Virus scam and easyJet breach

By any measure, the recent revelations that cyber scammers have been using SMS alerts to wrongly inform people they have been in contact with someone who has tested positive for coronavirus is shocking, though hardly surprising. The story, carried in The Guardian newspaper, goes on to detail how the text then directs them to a phishing site where any personal information they put in are harvested.

As Chris Ross, SVP, Barracuda Networks, comments: "Cyber criminals do not miss a trick when it comes to preying on people's fears, insecurities or even their goodwill. More recent efforts to trick people out of their money has seen scammers move away from the traditional email based phishing attack to an SMS based phishing attack, or 'smishing'.

"The most recent smishing attack, which uses an SMS alert to trick people into thinking they have come into contact with the deadly coronavirus, is one of the most immoral yet sophisticated smishing campaigns we've seen since the start of the outbreak. It is a reminder to the general public that cyber scams infect all messaging and communication platforms, and you should always verify information you are sent before taking any action or complying with written instructions. If unsure on the legitimacy on some information you have been sent, seeking advice from a specialist or security expert is always advised, particularly in the current climate."

Meanwhile, there has been strong industry reaction to the news that low-cost airline easyJet has allowed the personal details of nine million customers to be accessed by what are described as highly sophisticated hackers. "This is a difficult time for airlines and a data breach isn't going to help with regaining customers' trust," says Matt Aldridge, principal solutions architect at Webroot. "Airlines can be a lucrative target for hackers, as they are a treasure trove of personal information. They are very well-known brands, with critical missions of safety, compliance and keeping to schedule, so attackers would see them as likely to pay out large sums in a ransomware or other extortion scenario. As a result, robust security measures need to be put in place across the industry to reduce the risk of future attacks being successful."

Brian Wall, Editor
Computing Security

To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.