Office Depot found malware in scans...not really
Office Depot and its tech partner tricked customers into buying unneeded tech support services by offering malware scans that gave fake results, according to the FTC (Federal Trade Commission). Consumers paid up to $300 each for unnecessary services.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers.
Office Depot caught claiming out-of-box PCs showed “symptoms of malware”
Between 2009 and 2016, Office Depot and OfficeMax offered computer scans inside their stores using a "PC Health Check" ... Read More
Triton got into a petrochemical plant
In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyber attack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences. It all started when someone launched a spear phishing attack and someone else clicked a link they should not have clicked.
Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As ... Read More
September 10, 2024Mark Anthony Germanos
Phishing and File Sharing
Internet thieves have long used file sharing sites and services to host their malicious files. When they do this, they typically use the underlying service to generate download links that anyone can click without logging in to the hosting service.
Over the past month we started noticing apparently legitimate Dropbox emails pushing links to files with names suspiciously similar to those routinely used by the bad guys. When we clicked the links to check, however, we were greeted with a demand to log in to the service. That's typically been a sign that the files involved were legit.
Still, something wasn't right here. Given the file names presented, we reckoned there was little chance those files were innocuous. So, we decided to log in to ... Read More
September 10, 2024Mark Anthony Germanos
Office Depot $300 scam - yes, it really happened
I'm sure you've heard something about the Office Depot $300 fraud. For a thorough explanation, see https://cybersafetynet.net/office-depot-faked-malware-scans-to-sell-unneeded-300-tech-services/. Basically, Office Depot's malware scan reported malware on computers that did not have malware. Office Depot then sold an unnecessary $300 service. Today I am writing about how that would look in other industries.
We have a high level of trust in those who provide professional services. We go to them when we sense a problem and need their training, judgement and professionalism to turn the problem into a solution. Let's see how this would play out in another industry.
Electrical
Your kitchen has a refrigerator, microwave oven and coffee maker. You discover that you can run two at the same time, but ... Read More
September 3, 2024Mark Anthony Germanos
Malware found in Office Depot malware scans...not really
Office Depot and its tech partner tricked customers into buying unneeded tech support services by offering PC scans that gave fake results, according to the Federal Trade Commission. Consumers paid up to $300 each for unnecessary services.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers.
Office Depot caught claiming out-of-box PCs showed “symptoms of malware”
Between 2009 and 2016, Office Depot and OfficeMax offered computer scans inside their stores using a "PC Health Check" ... Read More
September 2, 2024Mark Anthony Germanos
Phishing attacks leverage Boeing 737 Max warnings
Large airline crashes tend to uniquely focus almost everyone's attention. Lowlife Internet thieves exploit the fear surrounding Boeing 737 Max crashes. They leverage that fear in phishing attacks.
A new phishing attack campaign is underway that uses the recent Boeing 737 Max crashes as a way to infect workstations with both remote access and info-stealing Trojans. This new campaign was discovered by 360 Threat Intelligence Center, who posted about them on Twitter and include a VirusTotal link which shows the AV engines that catch it.
These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, ... Read More
September 1, 2024Mark Anthony Germanos
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities
Cyber thieves seeking sensitive data on high net-worth individuals will pay an average of $360,000 per year to target executives, lawyers, doctors, and other prominent figures, researchers discovered. The money comes through extortion
The Digital Shadows Photon Research Team today published "A Tale of Epic Extortions," a deep dive into the ways cybercriminals prey on individuals' online exposure. Extortionists take advantage of compromised credentials, sensitive data (documents, intellectual property), and technical vulnerabilities on Internet-facing applications to convince their victims to pay up.
Extortion has a human element
"The extortion landscape is broader and more diverse than any of us thought before we started," says Rafael Amado, senior strategy and research analyst with Digital Shadows.
Oftentimes, he continues, the technical ... Read More
August 21, 2024Mark Anthony Germanos
LinkedIn ads used to spread malware
The context of contacting the victim via LinkedIn may be all that was needed to trick one job seeker into installing malware on the network of a bank. Sometimes credible sites are avenues of malware distribution.
Imagine you’re on LinkedIn and you see an ad for an open position that you’re perfect for. See anything wrong with that? Given you’re on a website that knows your job title, industry sector, location, etc. I’d say none of us would give it a second thought and assume it was legitimate.
That was exactly what hackers were hoping for when they used LinkedIn ads to target employees of the victim bank (which include company as a part of their ad filtering). A bank employee responded ... Read More
August 9, 2024Mark Anthony Germanos