Archive for October 12, 2022

Drive with Zombies (or run from them) this spooky season with the help of Waze

Posted in Commentary with tags on October 12, 2022 by itnerd

As October 31 nears, spooky season is upon us. And it’s brought zombies to Waze, the community-based traffic and navigation app.

Starting today, drivers can choose to team up with an expert escapist to avoid the zombies, or take their chances and get to know a member of the undead with a zombie itself. 

Activate your voice navigation to adventure with the Survivalist by your side and learn the best skills for staying away from the slow-moving menaces. You’ll ride with all the gear you need for surprises along the way when you change your vehicle guide to the Escapemobile, and show off your strength to other drivers with the Survivalist Mood.

If you’d rather a Zombie guide your way, select the Zombie voice navigation and find out if the rumor that these monsters think with their brains is really true. Switch to the Zombie Mood to show your allegiance to the misunderstood undead. And to get the full zombified experience, swap out your navigation arrow for the Zombieombile.

Drivers can activate the Zombie experience by visiting Waze or clicking “My Waze” in the app. Tap the “Drive with Zombies” banner to activate. Available globally with voice navigation in English, French, Spanish and Portuguese.

A blog post on the copilot is available here:

https://blog.google/waze/drive-with-zombies-or-run-from-them-this-spooky-season/

Leave a comment »

FlashBox Expands Into Vancouver

Posted in Commentary with tags on October 12, 2022 by itnerd

FlashBox, a technology-based, same-day delivery company offering cost-effective deliveries for businesses has launched in Vancouver.

The company, which started in Toronto, Ontario, provides faster and more affordable delivery than other providers by using technology to accelerate their processes. The streamlined operations allow FlashBox to deliver to customers same-day.

Same-day deliveries are picked up and delivered within 10 hours. Orders are scheduled through an online dashboard every morning before 11:00 am. Then, picked up between 11:30 am and 2:30, to then be delivered to residential addresses between 4:00 pm and 10:00 pm.

FlashBox’s elaborate tracking experience offers customers full visibility around delivery. A live map view allows you to be informed of delivery times and exact driver location. Text and email notifications update both the sender and receiver. Prices start at only $6 per delivery. 

FlashBox plans on expanding into Montreal, Calgary and other major cities across Canada soon.

Leave a comment »

PhishLabs By HelpSystems Identifies Phishing Campaigns That Are Abusing Google Ad Click Tracking Redirects

Posted in Commentary with tags on October 12, 2022 by itnerd

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google’s ad service to carry out phishing campaigns on U.S. and Canadian Financial Institutions. This weakness abuses the fact that the URL shown in Google Ads is not the linked site but rather the final destination, including redirects. By leveraging conditional redirects, the attackers create ads that appear legitimate but will redirect to hostile sites.

In these attacks, both ad text and link hovering falsely state the user will be redirected to the targeted organization’s legitimate site. When the user clicks on the ad, they are routed through multiple redirects before landing on a phishing page. 

Malicious Google Ad 

Legitimate click tracking redirects begin at Google Ads and are routed through numerous click trackers before landing at their desired destination. Google Ads display the user’s final landing page due to client preference that the ad link not display the click tracker. In these attacks, threat actors create their own redirects, which they set up to lead to the legitimate site. 

When Google traces the redirects, they see the appropriate site and will have the Ad display the legitimate URL. Threat actors then configure the redirect to use certain criteria such as geo location to direct certain users to a phishing site. These campaigns are potentially utilizing other obfuscation techniques to evade detection by Google, as well.

In the example below, attackers have incorporated a redirect that is not only malicious, but also contains logic that will hide its true destination. When Google attempts to determine where the user will land, they see a legitimate credit union site. As a result, they will only display the credit union URL. If the end user clicks on the ad, they will instead land on a different site that is malicious. In this case, the redirect would only display the phishing site if the user IP was based in Minnesota. 

Stacy Shelley, VP of marketing for email security and digital risk protection at PhishLabs by HelpSystems, says:

“It used to be the case that when you hover over a Google Ad, you would see a Google tracking link, and that made it very easy to abuse. So, Google started processing all the redirects until it gets to the final landing page. If the page is legit, the ad will be published with the final landing page as the hover link (no redirects displayed).

“What we’re seeing indicates there are weaknesses in that process that threat actors are exploiting. They use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legit landing URL on hover. As a result, you get a more convincing ad experience (no odd URL) that still redirects targeted victims to a malicious site.”

PhishLabs Actions 

PhishLabs has technology in place to monitor Google Ads for malicious content targeting its client base. With the recent change in behavior, the company is in the process of enhancing detection capabilities for these threats. 

PhishLabs is actively working with Google and providing information on the behavior observed to reduce the prevalence of these threats and sharing live threat examples as they are detected. Google is also working on implementing preventative measures. 

Thanks to PhishLabs By HelpSystems for supplying me with all of this information so that I could present it to you.

Leave a comment »

Repair, recycle and upcycle: Join the movement to reduce electronic waste

Posted in Commentary with tags on October 12, 2022 by itnerd

TELUS is sponsoring Canada’s first ever Circular Economy Month this October, an awareness campaign that focuses on the importance of waste reduction and recycling. The majority of Canadians, 69 per cent, say their mobile phone is their most expensive personal item, however less than half of the population has actually repaired their phone and only 12 per cent of Canadians have ever purchased a used device. To help address this problem, TELUS is encouraging Canadians to repair, recycle or upcycle their pre-loved phones or tablets, helping to contribute towards the circular economy by prolonging their device’s lifespan, reducing electronic waste and keeping them out of landfills. 

Canadians can be an active participant in the circular economy this month and all year round by:

  • Repairing pre-loved devices. Canadians can keep their devices longer and minimize waste by visiting one of TELUS’ Mobile Klinik stores to have it repaired, whether it’s a cracked screen, sluggish operating system or water damage, or other issues. Each day, Mobile Klinik refurbishes 300 devices across its more than 125 locations in Canada.
  • Recycling pre-loved devices. Bring a pre-loved device into a TELUS store where the team will responsibly recycle it to keep it out of landfills. TELUS will also plant a tree for every device recycled as part of its mission to plant its one millionth tree. Learn more about how to recycle your device.
  • Upcycling pre-loved devices.Drop off pre-loved phones or tablets at a TELUS store and the team will upcycle them to connect a Canadian-in-need through TELUS’ Mobility for Good® program. TELUS’ Mobility for Good provides access to smartphones for youth aging out of foster care, low-income seniors and Indigenous women at risk or surviving violence. Find out more about donating your phone.  

Circular Economy Month aligns with TELUS’ focus on environmental sustainability and its long-standing efforts to help preserve and protect the planet. TELUS’ 2021 Sustainability Report outlines its environmental, social, and governance strategy and priorities which includes the ambitious goal to use 100 per cent renewable energy by 2025. TELUS’ network infrastructure and investments are helping Canadians transition to a sustainable future through the digitization of the economy, including optimizing energy consumption at home and reducing food waste through its TELUS Agriculture solutions. 

To learn more about TELUS’ commitment to a more sustainable future, visit telus.com/sustainability.

Leave a comment »

Guest Post: Revealed: Instagram users are most likely to get their accounts hacked

Posted in Commentary with tags on October 12, 2022 by itnerd

With the social media user base growing daily, social media account hacks are becoming increasingly common. However, user profiles of some social media platforms get compromised more often than others.

According to the data presented by the Atlas VPN team, based on the Identity Theft Resource Center survey, Instagram users suffered the most from account takeover in 2021. In total, 84% of social media account takeover victims reported that their Instagram accounts got hijacked by scammers. 

Instagram, which has over 1.4 billion monthly active users, is the world’s fourth most popular social media channel.

A quarter (25%) of social media takeover victims also reported losing their Facebook accounts to malicious actors. Twitter was reported by only 3% of social media account takeover victims, followed by WhatsApp (1%) and LinkedIn (1%). A whopping 68% of victims have not regained access to their social media accounts. 

Social media accounts are highly valuable to cybercriminals as they hold a wealth of personal information, which may include the user’s full name, email address, phone number, birth date, physical address, photos, private messages, and more, and can be used to commit fraud.

A hijacked social media account can be utilized to take over even more accounts by publishing fraudulent posts, sending the victim’s contact list malicious links, and asking their friends to reveal personal information or provide funds. The malicious actors can also extort the account owner for money in exchange for getting back the stolen account. 

Some social media accounts, like Facebook, can be used to log into various other online accounts, such as online banking, which may hold even more sensitive information. Additionally, cybercriminals can sell compromised social media accounts on the dark web. 

Top ways hackers gain access to social media accounts

Malicious actors have many methods to trick victims out of their valuable information, funds, or social media accounts. 

Posing as a “friend” is an effective scam tactic, as people let their guard down when communicating with people they know. According to the survey, nearly half (49%) of social media account takeover victims clicked on a link in a direct message from a friend before losing access to their social media accounts. 

Cybercriminals also use “get-rich-quick” schemes to lure in unsuspecting victims and steal their personal data and accounts. A fifth (20%) of social media victims lost their accounts to cybercriminals by responding to cryptocurrency and other investment scams.

Moreover, over a tenth (13%) of social media takeover victims provided personal information, including 2FA codes, PINs, and one-time passwords, which led to them losing access to their social media accounts.

To read the full article, head over to:

https://atlasvpn.com/blog/revealed-instagram-users-are-most-likely-to-get-their-accounts-hacked

Leave a comment »

New Attack Targets Entrepreneurs Using Google Forms To Exploit Government Agency SBA Covid Loans In Email Phishing Campaign

Posted in Commentary with tags on October 12, 2022 by itnerd

As the medical threats of the pandemic wane, cybersecurity threats remain on solid footing. INKY has revealed the latest phishing attack that its cybersecurity researchers have discovered in which government loans and grants for small businesses are being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.

The new research explores the attack campaign and flows overview of the origin of hijacked accounts, abused Google Forms websites payload, brand impersonation and free cloud resource abuse techniques, and targeted attacks against entrepreneurs.

You can read the full report from INKY here.

Leave a comment »