Tag: fraud

Categories
Mobile Syrup

Aeroplan hack causes two Ontarians to lose years worth of loyalty points

Two men from Ontario found themselves without their Aeroplan loyalty points after their accounts were hacked by thieves who redeemed the points for gift cards.

The two men, Richard Chen and Ritwik Ray had both been collecting loyalty points from the company for years, with Chen revealing that he lost 150,000 points when they were taken from his account.

Aeroplan was acquired by Air Canada in early 2019, with the airline company saying that weak passwords are partially at fault for the breaches. Air Canada also said clients caught in phishing schemes contributed to the account hacks.

A spokesperson for Air Canada has said that the company has looked into the issue and has confirmed that both customers were victims of fraud.

The company has gone on to say that they continually remind its clients of safety protocols to protect them from instances of fraud, including the importance of updating passwords.

“Whenever possible ensure Multi-Factor Authentication is enabled on your online accounts. Passwords should never be the same for multiple services and customers should ensure the password being used is strong and not easy to guess,” a spokesperson for Air Canada told CTV News.

Air Canada has confirmed that the fraudulently redeemed points have been returned to the affected customers.

Via: CTV News Toronto

Categories
Mobile Syrup

‘The Language of Fraud’ is contributing to scams in Canada

Digital scams are more common than ever, and language has played an important role in popularizing them.

According to a recent analysis by Visa, fraudsters create messages that take advantage of people trusting “too-good-to-be-true texts and emails.”

Visa surveyed 6,000 adults from various countries, including Canada, Germany, and France.

The analysis found Canadians are more confident than those surveyed globally about recognizing scams; 58 percent of Canadians believe they know about fraudulent behaviours and can spot a scam, compared to 48 percent globally. But that doesn’t mean they aren’t vulnerable, and “The Language of Fraud,” as Visa calls it, plays a big role.

The analysis found 59 percent of Canadians respond to common phrases scammers use. For example, texts or emails containing “urgent,” “action required,” or “positive news” phrases typically receive a response. A further 35 percent of surveyed Canadians said they’ve fallen for a scam on more than one occasion.

“A turn of phrase can turn a simple click into a breach of personal information,” Visa said.

Image credit: Visa

But digital scams aren’t the only thing people need to be wary of.

Businesses also need to be aware of fraudulent activity. According to Moneris, a Canadian finance tech company, fraud cases have increased by nearly 30 percent since businesses have resumed regular activity following pandemic restrictions. Figures are based on fraud cases Moneris has investigated.

Nearly half of these incidents come from the card-not-present category. These transactions relate to remote orders that don’t involve payment cards being used through payment terminals.

Chargeback fraud is another important category. In this instance, a fraudulent transaction leads the scammer to get their money back after they dispute a charge on their payment card.

There are various actions Canadians can take to keep themselves and their businesses safe. Visa recommends Canadians update their password regularly and avoid clicking on links in unsolicited messages. Moneris warns businesses to protect their payment terminals and to review their transactions for suspicious activity regularly.

Image credit: Shutterstock 

Source: Visa, Moneris

Categories
Mobile Syrup

Indigo employees face data breach due to ransomware attack on website

As a result of a ransomware attack on the website of Indigo Books & Music Inc., current and former employees are facing a major data breach. It’s being reported by The Globe and Mail that personal data, including social insurance numbers, home addresses, banking information, and more, have been compromised.

On Thursday, Indigo president Andrea Limbardi sent a memo to staff regarding the data breach. “We recently learned that your personal information may have been acquired by an unauthorized third party between Jan. 16, 2023, and Feb. 8, 2023,” the memo states. As seen by The Globe and Mail, the memo continues to state, “We know this may be concerning news to receive and are deeply sorry for this breach of your information.”

Current and former employees of Canada’s largest bookstore now have to worry about possible identity theft and/or fraud. The data breach appears to have also compromised emails, phone numbers, full addresses, birth dates, and banking information. Further, direct deposit information and individual bank and branch numbers are at risk.

“You should consider contacting your local police and visit the Canadian Anti-Fraud Centre for support,” Limbardi informs staff. “You should also review the RCMP’s Identity Theft and Identity Fraud Victim Assistance Guide for steps you can take.”

Earlier this month, Indigo suffered a fairly significant breach. The company clarified that the “cybersecurity incident” created a number of hiccups for those attempting to access bookstores and online purchases at the time. However, Indigo was quick to reveal that customer information wasn’t compromised. Additionally, the company’s Plum points reward system remains unaffected.

Within the memo, Indigo tells employees that it plans to support employees with “additional assurance and protection.” The company will be working with TransUnion. It’s said the agency with notify staff of any “critical changes” to their credit scores. Additionally, Indigo is setting staff up with a two-year subscription to TransUnion myTrueIdentity “at no cost.”

Image credit: Shutterstock

Source: The Globe and Mail

Categories
Mobile Syrup

Apple reports App Store stopped nearly $1.5 billion in fraudulent transactions in 2021

Apple announced that the App Store prevented nearly $1.5 billion USD (about $1.894 million CAD) in fraud activity throughout 2021. The company attributes its App Review process as being a key facet in this accomplishment.

Last year, Apple’s App Review prevented over 1.6 million untrustworthy apps and app updates from defrauding users. Apple has been continuously building its fraud prevention system. As such, in 2021, Apple released its first fraud prevention analysis, showing it protected customers from more than $1.5 billion in potentially fraudulent transactions in 2020. As a now-annual update, the company reports it accomplished the same in 2021.

Apple’s App Review combines computer automation with manual human review. This system utilizes proprietary tools with machine learning and heuristics. The process also takes advantage of data Apple accumulated since the 2008 launch of the App Store.

The company also takes advantage of the App Review human team. This sector reviews every app and every update in order to ensure they follow the intricate App Store guidelines. These guidelines relate to privacy, spam, and user security.

Based on the new outline of Apple’s App Review, the company assisted over 107,000 developers to get their apps on the App Store. Over 835,000 new apps and 805,000 app updates were rejected, however. These were declined by Apple due to a range of reasons. Though, Apple does state that any developer who feels their app was incorrectly flagged can file an appeal with the App Review Board.

There were a minor amount of rejections made for more potentially harmful violations. Apple confirms that in 2021, 34,500 apps were rejected for containing hidden and undocumented features. 157,000 app rejections were made for spammy, user manipulation, or misleading components.

Apple removes any developer found to be misleading users or conducting fraudulent activity from the Apple Developer Program. The Developer Code states that the company requires developers to represent their app accurately and honestly on the App Store. Apple commits to deactivating fraudulent customer accounts too. In 2021, the company banned over 170 million customer accounts due to fraud and abusive activity.

Apple’s App Store guidelines have faced criticism in the past. Developers have voiced their opinions in the past on how guideline regulations may deter competition. However, in the scope of fraud prevention, the App Review seemingly is able to help both developers and users alike.

Image credit: Apple

Source: Apple

Categories
Mobile Syrup

Google expands options to remove personal information from search results

On request, Google will now remove personal information, including addresses and phone numbers, that show up in search results.

According to a blog post, the tech giant is expanding its existing request process that features removing identifiable information used in cases of doxxing and fraud. That information included banking details, credit card numbers, and social security numbers.

The expanded policy also allows other personal information to be removed, such as email addresses and log-in credentials.

Google will evaluate all requests to ensure it doesn’t limit widely helpful information, such as details available in news articles. The tech giant also won’t remove information if it’s a part of the public record on government websites or other official sources.

But Google removing the information doesn’t mean it’ll be erased from the internet. Users will have to contact the hosting website directly to request removal.

“Maximizing access to information while empowering people to be in control of their sensitive, personally identifiable information is a critical balance to strike,” Michelle Chang, Google’s global policy lead for search, wrote in the blog post.

More information on the requirements to have information removed and how to start the process is available on Google’s support page.

Source: Google

Categories
Mobile Syrup

Virgin Plus adds new in-store SIM transfer process to protect against fraud

Bell flanker brand Virgin Plus rolled out a new process for SIM transfers, according to details obtained by MobileSyrup.

According to a reader tip, Virgin Plus started rolling out the change on October 5th. Existing customers who complete a standalone transfer to a new SIM card in-store will receive a text message to approve the transfer.

Further, Virgin customers will only have 90 minutes to approve and authenticate the transfer before the change can complete.

Virgin reportedly intends for the change to add extra protection against potential fraud, identity theft and SIM swapping scams. Sales representatives have been directed to tell customers about the new authorization process.

MobileSyrup reached out to Virgin Plus for more detail about the change but did not receive a response in time for publication. We will update this space with any additional information we receive.

Ultimately, the change should prove beneficial for customers. SIM swap and number port fraud are unfortunately prevalent in Canada. For those unfamiliar with the term, it refers to when malicious actors initiate a SIM transfer to steal a victim’s phone number and connect it to a SIM card they control. Once the transfer is complete, the malicious actor can use the phone number to receive two-factor authentication (2FA) codes or access the victim’s online accounts. You can read more about SIM swapping here.

The Canadian Radio-television and Telecommunications Commission (CRTC) recently released some information about phone number fraud, documenting over 24,000 potential cases between August 2019 and May 2020.

Before the CRTC release, Canadian carriers refused to share data on phone number fraud or efforts to prevent it. Some carriers claimed doing so would help fraudsters, while others said releasing the information would help competitors.

Ultimately, it’s good to see carriers taking steps to better protect customers against SIM swapping and phone number fraud. Hopefully, other carriers start stepping up their protection measures too.