300K Leaked Data Goldmine for Scammers Amazon Shopify | efani SAFE

Security researchers have found a misconfigured cloud-hosted database leaking over 300,000 records, including sensitive personal information on e-commerce buyers.

A team at Safety Detectives found the leaky Elasticsearch database on July 25 this year but claimed the content had been exposed without any password protection or encryption since November 2020.

Its efforts to close the leak have so far proven unsuccessful, after hosting firm Alibaba did not reply to the team’s outreach, and the identity of the database owner remains a mystery.

All Safety Detectives has been able to ascertain from the 500MB data leak is that the owner is a Chinese ERP provider serving businesses that sell goods on platforms like Amazon and Shopify.

Around half of the 329,000 exposed records contained buyers’ names, phone numbers, email, billing, and delivery addresses, according to the report. In some cases, seller names, email addresses, and billing information were also leaked.

German, French, and Danish e-commerce customers featured among the haul, with as many as 150,000 potentially exposed, the report claimed.

The leaked data would be a goldmine for scammers, who are past masters at reusing personal information in follow-on phishing and identity fraud attempts designed to elicit more sensitive financial info.

“Home addresses are available on the database too. This makes home invasion/burglary a real possibility if personally identifiable information (PII) is sold on to other criminals. Thieves may target users who make high-value orders in the hope the victim’s house is full of expensive goods,” the report claimed.

“Theft of ordered goods is another risk associated with leaked order details. Tracking links, shipment times, courier information, delivery addresses, and order information provide criminals with enough data to intercept and steal a user’s ordered goods.”

If the database owner is finally tracked down, they could face investigation from regulators of both the GDPR and China’s new equivalent legislation, the Personal Information Protection Law (PIPL).

Shopify powers a lot of the e-commerce world. As a result, both consumers and business owners face the prospect of scams. After all, where there is money to be made, there are individuals looking to take advantage.

Fortunately, as Shopify continues to flourish, the platform certainly offers way more good than bad. However, everyone should be aware of the downsides (like everywhere on the internet) of a massive platform. To help, a few of the most well-known Shopify scams target consumers and business owners.

Off Platform Sales Scam
A common scheme starts off with a trusted purchase process. The so-called direct client scheme turns into a scam as routine purchases move off the e-commerce platform. For example, a “real” site with true inventory seeks consumers. Customers find the site and make a purchase. The scam site sells and delivers the merchandise as expected.

Everyone is happy. However, after a few purchases, the scammers reach out and request a sale completed off the trusted platform due to excessive fees. The consumer makes the purchase, but the merchandise is never provided. In the end, the scammer makes a little profit from each good sale and then a lot on the final sale.

 

Language Pattern Analysis to Detect Social Network Attacks

Sontiq BreachIQ Data Breach Report: Week of Nov. 22 · Is Ransomware a Technology Pandemic in the Making? 8 Security Developments to be Thankful

Attacks by scammers appear to make sophisticated use of language ideology to abuse trust relationships. Language that indexes Africans allows perceived “authenticity” to be constructed in a way that breaks down a victims’ defenses — a variety of linguistic devices are used as attack tools.

Much of the success of a cross-cultural scam therefore comes from the ways in which attackers seem able to take advantage of victims’ ethnic, racial, religious, and especially linguistic stereotypes. The scams invite people to empathize and assist someone foreign in a struggle to save their heritage or their health. Victims are lured into the most remarkable investment opportunities as scammers portray themselves as hapless victims of interethnic warfare, or as simple bank clerks who have discovered unclaimed fortunes. The trusting individuals who embark on interethnic adventures soon find their bank accounts plundered, their life savings gone.

We propose use of language pattern analysis to help. Applying the tools of linguistic anthropology to a collection of five years’ worth of “African” scam email messages, we believe we have discovered a pattern for many of the linguistic and cultural devices through which the relevant stereotypes are accessed.

This paper discusses the linguistic pattern used by scammers, revealing language ideologies in question. It also demonstrates how linguistic anthropology can be applied to the challenge of developing linguistically and culturally adaptive controls for communication security.

Full 2006 paper (PDF updated Nov 2021): ottenheimer_Urgent-Confidential

 

Hackers hit Robinhood (HOOD) Biggest Brokerage Vishing Attack | efani

Vishing attack update: The call was coming from inside the company. Or so it seemed when the mobile phone of a customer-service representative for Robinhood Markets Inc. lit up on the evening of Nov. 3, 2021.

More than an hour passed and the conversation went on and on. The caller reeled in the hapless employee. By the time it was over, that one Robinhood rep had unwittingly handed over keys to the personal information of about 7 million customers. this is believed to be one of the biggest retail brokerage cyber-breaches of all time just by the number of accounts affected.

Robinhood didn’t learn of the lapse until the rep got home and told a relative about the strange call. That was when the rep was promptly advised to escalate it, according to a person familiar with the matter. Only then did the employee inform the company, whose free trading app caught fire with young people buying meme stocks, options and crypto during the pandemic, at times with devastating results.

Robinhood declined to comment on the agent’s performance. It said separately that, to its knowledge, no Social Security numbers or data about debit cards or bank accounts were compromised. Nor did customers incur financial losses, according to the firm.

Other technology companies have fallen victim to vishing attacks. In July 2020, for instance, hackers manipulated several popular Twitter accounts, including those of Joe Biden, Elon Musk, and Jeff Bezos, Jack Dorsey, and used the information to target employees with access to account-support tools.

Don’t become a statistic. Every second 3 Americans become victims of cybercrimes, with cell phone hacking becoming more and more common.

Unfortunately, traditional cell phone companies are not doing much to protect you. But it is not all bad news, there is a cellular phone company named efani that has stepped up and made it more difficult for hackers.

Replace your existing mobile service plan with a secure efani SAFE plan today, No Contract! efani is a secure mobile service with an encrypted SIM Card that secures your mobile account from potential SIM Swap vulnerabilities, your personal information, as well as $5M insurance coverage per individual in the event of loss as a result of a SIMSwap.

The SAFE plan comes with a 100% money-back guarantee for 60-days includes:

You’re protected up to $5 million for financial losses resulting from a SIM hack. (includes: Crypto, Banking, Brokerage & Other Losses)

Secure your assets, privacy, and phone Toll-Free 1- (833) MY-EFANI that’s 1-833-693-3264 or visit the website at https://thenfg.com

Roblox Suing Player $1.6 million Fraud Breach Contract | efani Partner TheNFG.com

The lawsuit claims YouTuber leads a “cybermob” that terrorizes Roblox and its staff, seeks $1.6 million in damages

Roblox has filed a lawsuit against a player who was permanently banned from its platform, claiming he has been harassing and threatening both the company’s staff & events.

The complaint was filed in the Northern District of California court earlier this week, shared by Polygon, and is against Robert Simon, a content creator also known as Ruben Sim.

Roblox’s lawsuit centers around six counts, including fraud, breach of contract, and violation of the California Comprehensive Computer Data Access and Fraud Act.

The company is seeking $1.6 million in damages.

Roblox’s legal counsel described Simon as the “leader of a ‘cybermob’ that with malice, fraud, and oppression, commits and encourages unlawful acts designed to injure Roblox and its users.”

According to the lawsuit, Simon has gathered more than 760,000 subscribers to his YouTube channel since his ban, as well as over 24,000 Twitter followers, plus paid Patreon subscribers and followers on Discord and Reddit.

The lawsuit claims: “The focus of his social media content is targeted at spreading injurious content, including false accusations about Roblox, its employees, and other users. His social media followers have become a cult-like ‘cybermob’ that echoes Defendant Simon’s conduct and harassment of Roblox employees and users.”

The lawsuit claims Simon’s behavior involved posting fake terrorist threats against Roblox’s events, as well as glamorizing the 2018 shooting at YouTube’s headquarters and “threatening/taunting a copycat act of terrorism” against Roblox’s headquarters.

In one example, Simon reportedly posted tweets and messages about police “searching for [a] notorious Islamic Extremist” at last month’s Roblox Developers Conference 2021. He posted enough messages that the police did temporarily shut down the event.

Polygon reported these tweets have since been deleted.

Roblox claims the incident cost them $50,000 to investigate and secure the conference.

The lawsuit also accuses Simon of circumventing measures to enforce his ban and instructing other banned users on how to do so. He also has allegedly been cyber-bullying and harassing Roblox staff and management.

efani | Crypto Cell Phone SIM Port Hijacking Identity Theft

“SIM swapping” (also known as “SIM hijacking”) is a growing crime and form of identity theft in the telecommunications world that requires little more than a thorough Google search, a willing telecommunications carrier representative, and an electronic or in-person impersonation of the victim. To perpetuate the theft, the cellphone service provider allows an unauthorized person access to a wireless telephone account without the knowledge of the account holder. In several instances, SIM swap thieves have invaded victims’ bank accounts and stolen assets like cryptocurrency. Cryptocurrency, in fact, is one of the primary targets of SIM swapping thieves. As one of the nation’s leading advocates for cryptocurrency investors, we are uniquely skilled and prepared to assist victims of such theft in pursuing their claims and their efforts to recover their stolen assets.

A subscriber identity module, widely known as a “SIM card,” stores user data in cellular phones on the Global System for Mobile (GSM) network — the radio network used by companies such as AT&T and T-Mobile to provide cellular telephone service to their subscribers. SIM cards are principally used to authenticate cellphone subscriptions; as without a SIM card, GSM phones are not able to connect to AT&T’s or T-Mobile’s telecommunications network. Not only is a SIM card vital to using a phone on these networks, but the SIM card also holds immeasurable value as a tool to identify the user of the phone — a power that can be corrupted to steal the identity of that user. Silver Miller represents several victims in currently-active cases against AT&T and T-Mobile in this rapidly emerging area of theft and is investigating and evaluating additional claims against AT&T, Verizon, T-Mobile — as well as their off-brand or sub-brand resellers Cricket Wireless, Boost Mobile, Virgin Mobile, and Metro PCS — at the present time.

efani.net News | T-Mobile to Settle 2020 Outage for $19.5 Million

T-Mobile USA agreed to settle a U.S. probe for $19.5 million after a massive 2020 outage led to more than 20,000 failed 911 emergency calls.

The settlement was prompted by a Federal Communications Commission investigation into a more than 12-hour outage in June 2020 that led to congestion across No. 3 wireless carrier T-Mobile’s networks, and caused “the complete failure of more than 23,000 911 calls.”

T-Mobile as part of the consent decree with the FCC has also agreed to make new commitments to improve 911 outage notices.

An October 2020 FCC report found the T-Mobile outage disrupted calling and texting services nationwide and access to data service in some areas. It resulted in at least 250 million total calls failing.

The FCC estimated “over 250 million calls … from other service providers’ subscribers to T-Mobile subscribers failed due to the outage” and “at least 41% of all calls that attempted to use T-Mobile’s network during the outage did not complete successfully.”

T-Mobile said Tuesday it has “built resiliency into our emergency systems to ensure that our 911 elements are available when they’re needed. Following this outage, we immediately took additional steps to further enhance our network to prevent this type of event from happening in the future.”

Then-FCC chairman Ajit Pai said the FCC staff report showed the company did not follow established network reliability best practices that could have potentially prevented or mitigated the outage.

The FCC report said the outage was caused “by an equipment failure and then exacerbated by a network routing misconfiguration that occurred when T-Mobile introduced a new router into its network.”

T-Mobile said earlier its network experienced an 18% reduction in completed calls during the outage but in the report acknowledged network congestion “likely required many of its subscribers to make 2-3 call attempts before successfully connecting.”

efani.net | 3 Quad-Cities municipalities victim to cyber attacks

Scammers pretending to be Brandt Construction emailed a city of Rock Island accountant to update automatic payment information. After the fraudsters returned a form, the accountant called their company contact to confirm, following the city’s usual practices, only to discover it was fake. Scammers, that time, weren’t paid.

In Bettendorf, the city’s human resources director fielded an emailed request asking to change City Administrator Decker Ploehn’s direct deposit information. When the director, Kathleen Richlen, walked a paper form to Ploehn, he greeted her with surprise. He hadn’t requested a change. Again, the scammers were foiled.

In Rock Island County, scammers impersonating a construction company sent a June 1 email asking the county to update its banking information. The attached documentation looked convincing — a change-account document available on the county’s website and a letter from the vice president of commercial banking at Citizens Bank in Macomb, Ill., verifying the account and routing numbers. The county changed the information, and 18 days later wired $97,042 to the fraudulent account. A month later, another $18,061 was sent before the scam was discovered.

efani | Vestas Wind Systems has reported a data breach

Vestas Wind Systems has reported a data breach against its corporate IT systems that caused shutdowns across its business units.

Vestas Wind is gradually opening up its IT systems in the wake of shutdowns last Friday to contain the damage.

Danish Vestas Wind Systems, manufacturer, seller, installer, and servicer of wind turbines, which has recently been exploring ways to expand its UK operation, has reported an attack against its corporate IT systems that caused shutdowns across multiple business units and locations to contain the issue.

On Monday the company announced that some of its IT infrastructure and internal data have been compromised but also pointed out that according to preliminary findings, there is no indication that third-party operations including customer and supply chains have been caught up. The gradual and controlled reopening of all IT systems is already underway. Although the attack bears the hallmarks of a ransomware attack, Vestas refused to offer any information regarding the specific nature of the attack at this stage.

Ransomware attacks against critical infrastructure, especially healthcare and energy are becoming increasingly common, and cybersecurity experts have already indicated that green energy generators may become targets too.

Vestas, one of the world’s largest manufacturing companies already had a difficult year before the incident. In 2021, it has lowered its operating profit forecasts twice, taking it from 10 to 4 percent. Vestas blamed supply-chain issues and material prices for the deteriorating outlook – steel prices rose by almost 50 percent between the start of 2020 and October 2021. The fact that the price has crashed back down by 25 percent in the past few weeks may improve the company’s fortunes again and help it recover from the 2.63 percent share price drop it suffered on the Nasdaq Copenhagen following the IT breach update.

efani | United Health Centers of the San Joaquin Valley Data Breach

United Health Centers of the San Joaquin Valley announced on Friday it was the victim of a data breach incident that apparently began in August.

The Fresno-based federally qualified health center has a couple of dozen clinics in the Central Valley. The system delivers about 200,000 medical, dental, and other service encounters per year.

On Aug. 28, UHC experienced a disruption to certain computer systems that an investigation a day later determined “was caused by an encryption event.” UHC’s electronic health record system was not impacted.

“UHC worked expeditiously to restore its systems from available backups to avoid an interruption to patient care,” according to a news release.

On Sept. 22, UHC determined that some of its related data had been published to an unindexed website, more commonly known as the “dark web.” Information that may have been impacted includes demographic and clinical information such as names, addresses, dates of birth, Social Security numbers, diagnosis, provider, and medication information.

UHC is currently working with a third-party service provider to confirm the type and full scope of the incident.

“Once UHC has completed its investigation, which includes a detailed review of the potentially impacted data to determine the types of information involved and to whom it relates, UHC will provide written notice directly to impacted individuals,” according to a news release.

Catphishing Fake LinkedIn profiles| efani Partner TheNFG.com

Identity theft. Catphishing in LinkedIn.

Singapore fines travel service for a data breach.

Fake LinkedIn profiles: too real to be true.

Intelligence blogger @hatless1der discovered an operation in which fraudsters are taking advantage of the implicit trustworthiness of the professional networking platform LinkedIn. Scammers create profiles that seem aboveboard at first glance by using AI-created photos, a tagline involving consulting or hiring, recognizable employment history, believable endorsements, and a realistic network of connections. The giveaway is that many of the bios use exactly the same, generic, wording. What, exactly, the scammers are after is unclear, but users should be wary of connection requests from unfamiliar accounts.