Security Stop Press : Airline Awareness : Fake X Accounts

Consumer association Which? has warned that scammers are posing as airline customer service representatives on social media to steal sensitive data.

Which? says that scammers are crawling social media (often using bots) to find customers contacting airlines, and then contacting them or infiltrating their existing conversations with an airline via fake ‘X’ (Twitter) accounts.

Which? reports that it has “found examples of bogus X accounts impersonating every major airline operating in the UK, including British Airways, EasyJet, Jet2, Ryanair, Tui, Virgin Atlantic and Wizz Air” and that some have even paid for a blue tick in order to appear genuine. Also, Which? claims that the scammers are often faster at responding than the real airlines!

Tactics scammers have been using to steal data for use in identity fraud or to sell to other criminals include sending victims legitimate looking DMs, directing victims to phishing websites (to harvest card details), and using claims of compensation entitlement to trick victims into downloading a payment (money transfer) app such as Remitly, Skrill and WorldRemit.

The advice is this : before engaging with a company on social media, to check the official website for links to its social media profiles, check when an account joined X, and to check how many followers it has to help reveal whether it is genuine.

Security Stop Press : Google Maps Data Security Announcement

Google has announced that Google Maps Timeline (formerly known as Location History) data will be stored locally on users’ devices instead of their Google account (in the Cloud) from December 1, 2024. Timeline helps users track routes, trips, and places they have been to over time if Location History and Web & App Activity settings are enabled.

The change, first announced in December 2023, is understood to be a move to help with user privacy and control of their data, e.g. following allegations that Google misled consumers and illegally tracked their movements despite turning off Location History, and to reduce the risk of unauthorised access and data breaches.

Also, the move may help Google to comply with increasing data protection regulations. Google says, however, that since the data shown on a user’s Timeline comes directly from their device, Timeline won’t be available on Maps on the user’s computer after their data is moved to their phone but there is the option for users to back up Timeline data to the cloud with end-to-end encryption.

Security Stop Press : $6 Million Fine For Deepfake Robocalls

A political consultant who paid a local street magician $150 to make a deepfake anti-Biden robocall, asking people not to vote in the New Hampshire Democratic primary, is now facing $6 million fine.

It’s been alleged that Steven Kramer, 54, of New Orleans, commissioned and paid for the bogus Biden AI deepfake voice call, used ID spoofing to hide the source, and hired a telemarketing firm to play fake recording to 5,000+ voters over the phone.

Mr Kramer now faces felony charges of voter suppression and misdemeanor impersonation of a candidate and faces the multi-million dollar fine from the US Federal Communication Commission (FCC) for the bogus call. This is likely to send a powerful message to those looking to misuse AI deepfakes in this year’s US presidential election.

Security Stop Press : Insurance Industry and Security Coalition To Tackle Ransomware

Three major UK insurance associations have united in a coalition with GCHQ’s National Cyber Security Centre (NCSC) to help reduce ransom payments made by victims of cybercrime.

The Unprecedented cross-sector coalition is comprised of the NCSC and the Association of British Insurers (ABI), British Insurance Brokers’ Association (BIBA) and the International Underwriting Association (IUA).

With Ransomware being the biggest day-to-day cyber security threat to UK organisations, the coalition, working closely with the NCSC, has developed a set of guidelines and a frameworks for a broad range of stakeholders including insurance providers, businesses, and cyber security professionals, aimed at reducing the frequency and impact of ransomware attacks.

NCSC CEO Felicity Oswald said: “It’s really encouraging to see all corners of the insurance industry unite to support victim organisations with guidance that will help them to better understand their options and reduce harm and disruption to their businesses.”

Security Stop Press : WhatsApp Group Chat Scam Warning

Warnings have been issued about a new audio call scam on WhatsApp targeting family and friends. The scam involves a fraudster, most likely using a fake profile picture and display name, making an unexpected call, impersonating a member of a WhatsApp group chat. The fraudster tells the victim they’re sending them a one-time passcode (OTP) to join a for group members and asks the victim to share the passcode with them in order to be registered for the call.

However, this is in fact an access code that will allow the scammer to register the victim’s WhatsApp to a new device, take over their account, and enable two-step verification so the victim is essentially locked out of their own WhatsApp account. The fraudster then messages people in the victim’s contacts asking for money.

Hundreds of complaints to Action Fraud have already been reported and the advice for those in large group chats on WhatsApp, is to be on their guard and monitor who joins the chats.

Security Stop Press : Dropbox Data Breach

Popular San Francisco-based cloud storage provider Dropbox has confirmed that it suffered a data breach from a “threat actor” on April 24. The company says, in what it believes to be an isolated incident, the hacker “accessed Dropbox Sign customer information”. Dropbox says the data accessed included email addresses, usernames, phone numbers and hashed passwords, general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

Dropbox says that it’s found no evidence of unauthorised access to the contents of customers’ accounts, i.e. their documents or agreements, or payment information.

The company says it has “reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign, and is coordinating the rotation of all API keys and OAuth tokens.” Dropbox also says it has reported the event to data protection regulators and law enforcement.

Security Stop Press : Beware Fake, AI-Generated Investment Scams In Facebook

A recent BBC investigation has highlighted how fraudsters are using fake, AI-generated scam stories, often with bogus celebrity endorsements, as paid-for Facebook adverts that link through to fake investment scheme pages (cloaking scams).

It’s been reported that the scammers beat Facebook’s automated detection systems by first creating an ad that links through to a harmless page and after the ad has been approved, the scammers then introduce a redirect to a malicious page.

Under the Online Safety Act, online services will be required to assess the risk of their users being harmed by illegal content on their platforms. The advice is to always research, check, and verify celebrity endorsements and investment legitimacy, consult professionals, and report suspicious ads to protect yourself from fraudulent schemes.

Security Stop Press : Google’s Cookie Replacement Plans Fall Short Says Regulator

It’s been reported (WSJ) that an internal report by the UK’s privacy regulator, the Information Commissioner’s Office (ICO), has said that Google’s proposed replacements for cookies fall short in terms of protecting consumer privacy.

The ICO’s draft report reportedly says that Google’s proposed technology, known as the ‘Privacy Sandbox,’ leaves gaps that could be exploited by advertisers, potentially undermining privacy and identifying users who should be kept anonymous.

The WSJ reports that the ICO now wants Google to make changes and share its concerns with UK’s competition regulator, the Competition and Markets Authority (CMA).

Security Stop Press : Apple Warns of Mercenary Spyware Attacks In 92 Countries

Apple has reported sending threat notifications to iPhone users in 92 countries, warning them that they may have been targeted by mercenary spyware attacks. These types of attacks use software designed to infiltrate and monitor computer systems or mobile devices and are typically “state-sponsored” and are used for intelligence gathering, surveillance of dissidents, journalist, and politicians, for corporate espionage, and more.

Apple reports sending these kinds of notifications multiple times a year and says it has notified users to such threats in over 150 countries since 2021. The notifications sent by Apple contain parts such as “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” and “This attack is likely targeting you specifically because of who you are or what you do.”

Apple relies on its own internal threat-intelligence information and investigations to detect these attacks and is keen to point out that mercenary spyware attacks such as those using Pegasus from the NSO Group, are still very rare.

Security Stop Press : German Hotel Check-In Bug Prompts Fears Of Wider Problem

A researcher from Swiss security firm, Pentagrid, has reported discovering that the self-service check-in terminal at a German Ibis budget hotel could be easily fooled into leaking hotel room keycodes. This has prompted fears that similar systems in hotels around Europe could be at risk.

The researcher reported that, simply by inputting a series of six consecutive dashes (——) instead of a booking reference number, the system displayed private details like the cost of the booking, the room entry keycodes, the room number, and a timestamp that could indicate the length of a guest’s stay. The researcher highlighted how the bug could put guests at risk from thieves.

It’s understood that the owners of Ibis Budget chain, Accor Security, is developing a software fix that could correct all affected terminals in under a month.