Over 3 Million Affected By Volkswagen Group Data Breach

The Volkswagen Group of America (VWGoA), a subsidiary of the German Volkswagen Group, recently disclosed a large scale data breach that exposed the personal data of more than three million VW customers.

The incident came about because between August of 2019 and May of 2021, one of VWGoA's vendors left unsecured data exposed on the internet.

The company was notified by the vendor that an unauthorized person or persons had accessed the unsecured data and may have obtained customer information for people who had purchased an Audi or Volkswagen during that time, in addition to exposing some details on the dealerships where the vehicles were purchased. A forensic analysis revealed that information belonging to 3.3 million customers was exposed, and that 97 percent of those records related to customers of Audi vehicles or interested buyers.

The information in the vulnerable database varies widely from one customer to the next, but generally includes full names, email addresses and phone numbers, and more than 95 percent of the compromised records also included driver's license numbers.

 

Call Now

 

A small number of exposed customer records, numbering approximately 90,000, also contained social security numbers. For those customers, VWGoA is offering one year of free credit protection and monitoring, and a $1 million insurance policy that protects against identity theft.

VWGoA has also begun the process of notifying all impacted customers. So if you purchased a BMW or Audi during the time frame mentioned above, or if you expressed an interest in doing so, you may be contacted by Vokswagen.

Unfortunately, the database was left exposed for an extended period of time, and there's no telling how many bad actors may have gained access to it. Right now, security professionals are monitoring the Dark Web in case the data begins appearing there. So far, it has not, but that could happen at any time. Companies, whether big or small, should pay close attention to their cybersecurity and data backup plans. Don't wait for a cyberattack to happen before you prioritize these things.

 

Call SpartanTec, Inc. now for more information about our managed IT solutions and data recovery services.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Data Breach Hits McDonalds In US And Other Countries

McDonalds is the latest major corporation to fall victim to a data breach. The fast-food giant does business in more than 100 countries and has nearly 40,000 locations globally with more than 14,000 in the United States alone. Recently, they disclosed that hackers found a way into their network and stole information belonging to both employees and customers in the US, South Korea and Taiwan.

If there's a silver lining in the disclosure, it lies in the fact that McDonalds was able to confirm that no payment information was stolen. Nonetheless, the hackers were able to abscond with a raft of personal information including email addresses, phone numbers, physical addresses and the full names of an as yet undetermined number of customers and employees.

As part of their disclosure, the company said that they were working with law enforcement and a outside data security vendor to conclude the investigation. They included that they were in the process of contacting any customer whose information was compromised by the breach.

 

Call Now

 

So far, their handling of the aftermath of the hack has been exemplary, though that's at least in part because they've had their share of practice. Back in 2017, the company suffered an attack that revealed a cross-site scripting vulnerability that left customer passwords exposed and stored as plain text.

If you live in the US, Korea or Taiwan and are a regular McDonalds customer and have created a login on the company's site or have downloaded the McDonalds app, you may be getting a letter from the company explaining that the information you shared with the company was compromised. The letter should outline the company's next planned steps. Even if you don't get a communication from them, your best bet is to change your McDonalds or app password right away.

 

Call SpartanTec, Inc. now if you need help of IT support professionals in preventing data breaches and other types of online threats by developing effective cybersecurity solutions.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Beware Of Voice Message Phishing Attacks Called Vishing

Hackers and scammers have been experimenting with a cybersecurity threat called "vishing" in recent months, as a subset of phishing.

Conventional phishing tactics rely on sending emails that employ a variety of social engineering tricks to convince unsuspecting recipients to hand over sensitive information up to and including login credentials.

However, "vishing" adds a new angle: Voice, either via pre-recorded message or employing an email that contains a phone number with a live person at the other end, who will try to coax the desired information from the caller live and in person.

Worse, in the case of incorporating pre-recorded messages, scammers can take a scattershot approach, generating thousands, or even tens of thousands of emails. These emails point back to a fairly convincing-sounding pre-recorded message, and even spoof their caller IDs while doing it so they come across as legitimate operations.

Internet security firm Armorblox has been studying the issue and recently released a pair of case studies relating to the phenomenon. Both studies involve impersonating Amazon, with the goal of convincing unsuspecting users to give up their credit card details.

 

Call Now

 

Armorblox's first case study involved a campaign that targeted more than nine thousand email addresses, sent from a Gmail account with the subject line of "Invoice: ID" followed by an invoice number and content that made it appear as though the communication came from Amazon.

According to the email, an order for some piece of tech (television, computer, gaming console, etc.) was placed by the recipient, and asking that individual to contact the company at the number provided if there are any questions or problems with the details. In this case, the included phone number is the "payload," or at least the gateway to the payload.

The second campaign the company tracked was functionally similar, but was only sent to some 4,000 inboxes. In both cases though, since there are no poisoned attachments, there's nothing for the spam filters of email systems to flag, which is what makes "vishing" such a dangerous phenomenon. Stay vigilant out there especially when it concerns your computer security.

 

Call SpartanTec, Inc. now and let our team of IT experts help protect your business against cybersecurity threats such as phishing and malware.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to unsubscribe, which makes email security essential.

The emails don't specify exactly what the recipient is unsubscribing from, or why unsubscribing is necessary. Of course, the main purpose here is to verify that the email address is valid and that the recipient is susceptible to phishing scams.

Most of the emails in the current campaign contain two brightly colored icons, one green, that says, "Keep me subscribed!" and one red that says "Unsubscribe."

Ultimately, it doesn't matter which you click on. If you opt to stay subscribed, you'll be emailed another "Verification" email that may ask you for additional personal information. If you click the link to unsubscribe, you'll be sent a verification email asking why you're leaving and of course, for additional personal information.

 

Call Now

 

In either case, you're playing into the hands of the scammers and self-identifying as a person susceptible to such things.

As ever, education, along with an effective email protection solution, is the best defense against this kind of thing. If you get an email like the one described above, your best bet is to simply mark it as spam and delete it. All reputable companies will clearly identify themselves and what, specifically, you are unsubscribing from.

If you do fall victim to this ploy, you can expect to be inundated with a wide assortment of phishing emails, which will invariably increase your risk. After all, the scammers only need to succeed once to make your life a living nightmare for months, and possibly years. You have to stay vigilant twenty four hours a day, seven days a week to protect yourself and the best way to do this is hire professionals who offer IT services.

 

Call SpartanTec, Inc. now and find out how our email protection and managed IT services can help keep hackers, spammers, and cyber threats at bay.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Top 4 Ways Hackers Will Attack Your Network

Most small and midsize business (SMB) owners exist in a bubble of blissful ignorance when it comes to cybersecurity. They focus on the day-to-day operations of their organization, driving growth, facilitating hiring and guiding marketing, without a single thought given to the security of the computer networks these processes depend on. After all, they’re just the little guy – why would hackers go to the trouble of penetrating their systems for the minuscule amount of data they store?

And eventually, often after years of smooth sailing through calm seas, they get hacked, fork out thousands of dollars to malicious hackers and collapse beneath the weight of their own shortsightedness.

The facts don’t lie. According to Verizon’s annual Data Breach Investigations Report, a full 71% of cyber-attacks are aimed squarely at SMBs. And while it’s unclear exactly how many of these attacks are actually successful, with the sad state of most small businesses’ security protocols, it’s a safe bet that a good chunk of the attacks make it through.

But why? As Tina Manzer writes for Educational Dealer, “Size becomes less of an issue than the security network … While larger enterprises typically have more data to steal, small businesses have less secure networks.” As a result, hackers can hook up automated strikes to lift data from thousands of small businesses at a time – the hit rate is that high.

Today, trusting the security of your company to your son-in-law, who assures you he “knows about computers,” isn’t enough. It takes constant vigilance, professional attention and, most of all, knowledge. Start here with the four most common ways hackers infiltrate hapless small businesses.

1. PHISHING E-MAILS

An employee receives an e-mail directly from your company’s billing company, urging them to fill out some "required" information before their paycheck can be finalized. Included in the very professional-looking e-mail is a link your employee needs to click to complete the process. But when they click the link, they aren’t redirected anywhere. Instead, a host of vicious malware floods their system, spreading to the entirety of your business network within seconds, and locks everyone out of their most precious data. In return, the hackers want thousands of dollars or they’ll delete everything.

 

Call Now

 

It’s one of the oldest tricks in the hacker toolbox, but today it’s easier than ever for an attacker to gather key information and make a phishing e-mail look exactly like every other run-of-the-mill e-mail you receive each day. Train your employees to recognize these sneaky tactics, and put in safeguards in case someone messes up and clicks the malicious link.

2. BAD PASSWORDS

According to Inc.com contributing editor John Brandon, “With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight-character password combinations a minute.” What’s more, he says, “80% of cyber-attacks involve weak passwords,” yet despite this fact, “55% of people use one password for all logins.”

As a manager, you should be bothered by these statistics. There’s simply no excuse for using an easy-to-crack password, for you or your team. Instead, it’s a good idea to make a password out of four random common words, splicing in a few special characters for good measure. To check the strength of your password, type it into HowSecureIsMyPassword.net before you make it official.

3. MALWARE

As described above, malware is often delivered through a shady phishing e-mail, but it’s not the only way it can wreak havoc on your system. An infected website (such as those you visit when you misspell sites like Facebook.com, a technique called “typosquatting”), a USB drive loaded with

viruses or even an application can bring vicious software into your world without you even realizing it. In the past, an antivirus software was all that you needed. These days, it’s likely that you need a combination of software systems to combat these threats. These tools are not typically very expensive to put in place, especially considering the security holes they plug in your network.

4. SOCIAL ENGINEERING

As fallible as computers may be, they’ve got nothing on people. Sometimes hackers don’t need to touch a keyboard at all to break through your defenses: they can simply masquerade as you to a support team in order to get the team to activate a password reset. It’s easier than you think, and requires carefully watching what information you put on the Internet – don’t put the answers to your security questions out there for all to see.

We’ve outlined some of the simplest ways to defend yourself against these shady techniques, but honestly, the best way is to bring on a company that constantly keeps your system updated with the most cutting-edge IT security and is ready at a moment’s notice to protect you in a crisis. Hackers are going to come for you, but if you’ve done everything you can to prepare, your business will be safe.

 

Call SpartanTec, Inc. now and let our team of IT experts help protect your business from hackers who are looking for any opportunity to attack your network.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

New Subscription Billing Notif Could Be A Phishing Attack

There's a dangerous new phishing attack you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as "customer support" representatives, and even recorded messages including instructions and attached to emails. This is all done in a bid to lure unsuspecting recipients into downloading malicious files.

In this case, the attack is structured as follows:

A potential victim will get an email informing them that they've been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.

If the recipient calls, the agent, who of course, is part of the hacker's organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker's choosing.

The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.

 

Call Now

 

While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers' point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn't contain an attachment of any kind, it poses tremendous challenges for IT security professionals.

As ever, the best defense and cybersecurity method is education and mindfulness, so be sure your staff is aware.

 

Call SpartanTec, Inc. now and let us help protect your business against phishing attacks and other online threats with our managed IT services.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Do You Know If Your Employees Are Putting Your Business At Risk Of Cyber-Attack?

Your employees are instrumental when it comes to protecting your business from cybersecurity threats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might be endangering your business and themselves — and what you can do about it.

1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

2. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!

 

Call Now

 

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords as part of your email protection and cybersecurity. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like 1Password and LastPass that make it easy to create new passwords and manage them across all apps and accounts.

3. They’re Not Using Secure Connections. This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.

4. They’re Not Aware Of Current Threats. How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses around the world – and hackers are relentless. They will use your own employees against you, if given the chance.

Your best move is to get your team trained up and educated about current threats facing your business. Working with a managed service provider or partnering with an IT services Myrtle Beach firm is an excellent way to accomplish this and to avoid everything we’ve talked about in this article. Education is a powerful tool and, when used right, it can protect your business and your employees.

 

Call SpartanTec, Inc. now for more information about our managed IT services and how our team can help improve your company's cybersecurity.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence