Indica Records Zip File Phishing Spam Of The Day

Over the last couple of years, I have received several spammy emails appearing to be sent from a record label employee asking me to open a zip file with my name on it, or a Word doc where I need to activate macros.

Today the cyber-fraudster has replaced their name with a bogus email address to hide the actual email address. When isolating the contact, you can see that the domain of the originating email has nothing to do with Indica Records. The ljcvelmonte.cl is likely a domain from South America set up for the purpose of stealing data or attempting ransom.

India Ends Twitter’s Immunity For 3rd Party Content

Section 79 of India’s IT Act appears to be the equivalent of s.230, Communications Decency Act. The provision protects online service providers from liability flowing from unlawful content posted on their platforms. Twitter is so far the only American platform to have lost this safe-harbor in India.

https://timesofindia.indiatimes.com/business/india-business/twitter-loses-legal-shield-in-india-for-3rd-party-content

What Is A Honeypot?

The latest buzzword in cybersecurity sounds delicious but it is also a preventive mechanism against hacking and can save time and resources in forensic analysis of cyber-breaches.

Honeypots are hacker traps and they come in many forms and sizes adapted to your needs. Our tech expert Roman Blake is developing a comprehensive guide for creators and small businesses on how the strategic deployment of honeypots can place you many steps ahead of potential hackers. I am looking forward to this collaboration.

In the meantime I recommend the following draft: https://cybersecuritynews.com/what-is-a-honeypot/

Desjardins Phishing Cyberfraud Of The Day

The consequences of yesterday’s data dump begin materializing. I just received an email from “Desjardins” asking me to re-activate my account due to a connection error during my last login attempt.

I specifically isolated the url link to see how it behaves, so I can report it to the RCMP. Desjardins surprisingly doesn’t give you a way to report fraud if you are not already prejudiced as a victim (i.e. when it is too late). The whole point is not to become a victim as it can be a tremendous waste of time and you may never recover.

As expected, the phishing link redirects three of four times from the initial URL (I won’t include url’s here) until it lands on a page posing as a mirror of Desjardins’ connection page.

This tactic was very popular until 2019 on Tor markets for the purpose of stealing cryptowallets. However, Tor offered anonymity and encryption safeguards against cyberfraud, which is not the case when banks leak your data.

This is how the REAL Desjardins page looks as of this morning. The only difference is the URL address.

I can’t post the content of the phishing email because it appears encrypted on pasting.

To access the anti-fraud reporting center of the RCMP, you must log in through your GC code or government sign-in through a partner (kind of cringy when the partner is Desjardins)

https://antifraudcentre-centreantifraude.ca/report-signalez-fra.htm

https://antifraudcentre-centreantifraude.ca/report-signalez-eng.htm

8.5 Billion Passwords Leaked On Hacker Forum

A massive 100GB TXT file that contains 8.4 billion entries of compromised passwords found its way on a popular hacker forum. The leaked password compilation is dubbed RockYou2021 and has presumably been built from previous data leaks and breaches. This is the time to change passwords.

What to do if your password was leaked?

If you suspect that one or more of your passwords may have been included in the RockYou2021 collection, we recommend taking the following steps in order to secure your data and avoid potential harm from threat actors:

  • Use a personal data leak checker and leaked password checker to see if your data has been leaked in this or other breaches.
  • If your data has been compromised, make sure to change your passwords across your online accounts. You can easily generate complex passwords with a strong password generator or consider using a password manager.
  • Enable two-factor authentication (2FA) on all of your online accounts.
  • Watch out for incoming spam emails, unsolicited texts, and phishing messages. Don’t click on anything that seems suspicious, including emails and texts from senders you don’t recognize.

https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/

The previous largest ever mega-leak of passwords happened 4 months ago and involved 3.2 billion of email and password pairs.

Florida Adopts Anti-Censorship Bill, First Of Its Kind

Legislative reform in non-Canadian jurisdictions is always useful to inform our choices going forward with our own reforms. Technology transcends jurisdictions, but mostly depends on US laws even when its reach is beyond the USA.

Technology is currently under-regulated, and moves faster than the courts. Any legislative attempt at reducing Big Tech’s power and editorial control over users content is very welcome. Initially, section 230 (Communication Decency Act) meant to do just that, but it has been largely abused by social media platforms and emptied of its substance.

The Florida legislation is to take effect on July 1, 2021 and provides anti-deplatforming safeguards and enhanced data protection mechanisms.

In a nutshell, under SB7072 all Floridians treated unfairly by Big Tech platforms will have the right to sue companies that violate this law — and win monetary damages. This reform safeguards the rights of every Floridian by requiring social media companies to be transparent about their content moderation practices and give users proper notice of changes to those policies, which prevents Big Tech bureaucrats from “moving the goalposts” to silence viewpoints they don’t like.

The Attorney General of Florida can bring action against technology companies that violate this law, under Florida’s Unfair and Deceptive Trade Practices Act. If social media platforms are found to have violated antitrust law, they will be restricted from contracting with any public entity.

Big Tech is prohibited from de-platforming Floridian political candidates. The Florida Election Commission will impose fines of $250,000 per day on any social media company that de-platforms any candidate for statewide office, and $25,000 per day for de-platforming candidates for non-statewide offices. The right to block unwanted users (including candidates) belongs to Floridians and is no longer up to Big Tech in that state.

Cybersecurity And Vaccine Passports

Since the start of the pandemic, most organizations reported an increase in targeted cyberattacks. Now, with the end of the pandemic in sight, cybersecurity teams face another potential headache — the vaccine passport.

Cybercriminals have begun developing strategies to deploy large scale vaccination specific-identity theft, security breaches and personal data “leaks”. Other concerns are fake QR codes sold on dark markets.

https://www.forbes.com/sites/forbestechcouncil/2021/05/21/cybersecurity-and-the-vaccine-passport-a-dream-ticket-or-a-flight-of-fancy/

California: Citizen App Sparks Manhunt For The Wrong Suspect

Algorithmic bias meets our worst nightmare. The On Air feature of the Citizen crime alert app triggered a public manhunt for a man wrongfully accused to have started a wildfire in Los Angeles. A reward was offered for app users to find him. It turned out that the man was innocent.

https://www.foxla.com/news/citizen-app-sets-off-manhunt-for-man-falsely-accused-of-starting-palisades-fire