At a glance.
- International operation takes down spoofing website.
- Professional fouls: World Cup scams identified.
- Data breach in California county.
- Pediatric health data exposed in software company data breach.
International operation takes down spoofing website.
Authorities in Europe, Australia, the US, Ukraine, and Canada joined forces to take down iSpoof, a service that helped cybercriminals impersonate trusted corporations or contacts with the goal of swindling them out of money. The operation, which provided a paid-for service that gave clients the ability to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords, resulted in the theft of over £100 million from its targets. CSO Online explains that a coordinated action led by the UK and supported by Europol and EU judicial cooperation agency Eurojust resulted in the arrest of 142 suspects, including the main administrator of the iSpoof website. Naked Security notes that over one hundred of those arrests were in the UK alone, and up to 200,000 UK citizens had fallen victim to iSpoof’s crimes. Europol reports that during the sixteen months the website was in operation, it took in $3.8 million in fees. London’s Metropolitan Police Commissioner Mark Rowley stated, “Met is targeting the criminals at the centre of these illicit webs that cause misery to thousands. By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals, intent on exploiting often vulnerable people.”
Professional fouls: World Cup scams identified.
We’ve previously noted that this year’s politically-charged FIFA World Cup in Qatar also has privacy experts warning of potential threats to participants and spectators alike. The threat intelligence researchers at Group-IB have identified a number of scam and phishing attacks targeting individuals seeking tickets, official merchandise, and employment at the massive international sporting event. This includes over 16,000 scam domains and dozens of fake social media accounts, advertisements, and mobile apps aiming to capitalize on World Cup interest, and the researchers already discovered over ninety potentially compromised accounts on official FIFA World Cup 2022 fan ID portal Hayya. The passwords to these accounts were acquired by cybercriminals leveraging info-stealing malware such as RedLine and Erbium, which are easily attainable on the dark web. Four different scam and phishing operations were identified, including a fake World Cup merchandise website boasting over 130 social media advertisements to drive victims to the site. Researchers also identified five phishing websites and more than fifty social media accounts targeting fans looking for World Cup tickets.
Added, 10:30 ET, November 30th, 2022.
Joe Gallop, Manager of Intelligent Analysis at Cofense, wrote to point out that the immediate scams won't be the end of the story. PII compromised in the incidents will enable future criminal activity as well:
“Fans around the world have been eagerly awaiting soccer’s biggest event since 2018, but cybercriminals have used the global fanfare to take advantage of audiences with scams. Cybercriminals seek to use the World Cup’s global forum to achieve a variety of ends, including financial gain, ideological promotion or surveillance or cyberespionage purposes. Phishing, as a threat vector, targets the habits, concerns, and interests of humans. Any issue currently making waves on social media is a lure option for the phishers, since it's safe to assume that a significant percentage of the population is aware of it and potentially interested or even concerned about it. The World Cup is no exception.
"Threat actors will unfortunately use PII to expose victims to future fraud and scams. It is critical to note that, even when conducting phishing campaigns that take advantage of a massive event like the World Cup, threat actors may often simply add that theme to others that are tried and true. The themes of account verification, overdue payment/invoice, and order confirmation are very common within phishing campaigns, and the majority of phishers won't switch entirely from those extremely broad themes to a more narrow sporting theme just for the period in which the World Cup holds attention. By combining the two, however, a threat actor can attempt to get the best of both worlds, playing on fans' interest while still forcing a sense of urgency. Doing so probably reduces their potential victim pool, but also might increase the likelihood of success against particular users. Users should always be wary of unexpected emails that request payment or personal information.
"As phishing campaigns continue to become increasingly common, it is essential that the necessary steps are taken to protect inboxes, detect threats, and respond to attack. Adopting actionable intelligence that gives visibility into the risk factors in your network and immediately and decisively responses to phishing threats will help keep malicious actors at bay and ensure the protection of sensitive data.”
Data breach in California county.
The Department of Social Services in Tehama County, located in the US state of California, has disclosed a data breach in which an intruder gained unauthorized access to the department’s IT network between November 2021 and April 2022. Action News Now reports that the compromised data include names, dates of birth, social security numbers and driver's license numbers. The county has begun notifying the potential victims, which include recipients of services as well as employees, and is offering free credit monitoring and identity theft protection.
Pediatric health data exposed in software company data breach.
Connexin Software, a company that offers pediatric health IT solutions, suffered a data breach in August that impacted over 2.2 million individuals and nearly 120 pediatric physician practices. Health IT Security explains that in late August Connexin discovered a “data anomaly” on its internal network. It was determined that an unauthorized party had accessed an offline set of patient data used for troubleshooting and data conversion, which included demographic information, Social Security numbers, treatment information, billing and claims information, and health insurance information. Connexin explained, “The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all.”