FBI Warns of Growing Emergency Data Email Hack Attacks, Canada Orders TikTok to Close Operations, There’s Been An Arrest in Connection with Massive Ticketmaster, AT&T Data Breaches, Brampton Landlord Falls Victim to E-Transfer Interception Scam
This is Cyber Security Today. I’m your host, Jim Love
FBI Warns of Growing Emergency Data Email Hack Attacks
The FBI has issued a warning to Gmail and Outlook users about a new wave of phishing attacks involving compromised government email credentials. Cybercriminals are selling these high-quality government email addresses, along with stolen subpoena documents, for just $100 on dark web forums. These credentials enable attackers to pose as law enforcement officers and request sensitive information using fraudulent emergency data requests.
The scam often convinces targets to bypass typical security checks due to the urgent nature of emergency requests, leading to potential data theft, extortion, and ransomware attacks. The first signs of this method appeared in 2023, but the volume and sophistication of these attacks have escalated dramatically in 2024.
The FBI recommends several mitigation strategies to combat this threat, including monitoring third-party vendor security, using strong password protocols, enabling two-factor authentication, but most of all, applying critical thinking when handling unexpected emergency data requests.
Additionally, the FBI stressed the importance of verifying the legitimacy of such requests before acting. The FBI and the RCMP in Canada can be contacted to verify the legitimacy of an request by law enforcement and of course, use the publicly available number and not any phone details provided by the scammer.
Law enforcement agencies around the world are taking these threats very seriously. Interpol, alongside other international agencies, has dismantled a major email phishing and infostealer criminal network in an operation called Synergia II. This crackdown resulted in 41 arrests and the seizure of numerous devices linked to ransomware and phishing schemes across 95 countries.
But, as usual, like the mythical Hydra, as one of these scammers gets taken down, others will appear.
Canada Orders TikTok to Close Operations Over National Security Concerns
The Canadian government has ordered TikTok to wind down its Canadian operations, citing national security risks. This decision follows a national security review of the popular video app, led by Canada’s security and intelligence community. However, Canadians will still be able to use TikTok, as the government is not blocking access to the app.
Innovation Minister François-Philippe Champagne said TikTok’s operations in Toronto and Vancouver posed a potential threat to national security. “We came to the conclusion that these activities…would be injurious to national security,” Champagne told CBC News, without providing further details.
Despite shutting down operations, Canadians can continue using TikTok, though Champagne urged users to be cautious. “Parents and anyone who wants to use [the app] should be mindful of the risk,” he said. Critics claim that TikTok, owned by Chinese firm ByteDance, could expose user data to the Chinese government, a claim that TikTok has denied.
TikTok plans to challenge the shutdown order in court, calling the decision harmful to Canadian jobs. The move comes after the U.S. raised similar concerns, flagging the risk that Chinese authorities could compel ByteDance to provide access to user data.
Canadian Man Arrested in Connection with Massive Ticketmaster, AT&T Data Breaches
Authorities in Canada have arrested Alexander “Connor” Moucka, a suspect in a series of data breaches affecting approximately 165 companies, including Ticketmaster and AT&T. The breaches involved Snowflake’s cloud storage services, with stolen customer information later posted on hacking forums.
Moucka was arrested on October 30th, following a request from the US government. The breaches targeted companies such as Santander Bank, Advanced Auto Parts, and Lending Tree, with compromised login credentials allowing access to sensitive data. An investigation by Mandiant linked the attacks to a financially motivated threat actor.
Brampton Landlord Falls Victim to E-Transfer Interception Scam
A Brampton landlord, Jai Walia, says he’s in shock after two e-transfers totaling $4,500, meant for rent payments, were intercepted by scammers. Despite his tenants sending the payments, Walia never received the money in his account.
The fraud occurred when Walia’s email account was hacked. Scammers used the compromised email to set up a fraudulent bank account with autodeposit. This meant that when his tenants sent the e-transfers, the funds were automatically deposited into the scammers’ account instead of Walia’s. Walia was relying on security questions to receive transfers, but once the autodeposit was set up using his email, those funds bypassed him completely.
One tenant managed to recover their money, but another remains out $2,000. Walia has since switched to autodeposit for his own account to prevent this from happening again.
Interac personal transfers have become the most popular way that Canadians exchange funds on a person to person basis with estimates ranging in the hundreds of thousands of transfers each day. While this is dwarfed by the millions of commercial transactions, it is an important means of payment for everyday Canadians.
Cybersecurity expert Nick Biasini highlights the importance of securing email accounts, noting that once fraudsters gain access, they can use it to reset passwords and control linked services. He urges users to enable autodeposit and strengthen email security to avoid similar risks.
For our American listeners, who have different methods, it’s just a time to raise awareness that individuals and small businesses are not exempt from these scams.
That’s our show for today.
You can find links to reports and other details in our show notes at technewsday.com. We welcome your comments, tips and the occasional bit of constructive criticism at editorial@technewsday.ca
I’m your host, Jim Love, thanks for listening.