There’s been a long running text message scam that has been targeting TD customers that appears to have plenty of steam as I am still getting emails and message about that scam. Plus there’s a second text message scam that I discovered that also targets TD customers. Though this one isn’t as pervasive as the first one. Well I’m sorry to say that there’s now a third text message scam that you have to be on the lookout for. Here’s how it works. You start with receiving this message:
I’ve redacted the phone number of the person who sent this to me. But the premise of this scam is that your TD account is locked and you need to unlock it. If you reply “Yes” to this text, you instantly get a link that you should click on. Which by the way you should never ever do. But I am going to because I want to show you what happens next. But before I do, you’ll note that there’s a URL in it that says web-recovery1.com which is not a TD bank controlled domain. That’s the big hint that you should delete this text right away.
However there is good news in this. It appears that TD has stepped in and stopped this. When I tried to go to web-recovery1.com, it was redirected to TD’s website. Thus this kills this scam in its tracks. Thus I will applaud TD on doing this as they are taking scams like this seriously. Something that I have criticized them for not doing in the past. Hopefully this continues as it is in their interest to protect their customers from scams like this.
Good on you TD!
Tata Power Pwned By Hackers
Posted in Commentary with tags Hacked on October 15, 2022 by itnerdIt came to light on Friday that Tata Power who is part of the massive Tata group got pwned by hackers. Not a whole lot is known about the extent of this hack. But:
The company has taken steps to retrieve and restore the systems, it informed. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points, it added.
I have a comment from Darktrace Analyst Hanah Darley:
From the available information, Tata Energy will likely have implemented Multi-Factor Authenitcation (MFA) in response to the cyber-attack which is an effective method of imposing additional controls on who can access organisational networks. Unfortunately, it is not a guarantee that implementing MFA will resolve a breach if a hacker has maintained access gained before the MFA was in place and we have seen recently that MFA companies can themselves become targets in attacks.
Tata Energy have made it clear that their critical operational systems are still functioning, meaning that while the breach effected IT infrastructure, their OT system are still working. Depending on how the breach occurred, there are multiple ways that only certain portions of their digital estate was affected while leaving other portions untouched, depending on how much the attackers were able to move laterally or how interconnected their systems are. Critical national infrastructure, especially industrial systems tend to involve legacy software and have difficulty maintaining patches for software, which inherently make them more vulnerable than the average organisation. Hackers are increasingly demonstrating their willingness to exploit this for their own malicious purposes.
I am sure that additional details will come out in the days ahead as Tata isn’t a small company and details will usually filter out sooner or later. Watch this space for details.
Leave a comment »