At a glance.
- Intuit spoofed in tax season phishing.
- Actually, those suspicious-looking Equifax messages are legit...
- Illinois county releases data breach investigation results.
- Confusing new privacy settings in Google Workspace.
- Target open-sources Merry Maker skimming detector.
Intuit warns customers of phishing operation.
Phishing scammers are impersonating accounting and tax software provider Intuit and sending targets fake warning emails threatening account suspension, Bleeping Computer reports. The messages read, “We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours,” and, in an ironic turn, even use a security update as an excuse for the action. If the victim clicks on the included link, they’re directed to a phishing site that will deploy malware or harvest their personal data. Intuit is notifying users of the scam, warning that the company is not associated with the emails.
Erich Kron, security awareness advocate at KnowBe4, wrote that this is common, and expected, criminal behavior:
“This is not an unusual way for cybercriminals to use to trick people into logging into their accounts on a fake website, allowing them to steal the user's credentials. These kind of attacks are certain to ramp up during tax season as we are seeing now.
"To protect themselves, people should be careful following any links in emails. It is a good idea to go directly to the website and log into the account, where any notifications or issues with the account would be made obvious, as opposed to clicking on links in emails. In addition, on any website where you were entering a username and password, you should check the URL bar to ensure you are at the legitimate organization's website.”
Tim Erlin, VP of strategy at Tripwire, also notes the prevalence of phishing as a threat to enterprises of all kinds:
“Phishing continues to be a popular means of attack because it continues to work. It only takes one user to click in order for the phishing campaign to be effective for the attacker. It’s very difficult for an organization to prevent phishing attempts because they don’t require any compromise of infrastructure that organization controls. While we try to addressing phishing with technological solutions, the problem remains a primarily human one.”
Those Equifax settlement messages are legit.
Meanwhile, KINGfive.com is informing consumers that emails they might receive about an Equifax settlement may not be part of a scam. The messages reference a data breach settlement, the result of a class-action lawsuit against Equifax filed by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau, and fifty US states and territories for the company’s 2017 data breach. The incident, which was determined to be the fault of Equifax, which was held to have not properly secured personal information, exposed the data of nearly 150 million Americans and is considered one of the largest data breaches in history. Recipients of the emails might be confused, as the FTC has previously warned customers to be wary of scam emails appearing to come from Equifax.
Illinois county releases details about recent data breach.
St. Clair County, located in the US state of Illinois, is notifying six hundred individuals this week that their data were compromised in a breach that occurred in May 2021. Having concluded their eight-month investigation into the incident, county officials have determined that the victims include both residents and non-residents who had received services or conducted business with various county departments or offices. Governing.com reports that the compromised data include names, addresses, dates of birth, Social Security numbers, driver's license or ID card numbers, as well as medical and health insurance info.
However, the county is not releasing any details regarding the attackers or any ransom negotiations, as a federal investigation is still underway. Jeff Sandusky, the county's information technology director, explained, "My goal is to make sure we share as much information with the public as we can — because they have a right to know — and to make sure that people understand we are doing everything we can in a very challenging world to protect their data while providing the services that they need.”
Google Workspace privacy settings become even more incomprehensible? (To some, anyway.)
Google is reorganizing some of its Google Workspace controls, and in doing so, reactivating some user tracking features, even if the user had previously disabled them. Starting March 29, the "Web & App Activity" controls settings will be split in two, creating a new settings section they’re calling “Search History.” Google has begun notifying Workspace administrators of the change, but even employees agree that the modifications are confusing, so Ars Technica offers a breakdown.
The settings in question already earned Google a number of lawsuits for their poor wording, and leaving them on gives Google permission to save all of your activity (in exchange for better autocomplete functionality). The changes mean that, instead of privacy settings being split across two (already perplexing) switches, they will now be split across three, and the apps covered by each are being rearranged. The change only impacts paying Workspace customers, and Google’s terms explain that "Google never uses your data in Google Workspace core services for advertising." In other words, they’re saving the data, just not using it for ads. It’s no wonder a user involved in one of the aforementioned lawsuits said the settings seem to be "designed to make things possible, yet difficult enough that people won't figure it out."
Target open-sources the software for its proprietary card-skimming detection tool.
In what should be a gesture welcomed by other retailers (and their customers) US retail giant Target has, BleepingComputer reports, decided to open source Merry Maker, its proprietary skimming detector. Merry Maker has a good reputation, and it's nice to see Target making good on a claim one often hears from retailers and elsewhere, that they don't compete on security. Target's decision will benefit the retail sector as a whole.
Kunal Modasiya, senior director of product management at PerimeterX, is among those who are saying, bravo, Target:
"Today's modern e-commerce businesses are challenged with an ever-evolving threat landscape. This includes sophisticated attackers using new techniques to launch attacks that steal the customer's personal identity and payment card information.
"We applaud Target's effort in open-sourcing the proprietary "Merry Maker" scanner, which has allowed this major American retailer to strategically fight credit card skimming - a good step toward helping the retail community.
"Today's e-commerce businesses need to stop the theft, validation and fraudulent use of account and identity information everywhere along the digital journey. This all starts with a comprehensive solution that helps them to discover PII, PCI, and compliance violations in real-time, while mitigating the risk.
"By taking proactive measures, businesses can disrupt the web attack lifecycle and protect their brand's reputation.”