Canadians Hacked. PHOTO: Cybercrime Magazine.

A Whopping 52 Percent Of Canadians Have Been Hacked Over The Past Year

Heatstroke phishing campaign uses advanced techniques including steganography

Steve Morgan, Editor-in-Chief

Northport, N.Y. – Sep. 7, 2019

Canada has a population of around 37.4 million people. More than half of them, 19 million, are estimated to have been affected by data breaches in less than a year, according to a new podcast hosted by award-winning journalist and news anchor Kevin Newman.

Phishing scams continue to lead the way in targeting and penetrating the human attack surface. To put it more simply — it’s easier to hack through a person than a firewall. More than 90 percent of all cyberattacks are initiated by phishing.

One of the latest phishing campaigns, Heatstroke, uses advanced techniques such as steganography to steal PayPal and credit card information from unsuspecting victims, according to Jindrich Karasek, a threat researcher for Trend Micro.

Exactly how many Canadians have been affected by Heatstroke is unknown at this time. But organizations, employees, and consumers need to beware of this serious cyber threat.

Erich Kron, security awareness advocate and technical evangelist for KnowBe4, explains:

“This is an example of how sophisticated phishing attacks are becoming. Deploying technology like steganography (hiding data, like passwords, inside digital image files) to avoid detection are things we associate with James Bond-like sophistication, but this type of technology is actively being used in the real world today. The financial gain the attackers are seeing justifies this level of sophistication.”

The way Kron sees it, training employees on how to detect and react to phishing campaigns such as Heatstroke is imperative.

“People need to be trained to be very suspicious of any unexpected account verification emails, text messages or phone calls and should contact the sending organization directly, through the company website or phone number. Do not trust the phone number, email address or any other information within the message.”

Kron, an experienced keynote speaker and security awareness advocate, explains the financial implications that phishing attacks can have on people.

“The hidden danger in data breaches is the fact that even the data we don’t believe is dangerous can be a gold mine for the bad guys. For example, if bad guys know what bank you use, they can easily use that information to craft an email designed to steal your login credentials by sending you to a fake website. They can also use this data to make an otherwise easy to spot phishing email much more convincing by sprinkling the data they got from the breach in the email. Adding things like the last four digits of a credit card number or a birth date can really make these instances more believable.”

Poor user habits invite cybertheft, says Kron.

“Another significant concern about data breaches is that people often use the same password for multiple website logins. This allows the bad guys to take an email address and password linked from one site and try it on other sites. This is how a data breach on a pet forum can lead to an email account, banking account or Amazon account being taken over with very little effort.”

Canadians beware. Take Kron’s advice to heart. If you’re a small business or a major organization, then you don’t want to have a stroke over this nasty phishing campaign.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by KnowBe4

KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.