Hey there, FixMeFans and StartMeStars! We’re back with another edition of our weekly cybersecurity roundup where we deliver the most recent comings and goings of the cybersecurity world.
This week we’re bringing you news about the rise in Walmart-related phishing attacks, how Interpol has intercepted $83 million in a recent cybercrime bust, and how the Danish secret service has allegedly been helping NSA spy on European politicians.
There’s a reason phishing scams are so prevalent nowadays – it’s because they work. Cybercriminals will combine spam emails, social engineering, and malicious attachments to infiltrate your computer and steal your personal data, often masquerading as legitimate companies to lure you in.
Recently, a new email phishing campaign has come into play; this time, it’s from scammers pretending to be Walmart.
In this new campaign, scammers have posed as Walmart and sent emails with a subject line of “Your Package delivery Problem Notification lD#” stating that they could not deliver your package because your address is incorrect. “Unfortunately we were not able to deliver your postal package in time because your address is not correct. Please reply to us with the correct shipping address,” the phishing email reads.
If victims click on the “Update Address” button, the phishing email will cause your mail program to create a new email with the subject ‘Update my Address!’ that will be sent to multiple email addresses under the attacker’s control. The phishing email will then prompt the victim to send their address to the scammers, which will inevitably be used for identity theft attacks, gaining access to other accounts, or perform targeted spear-phishing attacks.
If you’re afraid you might become the next victim of a phishing campaign, make sure to take these things into consideration next time you receive a suspicious email:
- Don’t open any emails or attachments from anyone you don’t know.
- Keep an eye out for typos – since these emails will masquerade as legitimate companies, the quality of the email needs to match the quality of the company. If you see typos, blurry logos, or badly phrased sentences – it’s likely a scam.
- Keep personal information private – assess the situation – does it seem necessary or appropriate to be giving this information away? Never give out your social security number, credit card or bank information, or any other confidential personal information.
- Download an adblocker – this will prevent popup ads from invading your browsing experience, in turn helping you to avoid clicking on a malicious files.
- Have your antivirus turned on – McAfee Total Protection will help protect you while you’re browsing.
Need more information? You can read up about the new phishing campaign here.
With cybercrime on the rise, it makes sense to see a lot more Interpol cybercriminal busts take place. Just last week, Interpol announced that they had successfully concluded a seven-month operation into a massive cyber fraud ring operation. The cybercriminals had allegedly hijacked over $83 million in funds from victims during their international crime spree.
Interpol’s operation, HAECHI-I, began in September of 2020 and initially focused on financial cybercrime in Korea. After following several leads, the operation expanded to involve investigators from Cambodia, China, Indonesia, Korea, Laos, the Philippines, Singapore, Thailand, and Vietnam. The charges have been laid for a variety of different crimes, including investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Through their investigation, they were able to intercept $83 million belonging to the victims of the cybercrimes, which then allowed them to make the arrests of nearly 600 individuals worldwide.
Curious? You can read more about the bust here.
Initially covered by a Copenhagen-based public broadcaster, reports have come through that the U.S. National Security Agency (NSA) used a partnership with Denmark’s foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014.
Using the telephone numbers of politicians as search parameters, the report alleged that the NSA “intercepted everything from text messages to phone calls that passed through the cables on their way to and from the phones of politicians and officials.” Apparently, the spying operation had used software called XKeyscore in a data center located at Sandagergårdan to search and analyze data streams flowing in and out of the internet cables. XKeyScore is a data-retrieval system that enables unlimited surveillance of people anywhere in the world, allowing the intelligence agency to track individuals, read emails, and listen in on their telephone calls and browsing histories.
The latest reports are a result of a 2015 report which indicates that Danish intelligence helped the U.S. agency spy on Danish foreign and finance ministries as well as a weapons manufacturer.
You can read more about the situation here!
That’s all for this week’s roundup folks! We hope you’re staying safe with all that’s going on, especially when it comes to your cybersecurity!