DMV Phishing Alert, FTSE Spoofing Risk, Victoria’s Secret Breached
Hey, it’s June already! Hope you guys are able to hold up against the cybercrooks, tall and strong.
We are back with our weekly dose of the latest cyber news. This week, we will inform you about the ongoing DMV phishing scam in the US. Next, we will focus on email spoofing attacks being a constant threat hovering over FTSE 100 companies despite having a simple fix already available. Lastly, we will dig deeper into Victoria’s Secret’s recent encounter with a threat attack incident.
Let’s begin with this week’s cyber bulletin.
DMV phishing scam targeting smartphone users in the US
A new phishing scam is doing the rounds in the US. Threat actors are sending phishing text messages to drivers in an attempt to gain access to their personal data and financial information. DMVs, or Departments of Motor Vehicles, have reported the latest phishing texts across three states: California, New York, and Florida.
The malicious messages threaten drivers with unpaid fees, traffic rule violations, hefty penalties, driving license suspension, and additional fines. The truth is that these messages are totally fake and have not been shared by any official entity. Cybercriminals are leveraging a notorious phishing scam tactic called smishing, or SMS phishing, to make quick money.
Earlier this year, some threat actors sent phishing texts warning drivers about unpaid toll fines. At that time, both the Federal Trade Commission and the FBI jumped into action and actively warned the message recipients against those cyberattack attempts.
The intensity of this scam can be gauged from the fact that in April alone, Americans received as many as 19.2 billion automated phishing texts. Such scam texts not only create a sense of nuisance for the recipients but also result in actual financial loss. All it takes is a naive and unsuspecting driver to click on a malicious link and WHAM! There goes all their personal data to the cybercrook! Last year, the cost of cyber fraud for Americans was a staggering $12 billion.
Experts recommend registering your phone number with the National Do Not Call Registry. Also, it is better to avoid clicking on any unknown or suspicious links. Being skeptical can be a smart move in this current scenario.
FTSE 100 companies are prone to email spoofing attacks despite having an easy fix available already
As per a recent report, one-third of FTSE 100 companies are prone to email spoofing attacks. They tend to stay highly vulnerable despite the easy availability of DMARC (Domain-based Message Authentication, Reporting and Conformance) tools. DMARC is one of the most successful email authentication protocols, which helps domain owners safeguard their domain reputation, email deliverability, and client experience by monitoring the legitimacy of emails sent on their behalf.
The lack of DMARC deployment can severely hamper the cybersecurity mechanisms of these FTSE 100 companies. Approximately 30% of those who have already deployed DMARC tools are experiencing issues with misconfiguration. As a result, threat actors can easily carry out email-based cyberattacks targeting employees working in a specific company. They can also impersonate a legitimate company and try to target the customers.
Victoria’s Secret delays Q1 financial results declaration, grappling with cyberattack!
Women’s favorite, Victoria’s Secret, experienced a cyberattack last week. Due to this incident, the brand has decided to delay the declaration of its financial results for the Q1 2025 period.
They are planning to announce a new date for the earnings release and the earnings call webcast. This delay occurred because the investigation is still underway, and they are trying to understand the scope of the impact.
In a press release, Victoria’s Secret has confirmed that the threat attack has not affected their Q1 financial results. However, due to the cyberattack, employees were unable to access certain systems. As a result, Victoria’s Secret is unable to share its financial results currently.
For context, Victoria’s Secret was forced to shut down its e-commerce website and corporate systems on May 26 because of an unfortunate and abrupt cyber incident. To keep the stakeholders updated, they shared a short and clear message on their website that they were taking adequate measures to address a specific security incident. Victoria’s Secret is working with third-party cyber experts to minimize the impact of the cyberattack and also nab the real culprits. The FAQ page mentioned that Victoria’s Secret was still unsure about the exact date and time when the site would be live again.
Much to the relief of its ardent fans and loyal customers, they managed to restore the website on May 29. However, restoring full access will take more time.
