Tuesday, July 16, 2019

Banks are now experience smart phone sms phishing attacks (breaking SSL) looking for phone PII

There seems to be a new phishing attack using SMS messages rather than email, targeting customer bank and investment accounts.
A lot of this is rather recent, but the Better Business Bureau has a typical explanation
Tonight, when I logged on to Wells Fargo, I noticed such a message about fifteen minutes later.  I thought it might be related to a long list of payments or maybe checking a secondary annuity site. 

Later I noticed that the message had come at exactly the same time as my first access. The point of such an attack is obscure;  it would make sense only if I carried a lot of data on my phone and I don’t.

If the hacker already had my cell phone, or already had access to the account “they” could have messaged me exactly as I logged in. This implies they were the man in the middle, which shouldn't happen in a bank's SSL environment.  Fortunately, I have relatively little PII on my phone.  The message would link one to an account not secured, which is another red flag. 
I’ve had only one other security issue with the iPhone, that is, occasional emails claiming gamer purchases in Indonesia or especially Belarus were charged to my Apple account, when they weren’t.
Maybe I do have a doppleganger in the non-western world. I wonder if that could surface if I were to travel abroad in non-western countries.  

Friday, July 05, 2019

Windows and small businesses continue to remain the biggest ransomware targets

Benjamin Roussey of TechGenix has an informative article from April 2019 of the seven top ranswomware threats in the next year or so, link here

He writes that small and medium sized businesses are still the easiest targets.  He notes that many still run on older versions of Windows. Many are not diligent in keeping up patches (individuals tend to do better than small companies).

He also notes that Windows is still much more vulnerable in practice than Linux or the similar Mac OS family.

Health care and doctors or PPO’s have become particularly vulnerable.
He also makes an interesting comment about AI.