One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1503295 |
| Date de publication | 2020-01-22 09:00:00 (vue: 2020-01-21 21:00:04) |
| Titre | NBlog Jan 22 - further lessons from Travelex |
| Texte |  At the bottom of a Travelex update on their incident, I spotted this yesterday:Customer PrecautionsBased on the public attention this incident has received, individuals may try to take advantage of it and attempt some common e-mail or telephone scams. Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone claiming to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on 0345 872 7627. If you have any questions or believe you have received a suspicious e-mail or telephone call, please do not hesitate to contact us. Although I am not personally aware of any such 'e-mail or telephone scams', Travelex would know better than me - and anyway even if there have been no scams as yet, the warning makes sense: there is indeed a known risk of scammers exploiting major, well-publicised incidents such as this. We've seen it before, such as fake charity scams taking advantage of the public reaction to natural disasters such as the New Orleans floods, and - who knows - maybe the Australian bushfires.At the same time, this infosec geek is idly wondering whether the Travelex warning message and web page are legitimate. It is conceivable that the cyber-criminals and hackers behind the ransomware incident may still have control of the Travelex domains, webservers and/or websites, perhaps all their corporate comms including the Travelex Twitter feeds and maybe even the switchboard behind that 0345 number. I'm waffling on about corporate identity theft, flowing on from the original incident.I appreciate the scenario I'm postulating seems unlikely but bear with me and my professional paranoia for a moment. Let's explore the hypot |
| Envoyé | Oui |
| Condensat | although i it maybe 0345 7627 872 ability about access action activities activity actor advantage ago all all be also analysis and/or animation any anyway appreciate appreciation apps are around as: scammers aspects attempt attention australian authorities aware awareness away back backdoors backups bank bear been before behind believe believing better blend bodies bottom branding breadth browser bushfires but buying call caller can case ceo certificates characters charity claiming command common comms communications companies complex compromise compromised conceivable concerning conditions confidential considering consumers contact control controls controls;phishing corporate could course covert credentials criminals crisis current customers cyber cybercriminals data day days dealing deepfake defraud demand demands demonstrated depth detecting developments different digital disabling disaster disasters disclosing discredit disrupt disrupted dns domains done down dramatic draw dupe else email end enemy engineered engineering enough even eventuality example exfiltrating expecting exploiting explore exploring extensions external extreme facade fact fake fakes feasible february feeds find first firstly floods flowing following fraudulently freedom from further geek general genuine global gripping hacked hackers has have heads hesitate holding home how https hypothetical idea identity idly imagination imposter incident incident could incidents including increased indeed individuals infected information infosec installing intending interacting internal invoking involved involving jan just keeping key kicks know known knows leads learn legitimate less lessons let like limited lines lock login logos lookalike lot lure lurid mail maintaining major makes malware management many mapping matter may maybe meddle media merely message methods misfortune mislead misrepresentation mistakenly module moment months more natural nblog network new normal normality;cybersquatters not noticebored now number observation observe obtained official organization original orleans other out own;scammers packaging etc page pages paranoia part partial patching perhaps perpetrators person personal personally plan please point possibilities possibly postulating powerlessness precaution precautionsbased prepare preparing pressing presumably preventing prior products;various professional public publicised questions rainy ransom ransomware rather reaction really receive received records recovering recovery redirect registering reinforce relations releasing restrict resuming retail retailers risk risks same scam scammers scams scenario secondly securing security see seems seen seizing selling sense: services shocking should shutting similar simple since sinister social socially some someone sometimes sony specific spotted spyware stakeholders started stashing steal stealing story substandard such suggests supposition sure surreptitiously roaming suspicious switchboard system systems take taken takes taking talking telephone tell than theft then there this yesterday:customer threat: through through incidents time topography touch traffic travelex trigger trojans designed trusted try tweets twitter type typos under undermine unlikely unsure untenable untrustworthy update used using usually various victims video videoblog vigilance visitors;counterfeiting vivid vulnerabilities waffling warning web webservers website website;fake websites weeks well what when where whether who will wondering worth would years yet |
| Tags | Ransomware Malware Patching Guideline |
| Stories | APT 15 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.