.png)
Protecting Our Clients with Richter Guardian
A client fell victim to an Apple Support impersonation scam after a pop-up and remote access. See how Richter Guardian onboarded her, secured her devices, and restored her peace of mind.
PetSmart Warns Customers of Credential Stuffing Attack
INTRODUCTION
PetSmart, a pet retail giant in the United States, is alerting certain customers about password resets resulting from an ongoing credential stuffing attack attempting to breach existing accounts. The company released a statement on March 6 to let customers know about the credential stuffing attack.
As a precaution, PetSmart reset the passwords for any accounts logged in during the credential stuffing attack. Additionally, they reassured customers that there was no evidence of compromise to petsmart.com or any of their systems during the incident.
WHAT IS CREDENTIAL STUFFING?
A credential stuffing attack is a type of cyber-attack in which threat actors use previously acquired usernames and passwords, typically obtained from data breaches, to gain unauthorized access to user accounts on various online platforms.
Threat actors usually automate the process of trying these login credentials across multiple websites and services. Threat actors are cognizant of the fact that people commonly reuse passwords across various accounts, making them even more inclined to exploit this widespread behavior.
HOW TO PROTECT YOURSELF AGAINST CREDENTIAL STUFFING ATTACKS
Although cyber breaches may be unavoidable, you can still prevent breached details from being used on other websites or services by taking the following precautions:
- Use Unique Passwords For Each Account – Minimize the impact if one account is compromised.
- Enable Multi-Factor Authentication (MFA) – Implement MFA wherever possible to add an additional layer of security.
- Update Outdated Passwords – Change your passwords periodically, especially for critical accounts like email, banking, and social media.
- Limit Access – Only use trusted devices and networks to access sensitive accounts. Avoid logging in from public computers or unsecured Wi-Fi networks to access sensitive accounts. Ensure that you are not saving your credentials on a public computer.
HOW RICHTER GUARDIAN CAN HELP YOU
- Our dark web monitoring platform can identify compromised credentials linked to your personal and work email addresses. We’ll also provide guidance on improving your password practices.
- Call us or send us an email at: +1 844-908-3950 or support@richterguardian.com if you are unsure. Connect with our cyber concierge to verify the legitimacy of a situation.
Share this post
Security advisories
%20(1).png)
Protect your digital life by detecting risks before they escalate
Richter Guardian gives you enterprise-level cybersecurity tailored for individuals, families, and executives.
24/7 monitoring & threat intelligence
Identity theft & impersonation detection
Fast incident recovery & expert guidance
Blog
Related posts
The Challenge
In our modern digital landscape, cybersecurity threats are an equal-opportunity challenge that can impact anyone, anywhere. As our world becomes more interconnected through technology, it’s crucial to recognize that cybersecurity isn’t just a concern for tech experts; it’s a shared responsibility that affects us all.
In one such case, a client found herself facing a daunting cybersecurity challenge. While browsing the internet, she received a pop-up message claiming that her computer was compromised by a virus. The message instructed her to call a specific number, which were impersonating Apple Support. Unfortunately, she fell victim to this scam, leading to a compromise of her computer.
The root cause analysis suggests that her computer might have been compromised during the installation of browser filters to block ads, where cybercriminals took possession of her computer system for 45 minutes. The client was distressed upon receiving a fraudulent invoice, wondering how this happened to her. This case study highlights the importance of cybersecurity and how Richter Guardian can offer a solution.
The Solution
Richter Guardian, a comprehensive cybersecurity service offered by Richter, was instrumental in addressing this client’s situation. When the client reached out to Richter, our team quickly assessed the situation and took immediate action.
First, we onboarded the client to the Richter Guardian service, which includes social media protection, endpoint protection for devices (laptops, desktops, and mobile devices), and monitoring for compromised credentials on the dark web. This multi-layered approach ensured comprehensive protection for the client.
In addition to onboarding the client to Richter Guardian, we conducted a thorough analysis of her compromised computer. We also extended the protection to her mobile devices, ensuring her entire digital presence was safeguarded.
Furthermore, we educated the client on cybersecurity best practices, including the importance of strong, unique passwords and the use of two-factor authentication. We worked closely with her to ensure that her online accounts and data remained secure.
The Result
The results of our intervention were significant. The client experienced several benefits from our Richter Guardian service:
Peace of Mind: The client no longer felt vulnerable to cyber threats. She gained confidence in her ability to navigate the digital landscape safely.
Device and Data Protection: All her devices, including her compromised computer, were fortified against potential threats. Her sensitive data was secure, and she no longer worried about cyberattacks.
Reputation Protection: Richter Guardian helped protect her online reputation by proactively monitoring for impersonation attempts and taking swift action to remove any fraudulent accounts.
Educational Insights: The client received valuable insights and recommendations to enhance her cybersecurity awareness. She learned how to recognize potential threats and avoid falling victim to scams in the future.
23andMe User Data Stolen in Credential Stuffing Attack
23andMe confirmed customer data was exposed via credential stuffing and the DNA Relatives feature. We explain how it happened and how to secure your account and check for breached credentials.
Introduction
The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).
How the Attack Happened
The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.
A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.
The number of accounts affected has not been released or disclosed by 23andMe.
If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.
How to Stay Safe
- Reset All Passwords – If you have the bad habit of reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.
- Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.
How Richter Guardian can help you
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:
- Our platform can determine compromised credentials through comprehensive dark web monitoring.
- Call us or send us an email at: +1 844-908-3950 or support@richterguardian.com if you are unsure about a situation.
Sources
- “Addressing Data Security Concerns”. 23andMe. 2023 October 6. Retrieved 10 October 2023.
Check-In Safely – Phishing Campaigns Target Hotels and Travel Agencies
Cybercriminals are targeting hotels and travel agencies with social engineering, then using compromised systems to phish customers. Learn the attack chain and how to stay safe when you travel.
Introduction
The tourism industry is crawling back to pre-pandemic numbers thanks to travel and lockdown restrictions being lifted globally. Unfortunately, cybercriminals have also come up with a new and sophisticated campaign to breach the systems of booking sites, hotels, and travel agencies. Subsequently, the cybercriminals use the systems of the compromised hotel or travel agency to send phishing emails to existing customers.
Summary of Hotel and Travel Agency Phishing Scam
- The Entry Point – The campaign starts with the threat actor inquiring about a reservation with the hotel or travel agency. Upon booking the stay, the threat actor uses ‘advanced social-engineering techniques’ to inquire about specific or special accommodations.
- Tricking Employees – After establishing a sense of urgency with the hotel employee, the threat actor sends over a URL via email, which supposedly contains crucial documents relevant to their accommodations. The URL provided directs the hotel employee to a genuine hosting site (Google Drive, Dropbox, etc.) and the hotel employee downloads an archive file thinking that it contains important documents.
- Malicious Executables – The archive file that was downloaded by the hotel employee contained malicious executables (malware) that would infiltrate the hotel employee’s computer. From there, the malware operates stealthily to capture login credentials, financial information, and other sensitive data without the hotel employees being aware.
- New Target – Once threat actors have successfully compromised the hotel’s system, the threat actors can move onto using the hotel’s communication channel to target legitimate customers.
- Phishing – The threat actors can now send phishing messages disguised as legitimate requests from the compromised hotel or travel agency. The phishing messages will ask for additional credit card verification from the customer. Since the message comes directly from the booking site through a legitimate communication channel, the customer has no reason to doubt the legitimacy of the email.
How to Stay Safe
- Avoid Clicking on Unsolicited Links – Always be skeptical of unsolicited links, even when they originate from a trusted source. Check URLs for any indicators of deception.
- Take Your Time – Threat actors, phishing emails, and sketchy requests for payments will typically call for immediate action. Take your time to discern any emails that require you to transfer sensitive information.
- Trust Your Instincts – If you are suspicious about a suspicious email, call the hotel or travel agency directly to confirm that the communication is indeed legitimate.
How Richter Guardian can help you
Richter Guardian can help you navigate complex phishing scams:
- Your onboarded mobile and endpoint devices are protected; the protection service can detect suspicious links and will work to block insecure websites.
- Call us or send us an email at: +1 844-908-3950 or support@richterguardian.com if you are unsure about an email or situation. Call us to help you determine the legitimacy of their communication.