malware - THE RIDGEWOOD BLOG.

Posted on April 5, 2022 April 4, 2022

NJOHSP : Exercise Caution During Job Search

the staff of the Ridgewood blog

Ridgewood NJ, according NJ OFFICE OF HOMELAND SECURITY AND PREPAREDNESS , Job seekers are urged to exercise caution during their job search, as they could be targeted with fraudulent offers via phishing emails, social media, or SMS text messaging, according to NJCCIC. Threat actors entice their victims with promises of opportunities that are “too good to be true” to deliver malware, steal funds or collect personally identifiable information. These schemes may cost victims thousands of dollars and negatively impact their credit scores, according to the FBI. Job seekers are encouraged to research potential employers before providing sensitive information to unknown senders. The NJCCIC also recommends reviewing its Identity Theft and Compromised PII product for additional guidance.

Posted on November 5, 2021 November 4, 2021

Be Safe Online Shopping this Holiday Season

the staff of the Ridgewood blog

Ridgewood NJ, according to the New Jersey Cybersecurity and Communications Integration Cell , Cyber Monday 2020 set a record for e-commerce spending in one day, totaling $10.8 billion. With the pandemic raging on, many customers took to online stores to do their holiday shopping. While NJ COVID-19 cases have declined in recent weeks and vaccinations continue, we can still expect many customers to choose to conduct their shopping online and potentially start shopping earlier than usual given concerns for supply chain issues and shipping delays. Adobe predicts that online shopping spending will total over $200 billion for the first time ever by the end of the holiday season. Given the volume of e-commerce shopping, cybercriminals will continue their efforts to target online shoppers and marketplaces for financial gain. Therefore, it is vital to maintain awareness of the many cyber threats posed by these individuals and groups. Threat actors may target victims through a variety of methods, including compromised or spoofed websites, phishing emails, social media ads and messages, or unsecured Wi-Fi networks. Reviewing the following list of common attack vectors, along with tips and best practices, will help to combat the threats posed by cybercriminals this holiday season.

Continue reading Be Safe Online Shopping this Holiday Season

Posted on March 30, 2021 March 29, 2021

COVID-19 Message Phishing Attacks on the Raise

the staff of the Ridgewood blog

Ridgewood NJ, hackers continue to send COVID-19-related messages to deliver malware or steal credentials and other sensitive information. In an attempt to counter these threats, the US Department of Justice recently seized five domains that impersonated biotech companies involved in vaccine development. These domains collected personal data on visitors for use in future cyber attacks. Organizations and individuals are advised to remain vigilant and report incidents to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

Continue reading COVID-19 Message Phishing Attacks on the Raise

Posted on March 20, 2020 March 29, 2020

NCIS: Beware of Coronavirus-Themed Scams

89781700 1257091097828860 9008322126695890944 n

the staff of the Ridgewood blog

Hackensack NJ, During this health crisis, Bergen County Prosecutors Office warns that criminals are taking advantage. Beware of online scams and emails about coronavirus. Do not click on unknown links!

From Naval Criminal Investigative Service Public Affairs :

The novel coronavirus pandemic presents an opportunity for malicious actors to conduct spearphishing campaigns, financial scams, and disinformation campaigns via social media to collect sensitive information, steal money via fake donation websites, spread false information, and deliver malware to victims.

Several spearphishing campaigns since January have falsely represented various healthcare organizations, including the U.S. Centers for Disease Control and Prevention and the World Health Organization. In many cases, victims receive coronavirus-themed emails requesting the victim to open an attachment or click on a link to obtain details about the coronavirus. Once a victim clicks on the attachment or link, they are directed to a malicious website requesting the victim to enter login credentials.

Continue reading NCIS: Beware of Coronavirus-Themed Scams

Posted on April 21, 2017 June 27, 2021

InterContinental Hotels Group reports Massive Data Breach

InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region

NOTICE OF DATA BREACH

IHG values the relationship we have with our guests and understands the importance of protecting payment card data.

What Happened

Many IHG-branded locations are independently owned and operated franchises, and certain of these franchisee operated locations in the Americas were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations. To ensure an efficient and effective response, IHG hired a leading cyber security firm on behalf of franchisees to coordinate an examination of the payment card processing systems of franchise hotel locations in the Americas region.

The investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016. Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017. Before this incident began, many IHG-branded franchise hotel locations had implemented IHG’s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution. Properties that had implemented SPS before September 29, 2016 were not affected. Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected.

A list of affected IHG franchise locations and respective time frames, which may vary by location, is available here.

What Information Was Involved

The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected.

What You Can Do

It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take.

What We Are Doing

On behalf of franchisees, IHG has been working closely with the payment card networks as well as with the cyber security firm to confirm that the malware has been eradicated and evaluate ways for franchisees to enhance security measures. Law enforcement also has been notified.

For More Information

We regret any inconvenience this may have caused. If you have questions, and reside in the United States, please call 855-330-6367 from 8:00 a.m. to 8:00 p.m. ET, Monday to Friday. If you reside outside the United States, please call 800-290-9989 from 8:00 a.m. to 8:00 p.m. ET, Monday to Friday.

More information on ways to protect yourself

We remind you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

Equifax
Phone: 1-800-685-1111
P.O. Box 740256
Atlanta, Georgia 30348
www.equifax.com

Experian
Phone: 888-397-3742
P.O. Box 9554
Allen, Texas 75013
www.experian.com

TransUnion
Phone: 800-916-8800
P.O. Box 2000
Chester, PA 19016
www.transunion.com

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in California. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft

Posted on September 19, 2014 September 19, 2014

Home Depot says malware affected 56M payment cards

Home Depot says malware affected 56M payment cards

SEPTEMBER 18, 2014, 4:50 PM LAST UPDATED: THURSDAY, SEPTEMBER 18, 2014, 6:09 PM
ASSOCIATED PRESS

NEW YORK — Home Depot said that 56 million payment cards were estimated to have been breached in a data theft between April and September at its stores in the U.S. and Canada. That makes it the second-largest breach for a retailer on record.

The nation’s largest home improvement retailer, based in Atlanta, also confirmed Thursday that the malware used in the data breach has been eliminated. The retailer said there was no evidence that debit PIN numbers were compromised or that the breach affected stores in Mexico or customers who shopped online at Homedepot.com. It said it has also completed a “major” payment security project that provides enhanced encryption of customers’ payment data in the company’s U.S. stores.

The disclosure puts the data breach behind TJX Cos.’s theft of 90 million records, disclosed in 2007 and ahead of Target’s pre-Christmas 2013 breach which compromised 40 million credit and debit cards.

Home Depot confirmed its sales-growth estimates for the fiscal year and said it expects to earn $4.54 per share in fiscal 2014, up 2 cents from its prior guidance. The company’s fiscal 2014 outlook includes estimates for the cost to investigate the data breach, providing credit monitoring services to its customers, increasing call center staffing and paying legal and professional services.

– See more at: https://www.northjersey.com/news/home-depot-says-malware-affected-56m-payment-cards-1.1091344#sthash.hhDBCSU5.dpuf