Industry Intel

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Internet Cameras Showcase Major Security Flaws

Researchers recently discovered as many as 18 different vulnerabilities with Foscam cameras. Among the exploits are several methods of gaining remote access to the cameras, as well as viewing active feeds, and searching through locally stored files. Although the researchers reported these issues months ago, the manufacturer has not yet addressed the issues. Unfortunately for consumers, Foscam makes devices for at least 14 different brands, all of which come with the same security risks.

EternalBlue Exploit Port to Windows 10

The notorious EternalBlue exploit, which was used in the WannaCry attacks, has been ported to Windows 10, which means all current versions of Windows are susceptible to the exploit, if not properly patched. In addition to the port, another exploit module was created, which slims down network traffic and allows the infection to remain undetected by current detection criteria. While researchers are still learning and understanding the full capabilities of EternalBlue, it has also opened the door for less skilled hackers to modify the otherwise well-written exploit for their own purposes.

Car Owner Database Publicly Available

In the last week, researchers found a publicly-facing database containing the customer and vehicle information for nearly 10 million cars in the US. The database, which had been actively available for around four months, has no known owner, though several dealerships named in the database have been contacted with inquiries. Unauthorized access to the information could give criminals more than enough information to have extra keys made for the vehicles, and could even lead to identity theft issues.

Turla Hacking Group Changing Methods of Attack

The cybercriminal group Turla has executed numerous cyberattacks on major corporations and government agencies over the last few years. Now, however, they’ve switched their focus to individual attacks, typically using Firefox browser extensions to create backdoors into personal systems. The attacks are coordinated by placing comments on highly-trafficked Instagram pages and pictures. The browser extension hashes the comment values until the malicious hash is discovered, at which point it contacts a C&C server for instructions. Fortunately for many social media users, the APIs used to create the malicious extension will be phased out in future versions of Firefox.

Edmodo Data Breach Confirmed

Officials at Edmodo, an education technology company that works with K-12 schools and teachers, have been working to discover the source of a breach that affects over 77 million individual accounts. The majority of affected users were children who used various Edmodo programs for school, as well as educators across the country. Although the freshness of the data would indicate that the breach occurred very recently, and Edmodo did attempt to notify its users quickly, not all users received word that their accounts had been breached. Thankfully, the company used strong encryptions to protect passwords, so it’s unlikely that attackers will invest the time and effort necessary to decrypt them to access accounts.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Hackers Blackmail Surgery Patients

Hackers have begun contacting victims of a March data leak that exposed a database containing photos and other sensitive patient information. The majority of victims are linked to a Lithuanian cosmetic surgery clinic, and have received demands ranging from $40 to a full Bitcoin to prevent their photos from being released. Unfortunately for some of the patients, at least 25,000 photos have already been published, likely in an attempt to incite other ransom victims to pay.

Chipotle Payment Systems Hacked

Over the past few months, officials have been sorting out the severity of the Chipotle data breach that occurred between March and April of this year. As of the most recent statement, restaurants in 48 US states have been affected. The data that has been compromised consists of customer names and credit card information, but the company is working with multiple banks to assist any impacted customers.

Judy Malware Wreaks Havoc on Google Play Store

In the past week, Google has removed over 40 apps from the Play Store that were infected with “Judy” malware. Most of the apps were available in the store for quite some time, meaning the number of affected users could be in the millions. Fortunately, Google has recently released a new service that will continuously scan Android® devices for any malicious activity.

Phishing Study Reveals Interesting Results

A recent study conducted by Ironscales monitored 500,000 unique mailboxes from 100 different companies. The study revealed that, over the course of nearly 8,500 attacks on the boxes, many focused on only a small percentage. Additionally, nearly 80% of phishing attacks were able to bypass the email filter and remain undetected, while those with more brand-oriented themes were caught almost immediately. It also pointed out that, while less than half of these attacks lasted longer than 24 hours, the ones that made it past 30 days were capable of sustaining themselves for up to a year or more.

Game Hackers Mod Nintendo Game Cartridges

While the practice of hacking games is nothing new, several hackers in the community have found a way to create a full Hex editor within Super Mario World, using nothing more than standard controller inputs. By jailbreaking the cartridge to store user-written data in the small game save files, they have been able to mod the game, giving players a wide variety of special perks, and even changing the color schemes of game levels.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Samsung’s Latest Iris Scanners are Easily Fooled

Recently, ethical hackers have been able to bypass Samsung’s latest attempt at iris recognition with minimal effort. Would you believe the tech is fooled by simply scanning a high-res picture of the right pair of eyes? While the vendor who supplies Samsung with the recognition software assures users that their security is infallible, the opposite seems to be true. The group that discovered the hack was also responsible for finding the workaround for Apple’s Touch ID locking system.

University Twitter Account Hacked, Tweets Racist Remarks

Unfortunately, Salem State University in Massachusetts has joined the ranks of notable organizations, institutions, and individuals who have fallen victim to social media hacks. In the past week, officials at Salem State having been dealing with the aftermath of a hack that caused their Twitter account to post highly offensive, racist messages. For the time being, the account has been suspended, the tweets in question have been deleted, and the university has issued public apologies through all regional means.

Tech Support Scammers Using WannaCry to Leverage Payment

While tech support scams aren’t new, it seems that scammers are now shifting their tactics to use cyberattacks that have made the news as an extortion tool. After launching an annoying popup that informs victims of their (fake) WannaCry infection, the scammers prompt users to call the (fake) support number for assistance. They then demand an outrageous payment just to run the free Microsoft Malicious Software Removal tool.

Yahoobleed Vulnerability Leaks User Data

Security researchers have been warning Yahoo! about its numerous security vulnerabilities around user data for years, and have gotten only silence in response. The flaw comes from ImageMagick, an image processing system used by Yahoo, which didn’t receive a crucial patch that was released in early 2015. This flaw allowed criminals to send an email containing a malicious image file which, once opened, would enable the end user access to Yahoo! server information. Rather than patching the bug that cybercriminals could exploit, Yahoo! simply discontinued using ImageMagick.

Bank Biometrics Bypassed by Twin Brother

Recently, a reporter for the BBC discovered that his HSBC bank credentials could be falsified by his non-identical twin brother using the voice-recognition password system. The system allowed the reporter’s brother no fewer than 8 attempts to correctly match the voice patterns necessary to access the account, though it only offered him limited viewing access. HSBC has stated that they will decrease the number of failed attempts allowed, and will work to add more layers of security.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

WannaCry Ransomware Tackles Globe

In the past week, organizations in over 150 different countries have been dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting a largely unpatched vulnerability in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations have struggled to roll it out to their endpoints, or can’t do so without rendering their proprietary software unusable.

Restaurant Listing Service Zamato Hacked

Researchers have discovered a Dark Web vendor with a listing for 17 million Zamato user accounts, along with samples of the data to prove its legitimacy. In response to the hack, Zamato has issued a forced password reset for all affected users, and strongly recommends a password change for the remaining users as added precaution. Fortunately, no credit card information was compromised, as it is stored in an alternate location.

Pirates Pirate “Pirates”

As the official release of the new Pirates of the Caribbean movie looms ever closer, hackers have threatened to leak five minutes of a stolen, unreleased film, followed by 20-minute chunks if Disney doesn’t pay their Bitcoin ransom demand. (It’s unclear if the stolen movie is truly the new PotC, but that’s the rumor.) Piracy is hardly new in the film industry, and a case much like this one happened last month with Netflix and episodes from the upcoming season of Orange Is the New Black. From the sound of it, most production companies agree that a few leaks to dodgy download sites so close to release aren’t significant enough to consider paying up.

Dangerous Flaw Found in the Google Chrome Browser

A recently discovered flaw in Google Chrome has allowed researchers to download a malicious shell command file to a user’s computer, which then executes when the user opens the folder where the file was saved. Upon execution, the file retrieves the user’s login credentials for accessing other network drives or local files. Fortunately, Google is aware of the issue and is working to resolve the vulnerability.

Bell Canada User Data Leaked

In their public statement earlier this week, Bell Canada revealed that a large number of users’ email addresses had been compromised, along with several thousand names and phone numbers. The breach is currently under investigation, and all affected users have been notified to be on the lookout for resulting email phishing scams.

As the second wave of WannaCry spreads across the globe, the latest estimate from the leading European police agency Europol suggests the malware has hit over 200,000 victims over 150 countries.  You can catch up on some of the latest news here.

New kill switch detected ! https://t.co/sMyyGWbgnF #WannaCry – Just pushed for an order ! pic.twitter.com/cV6i8DpaF4

— Matthieu Suiche (@msuiche) May 14, 2017

Although a second kill switch has been identified and registered today, there is no certainty that this second kill switch will address all malware variants. Europol continues to recommend that one of the best defenses is to take advantage of the patches released by Microsoft.

Webroot currently has strong protection in place for WannaCry, and has already reviewed and fortified its protection and detection routines to protect its users against future variants that may appear.

As Webroot sees every new executable file introduced on systems where Webroot SecureAnywhere is installed, we get rapid insight into all types of new malware.  This allows us to quickly create and/or improve upon our best-in-class detection mechanisms for zero day threats.

Ransomware attacks continue to spread around the world this weekend, after the initial damage inflicted on healthcare organizations in Europe on Friday.

The criminals responsible for exploiting the Eternal Blue flaw haven’t yet been identified, but up to 100 countries have hit with WannaCry ransomware, with Russia, Ukraine and Taiwan among the top targets.

The ransomware first appeared in March, and is using the NSA 0-day Eternal Blue and Double Pulsar exploits first made available earlier this year by a group called the Shadow Brokers.  The initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the WannaCry infection.  The worm-like Eternal Blue can exploit a flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution.  This flaw was patched in Microsoft’s March 2017 update cycle, but many organizations had not run the patch or were using unsupported legacy technology like XP.

What’s New

Today, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, including XP and Server 2003.

Overnight and today, it has become clear that a  kill switch was included in the code.  When it detects a specific web domain exists—created earlier today—it halts the spread of malware.  You can learn more at The Register.

As a Webroot customer, are you protected?  YES.

Webroot SecureAnywhere  does currently protect you from WannaCry ransomware.

In simple terms, although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before.  It’s the advanced delivery mechanism that has unfortunately caught many organizations off guard.

In addition to deploying Webroot SecureAnywhere as part of a strong endpoint protection strategy, it is essential you continue to keep your systems up-to-date on the latest software versions, and invest in user education on the dangers of phishing, ransomware, social engineering and other common attack vectors.

If you have any questions about your Webroot deployment, reach out to our Support Team now.

And, if you are not a Webroot customer, we encourage you to trial Webroot SecureAnywhere now.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

UK Dating Site Exposes User Info

Recently, users of the UK-based dating site, Soulmates, reported receiving explicit emails that contained info available on their dating profiles. After what appeared to be a third-party data leak, Soulmates revealed that both usernames and corresponding email addresses had been compromised. Soulmates has since confirmed that the cause of the leak has been resolved, but declined to provide further detail.

Dangerous Microsoft Security Bug Found

In the past week, a Google researcher discovered a bug in the Microsoft® Windows Defender that exploits the program’s high-level permissions to cause chaos on the system—without the user having to take any action. The bug occurred when Windows Defender scanned a malicious email, which then enabled the remote code execution to further take control of the affected device. Fortunately, Microsoft releases automatic updates, so this should be resolved for most systems, or will be soon.

Ireland Falls Victim to Multiple Email Scams

In recent weeks, thousands of Irish citizens have received scam emails from Tesco Bank and Bank of Ireland, all requesting that they confirm personal information via a link to the site’s login page. (As if we needed yet another reason to avoid links in emails…) Recognizing that many users will be savvy enough to delete the obvious phishing attempt without clicking the link, attackers are likely measuring success based solely on the relatively small percentage of recipients who fall for the scam.

Healthcare Providers Leave Medical Records Accessible to All

Researchers have recently uncovered a flaw in several healthcare providers’ websites, which allows any user to view the medical records of other patients. By logging into one site, the researcher was able to successfully load another patient’s records by simply changing a single digit in the PDF download link. Another site allowed users to view records without a login that would verify their identity.

SS7, Major Security Flaw in International Telecomm

For years now, researchers have been documenting flaws inherent in SS7, the signal protocol that allows 800+ telecomm service providers to work together efficiently. By taking control of a rogue telecomm company, attackers have been able to successfully reroute incoming messages and calls to a compromised device to monitor activity. SS7 has also been blamed for multiple other security incidents over the years, from device tracking to full internet usage and communication monitoring.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Apple Threatens to Remove Uber App

In recent weeks, Apple has threatened to remove Uber from its App Store after a New York Times article revealed the app was tracking iPhones, even after having been uninstalled. Uber’s response was that the tracking was implemented to identify fraudulent trips and ensure untrustworthy users were blocked from the service, though this type of monitoring is expressly forbidden by Apple. While the issue has only been spotted on iOS® devices so far, it’s possible that Android® devices are also being tracked.

List of IoT Medical Devices Grows, Along with the List of Threats

Many of us may remember hearing that internet-connected pacemakers were potentially susceptible to cyberattacks. Now, several imaging sensors, prosthetics, and other connected medical devices, which are either currently available or in production, don’t appear to have proper security precautions. In addition to the possibility that these devices could be accessed remotely, there’s also a chance they could be used to steal any personal medical data they record.

Chipotle Payment Processing Systems Compromised

In the last week, Chipotle’s CFO released a statement about unauthorized activity on their internal payment processing network. While it appears their security measures did stop the attack, the company is working with its payment processor to monitor customer accounts for any suspicious activity over the 3-week period in which the breach occurred.

Mole Ransomware Brings Two Forms of Encryption

As ransomware continues to evolve, the tactics to ensure a successful attack have improved right along with them. With the Mole variant, criminals use RC4 encryption and RSA for decryption, leaving victims with no way to decrypt their files or even tell them apart. The infection begins by executing a javascript file that pretends to be a Flash update, then changes all file extensions to .MOLE. It finishes by scrambling all of the filenames with hexadecimal values.

FalseGuide Android Malware Reaches 2 Million Victims

In a recent study, researchers discovered the prevalent Android malware FalseGuide has affected over 2 million individual devices. The malware proliferates by disguising itself as game guides for dozens of popular mobile games, and, after being installed, requests admin privileges to remove any options for the user to delete the app. After gaining admin access, the malware registers itself on a cloud messaging service to receive remote commands.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Neiman Marcus Breach Bigger than Initially Believed

Following the 2015 Neiman Marcus breach, the company only recently disclosed that the impact is far greater than originally believed. The latest findings come on the heels of a January attack that copied the original 2015 hack, during which the information for over 350,000 unique credit cards was compromised. The recent attack exposed an unknown quantity of user’s data, though it focused more on the company’s loyalty card program, InCircle.

Chinese Video Service Accounts for Sale on Dark Web

As the list of data breaches continues to grow, several prominent Chinese companies have seen massive breaches, reaching well into the hundreds of millions range as far as individual accounts affected. Recently, a database belonging to Chinese streaming service Youku was found for sale on the Dark Web for a paltry $300. The database contains the usernames and passwords for nearly 100 million users, most of which have already been decrypted or even found in multiple, previously leaked databases.

Ransomware-as-a-Service, Surprisingly Affordable

The newest trend taking the malware world by storm: cheap ransomware-as-a-service that comes with a user-friendly dashboard, so launching a ransomware campaign is now easier than ever. For the low, low price of $175, aspiring cybercriminals gain access to a fully customizable interface to monitor the infections from start to end. Fortunately for potential victims of this particular variant family, security researchers have been successful in creating decryption keys to remove the malware for free.

Indian Hackers Strike at Snapchat over CEO Comments

In another case of cybercriminals turned hacktivisits, attacks have been launched following a PR nightmare in which Snapchat’s CEO allegedly made comments that the Snapchat platform is meant for “rich people”, not for “poor countries” like India. The hackers claim to have stolen user data for over 1.7 million accounts, though Snapchat has yet to confirm that any leak actually occurred.

International Hotels Group Finds Malware in Payment Systems

Following an investigation that began in the second half of 2016, officials for the International Hotels Group have confirmed that multiple locations had suffered significant credit card breaches. Even more worrisome is that the latest breach was only discovered by the card providers monitoring suspicious activity on the accounts, which suggests that the IHG’s internal security measures aren’t up to snuff.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Microsoft Patches Critical Zero-day Vulnerability

On Tuesday of this week, Microsoft released a patch for a relatively unknown zero-day vulnerability that allowed attackers to distribute malware through malicious Word documents. Opening the infected document allows it to contact a remote server to begin downloading malware to a victim’s system via a script file embedded in the document. While the Microsoft patch does resolve the issue, we still encourage you to use caution when opening any documents attached to emails, even if they appear to be from a trusted sender.

Legit IRS Online Tool Used Illegitimately

In the past few months, investigators have been looking into some fraudulent activity that was occurring in their Data Retrieval Tool. By using the tool as intended, criminals were able to impersonate legitimate users to begin a tax return form and access that user’s data, thereby creating fraudulent returns. From the initial investigation, it appears nearly 100,000 different user accounts have been tied to this method of identity theft. The scam itself has cost the IRS over $30 million.

Sneaky CIA Malware Uses Pop Culture References

When the Wikileaks Vault 7 post revealed numerous spying tools from a CIA dump, many researchers began digging through the treasure trove of information. Researchers at Kaspersky Lab found several malware programs with code referencing Star Trek, Flash Gordon, and other recent pop culture icons. The malware in question has been linked to a long-standing malware campaign that hit multiple targets across Europe and Asia.

Ex-Employee Hacks Hotel System, Slashes Room Rates

Ever daydream about getting back at a bad boss? One NYC Marriott hotel found itself on the receiving end of a disgruntled ex-employee’s revenge. A few weeks after being fired from his job, Juan Rodriguez hacked into the hotel’s reservation systems and cut prices down by up to 95%, costing Marriott over $50,000 before the intrusion was discovered. Unfortunately for Juan, while he was smart enough to infiltrate their network, he forgot to mask his own IP, which led authorities straight to his apartment.

Patient Records Available Online

As prices for medications and health treatment continue to rise, a lot of people are looking for cheaper ways to obtain prescriptions and services. Unfortunately, this leads to increased risk, particularly in the case of elderly citizens on a fixed income. Recently, a researcher found a database with the medical and personal records for nearly 1 million senior citizens, freely available to the public. But the database in question didn’t belong to a healthcare facility. Instead, it was owned by a telemarketing firm who had gathered a large quantity of sensitive information on the promise of providing cheaper deals on medication.

When you meet Gary Hayslip, don’t let his calm demeanor fool you — underneath is a deep passion for and understanding of the “Internet of Everything” or IoE. To say his 25-year career in information security is impressive would be an understatement. From serving as Command Information Security Officer in the United States Navy to his more recent position as the City of San Diego CISO and deputy director, Gary has become attuned to the ever-evolving role of a CISO in organizations.

As I chatted with him across a boardroom table, I began to picture how IoE has the potential to create abundant opportunity and new risks. Imagine this: smart parking meters making your urban commute easier. Communications between your car’s GPS and parking meters in the vicinity help you find a vacant spot and pay the meter all from an app on your phone. Now imagine the adverse — a powerful DDoS attack using those same smart parking meters to send a flood of communications to an area internet service provider, overloading its network bandwidth, and debilitating internet service for its customers. It can be scary to think about.

According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices.” For the record, this is why more organizations need the Gary’s of the world.

I caught up with Gary at the Webroot World Headquarters in Broomfield, Colorado, to talk about his decision to join Webroot, his views on IoT, and more.

Webroot: What made you decide to join the Webroot team?

Gary Hayslip: I had been working in the IoT and cybersecurity space around smart cities and smart communities for a while when I came across Webroot. Seeing the Webroot FlowScape® capabilities coupled with how their product suite leverages the power of machine learning to predict and protect against threats in the connected world we live in had me sold. At the end of the day, a forward-leaning company that can offer Webroot’s level of protection to both consumers and partners intrigues me.

Webroot: As an InfoSec leader, what will be your main area of focus at Webroot?

GH: To me, cybersecurity is a business critical function. The Office of the CISO provides enterprise risk management through current state assessments and forecasting. Ultimately, our consistent question to solve is “how can we better support departments across the organization?” I think I’ll bring a unique point-of-view to that question considering I was recently a customer. Along those lines, my insight from the customer point of view will offer an advantage with product strategy to reduce the risk for customers.  As Webroot grows, I want to ensure the programs and strategies my teams create are flexible enough to grow alongside the company.

Webroot: What opportunity do you think Webroot can fill in the market?

GH: I see a significant amount of movement in getting IoT devices to market, but not a lot of readiness to make sure these devices can be scanned, monitored, or protected. FlowScape bridges the gap and allows you to see the devices communicating within your networks and gives context around what devices are doing. The Webroot product portfolio truly does protect users across devices, networks, and perimeters.  Delivering comprehensive security solutions that detect, defend, and provide analysis to businesses and individuals is our sweet spot.

Webroot: What difference do you want to make in your new role?

GH: The biggest thing for me is making a resilient program ever better. Cybersecurity is a life cycle and breaches are part of that life cycle. It’s never lost on me that threats are constantly emerging and evolving. It’s only fitting for a best-in-industry organization to meet the threats where they live with constant preparation.

In addition to sitting on numerous boards and being an active member of ISSA, ISACA, OWASP, and InfraGard, Gary holds the certifications of CISSP, CISA, and CRISC. Be sure to check out his book CISO Desk Reference Guide.

Raise your hand if you’ve ever received a call from a company, unsolicited, that got aggressive? Maybe the caller wouldn’t hang up or kept calling back. Maybe the caller asked for money or made a threat. Regardless, you were upset. But when you alerted the company of the bad deed, they gave you some line about phone “spoofing.” Your gut reaction might have been to call BS. But it’s not. Phone spoofing remains a thorn in the side of many consumers across America. According to an online survey conducted by Harris Poll for Truecaller, roughly 27 million Americans reported losing money to phone scams over the last 12 months, a 53 percent increase from 2014.

Phishing has evolved. Learn all the ways hackers are angling for your data with our 11 Types of Phishing eBook.

At Webroot, we’ve heard from our customers they’ve been targets of phone scammers and we want to help educate our community.

We encourage our customers to steer clear from doing business with any callers claiming to be

• tech support and requesting access to your computer to “fix a problem” and charge you;
• Webroot and trying to sell you a lifetime SecureAnywhere subscription

Webroot teammates DO NOT make unsolicited outbound calls to customers. If you have been a victim of such callers purporting to be Webroot, file a complaint with the FCC. The FCC collects data to track down and prosecute scammers. (Anyone who is illegally spoofing can face penalties of up to $10,000 for each violation.)

What is Phone Spoofing?

Phone spoofing is when a scammer makes another person’s or company’s phone number appear on the receiver’s caller ID in an attempt to impersonate that individual or organization. The end goal is to gain access to your personal information and/or get you to pay for a fake service.

How can I protect myself from phone spoofers?

As a consumer, you have rights and options.

• If a number repeatedly calls and doesn’t leave a message, block it.
• If you do pick up and it seems like a bogus call, hang up immediately. However, you may find yourself on the other end of a questionable conversation. In this case, place the caller on hold and call their incoming number. If someone picks up on the other end from the company, ask whether or not the person on hold is calling on their behalf. The key is not to share any personal information.
• Finally, educate your community. Help others in your life understand what phone spoofing is and how to protect themselves. You wouldn’t use a third party to call if you were stuck in Nigeria and needed a loan! Discuss scams you’ve received and how you handled with friends, so they are aware of the scenario and the appropriate actions to take. We’ve also provided resources to help you navigate keeping yourself safe..

How to stop phone spoofing

The government and telecom industry are working together to put a stop to spoofing. The Truth in Caller ID Act, passed in 2009, prohibits any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value. Also, the tech and telecom industries are working on solutions. Similar to our antivirus solutions for email and internet safety, there may soon be better anti-spoofing protections for voice.

Americans receive 15.8 spam calls (cell and/or landline) and 6.3 spam text messages in an average month. Until a complete solution is found, remain vigilant about protecting your personal information.