Advantex Weekly Threat Report – October 26th, 2020

A round-up of the latest cybersecurity threats and vulnerabilities online.

In this weeks report, we reveal all on the Trump Twitter hack, how thousands of Nando’s customers’ accounts have been breached and how hackers have targeted M&S CEO Steve Rowe in a voucher scam!

This report is aggregated from recent open source reports online.

 


 

Trump’s Twitter Hacked, Again

The President of the United States, Donald Trump has been hacked on Twitter once again.

Dutch security researcher and ethical hacker, Victor Gevers told Dutch newspaper de Volkskrant that he managed to gain access to the US President’s personal Twitter account last week.

Twitter claims there is no evidence to say the hack was true, but Gevers took screenshots logged in to the account to prove authenticity and went on to claim this isn’t the first time he has hacked the President.

Back in 2016 Gevers also claims he hacked Trump’s Twitter account along with two other hackers, highlighting that nobody is safe, not even the President of the United States!

 


 

Hackers Impersonate M&S CEO in Voucher Scam

Last week, cybercriminals took to social media in a scam that impersonated the CEO of one of the UK’s biggest retail stores in order to capture the personal data and financial details of victims online.

Sponsored ads went viral as gullible and unsuspecting social media users clicked and shared the posts – putting millions of users at risk.

Ads claiming to be from M&S CEO, Steve Rowe holding branded bags promoting a giveaway to anyone who shares and comments on the post to celebrate their 135th anniversary.

The mystery bags were said to include a £35 voucher and other M&S goodies and all you had to do was fill in the form accessed by the attached URL.

However, the URL took users to a fake M&S branded landing page where it asked for name, address, contact details and even bank details. Scary stuff.

It’s not clear how many people actually did fill in the form, but early reports indicate 150 people have been identified as a victim of this scam.

M&S also released a public statement rubbishing the social posts and said: “We have been made aware of this and it isn’t genuine, our colleagues are investigating further.”.

As always, our advice would be, approach everything online with caution, and if it looks too good to be true, then it generally is.

 


 

Nando’s Accounts Hacked

It’s reported that an unspecified number of Nando’s customers have had their online accounts hacked, allowing cybercriminals to place orders costing thousands of pounds.

Nando’s have come out and confirmed their IT systems have not been hacked, however, a number of individual accounts have been accessed by cybercriminals online.

Credential stuffing is said to be the method of attack, this is where an already leaked email address and password is used on other websites in the hope of gaining access, and in this case, they have been successful.

One customer took to social media to complain and said they had lost £670 because of the breach. That’s a lot of chicken!

Nando’s has since said they will work with authorities to help investigate the breaches and will refund the affected accounts immediately.

 


 

Don’t get caught out, protect your users, data, and technology!

 

FREE 14-Day Trial

Advanced Cybersecurity Technologies Logo

With Advantex’s ACT suite, we can educate, protect and restore your business from any vulnerabilities online – giving you maximum protection and ultimately empowering you and your workforce into making better and safer day-to-day decisions online.

Send us your details below and we’ll get you started on your FREE no-obligation trial of the Advantex ACT suite.

Don’t take the risk, get in touch today!