberts, Portfolio Holder for Community Safety said:

“We’ve all seen them, envelopes stamped ‘Euro Lottery Winner’, ‘Official Government Award’ or ‘Good Luck Inside’ and most of us will immediately consign them to the recycling bin.  Unfortunately though some people do respond, sending money, cheques and in some cases their bank account numbers and PINS. These people are then drawn in to the scam, paying out ever more money in the hope of receiving a pay-out that will never come.”

“In Warwickshire, our Trading Standards Officers are working locally with Royal Mail postal workers and nationally with the National Scams Team to identify and support these victims, intercepting their letters and returning their money.”

Most postal scams rely upon the recipient believing they have won a lottery prize or are entitled to a gift or Government pay-out, in return for an ‘administration fee’. In reality, the cash prize or pay-out never materialises and the ‘gift’ is usually worth considerably less than the cost of receiving it. Some postal scams, particularly those sent by bogus clairvoyants are more sinister, frightening recipients into paying out for ‘lucky charms’ to avoid receiving bad luck, which it is claimed, might endanger themselves or their families.

The names and addresses of those who respond regularly to scam mail are shared or sold on, leading to victims to being bombarded with even more bogus post.

Across the UK reports of scams and frauds have risen by 8% this year to an estimated 3.6 million cases. UK residents are believed to lose over £10 billion to frauds and scams each year.

How to Protect Yourself and Your Loved Ones from Scam Mail

  • Always ignore letters with offers that sound too good to be true, they probably are.
  • Be wary of letters that tell you to keep things a secret or instruct you to act quickly
  • Never provide bank details to people you don’t know and don’t share personal details or official documents
  • You can’t win a competition you didn’t enter
  • Never send money to receive a prize or Government pay out
  • Receiving large amounts of post or items such as cheap jewellery or ‘lucky’ objects can suggest the person is a postal scam victim. Keep an eye on friends and family.
  • Fraudsters buy names and addresses from marketing companies. Don’t divulge your personal details in marketing surveys, questionnaires, competitions and prize draws at home, online or in the street.
  • Make sure your details are not added to the ‘Edited Electoral Register’ (sold for marketing purposes)
  • Stay up to date with the latest local scam warnings. Sign up to the free Trading Standards email alert service at: warwickshire.gov.uk/scams or follow us on Twitter: https://twitter.com/WarksTSS

Make a consumer complaint

The Citizens Advice Consumer Service provides free, confidential and impartial advice on consumer issues. Call the Citizens Advice Consumer helpline on 03454 04 05 06 (English language).

‘Petya’ cyber attack targeting ‘everyone’: How to protect yourself

Cyber security experts are warning that consumers can also be targeted by the ransomware that has affected huge organisations around the world.

A new variant of known malware Petya is believed to be behind the chaos, which initially hit Ukraine, before spreading to companies in a number of other countries, including the UK.

However, it’s not just big businesses that are under threat.  Consumers are also at risk and should be wary if they are running operating systems that are vulnerable to the exploit, in other words if you have not patched,” Raj Samani, chief scientist & fellow at McAfee, told the Independent.

Roblox – a guide for parents | Safer Internet Centre

Childnet Education Officer Tom offers some top tips for parents to help young people stay safe on Roblox.

“In Childnet education sessions, young people and parents often mention Roblox, the popular gaming site. Young people regularly tell us how much they enjoy the different games and levels within it. This blog explains a bit about Roblox,  what to be aware of as a parent and offers our top tips on how to ensure your child stays safe. This is will include:

  1. Communication: how Roblox can be used to communicate with other users
  2. Content: what content is available on Roblox that might not be suitable for children
  3. Costs: what ways children might accidentally run up costs while using Roblox

Plus we will share our top tips for staying engaged with your children’s use of Roblox and making the most of the safety features available on the service.

Source: Roblox – a guide for parents | Safer Internet Centre

Apple Mac computers targeted by ransomware and spyware

Mac users are being warned about new variants of malware that have been created specifically to target Apple computers. One is ransomware that encrypts data and demands payment before files are released. The other is spyware that watches what users do and scoops up valuable information.

Experts said they represented a threat because their creators were letting anyone use them for free. The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor “dark web” network that acted as a shopfront for both.

How to stay secure while staying connected on vacation – Help Net Security

The wide availability of Wi-Fi networks can make it difficult to unplug and disconnect on vacation, but if consumers take that extra step and unplug they can experience a more secure trip.

Despite the benefits experienced from unplugging, most individuals still prefer to stay connected when on vacation. But when individuals put convenience over security, by using unsecured Wi-Fi access points that are easily hackable for example, they leave themselves open to the possibility of having their personal information compromised.

Source: How to stay secure while staying connected on vacation – Help Net Security

Google game teaches kids about online safety – Help Net Security

Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder. To that end, Google has launched a new program called Be Internet Awesome, which includes:

  • An online video game called Interland
  • A classroom curriculum
  • A YouTube video series

The game and learning materials are aimed at children that are between 8 and 11. Interland can be played on any of the major browsers. It leads the player through several floating islands where the challenges and puzzles they should complete will teach them about several aspects of online safety: how to choose which information to share with whom, how to choose good passwords, how to deal with online bullies, how to spot scams.

Source: Google game teaches kids about online safety – Help Net Security

Watch out! Scammers are making a fortune in the iOS App Store – HOTforSecurity

Just how much money can a scammy iPhone app make in the iOS App Store? You may be surprised. After all, how does $80,000 per month sound to you? The “Mobile protection :Clean & Security VPN” app is estimated to be have earnt its developer $80,000 per month, after tricking users into signing up for an eye-watering $99.99 per week subscription through a careless thumb press.

Source: Watch out! Scammers are making a fortune in the iOS App Store – HOTforSecurity

Rise in reports of holiday scams

 

Holiday scams are on the rise, with the number of reported cases up almost 20% year on year – from 4,910 to 5,826 in 2016 – according to Action Fraud figures.

Read more: http://www.which.co.uk/news/2017/05/rise-in-reports-of-holiday-scams/ – Which?

Read more: http://www.which.co.uk/news/2017/05/rise-in-reports-of-holiday-scams/ – Which?