In the News

Employment scams as phishbait. Data use transparency. Vishing, as a spoofed utility.

Jun 4, 2021 The CyberWire

At a glance.

  • Employment scams.
  • Survey: Americans want more transparency about the handling of personal data.
  • Vishing in Seattle.

Employment scams: all in a day’s work.

It turns out if you have a job, lost a job, or are looking for a job (so, in short, anyone), you could be at risk for identity theft. In April, the US Federal Bureau of Investigation released an advisory warning that threat actors are using fraudulent job postings to swindle victims out of their personal information, and Proofpoint details several employment scams. As the CyberWire noted recently, cybercriminals are taking advantage of the increased demand for unemployment benefits due to the pandemic to commit unemployment fraud. A business email compromise uses fake, high-paying remote work opportunities as a lure to gain the target’s trust, with the possible goal of using the victim as a money mule, convincing them their activities are all part of the new job. A highly sophisticated campaign involves a job offer message linking to a website that automatically downloads the More_eggs downloader, a JavaScript backdoor that profiles the victim’s machine and installs additional payloads. 

Study shows Americans want increased transparency about data handling.

A study conducted by API management firm Axway shows most Americans desire more clarity about how their data are being handled by the companies with which they interact. After surveying about one thousand adults, Axway found 82% wish they knew exactly what data companies were collecting, while only 39% felt they understood how their data is being stored. And as 59% see the value of sharing their personal data to improve user experience, 75% choose to work with companies they feel are working to protect their data. “Whether in energy, health, finance, or retail, companies are trying to stand out and provide brilliant digital experiences while also complying to industry data privacy and security requirements, which is no simple proposition,” Axway VP and Chief Catalyst Brian Pagano explained. It’s worth noting that Axway found respondents were overwhelmingly positive about Apple’s App Tracking Transparency framework, and 75% felt other operating systems should employ a similar approach.

Utility provider sheds light on vishing scam.

Washington state utility company Seattle City Light is alerting the public to an operation in which scammers are posing as bill collectors and using the threat of a power shutoff to convince the target to reveal payment details over the phone, the Seattle Times reports. Seattle City Light explains employees would never request payment via phone, email, or even a home visit, and that a shutoff would be preceded by multiple warnings. Victims are advised to report any incidents to Seattle City Light or local police.