As we approach the summer months, it’s important to remember cybercriminals will not be on vacation.

Cyber scams are conducted throughout the year, and malicious actors may try to take advantage of people who are on vacation, and thus, may let their guard down.

It’s important to always keep your eyes peeled for suspicious activities and to take immediate action should you fall victim to a data breach.

In this week’s installment of the BlackCloak Thursday Threat Update, we’ll look at a data breach affecting millions of residents living in two states, and a brand impersonation campaign involving thousands of malicious websites.


Millions of Louisiana, Oregon residents affected by data breach

What we know: A recent data breach compromised the information belonging to 3.5 million people living in Oregon and six million Louisiana residents. The Oregon Department of Transportation said at least driver’s licenses were exposed in the breach, while the Louisiana Office of the Governor said in addition to driver’s licenses, Social Security numbers, names, addresses and other personal information is at risk.

Recommendations: Given the sensitive nature of the data exposed, it is highly recommended that anyone affected by the breach place a credit freeze and fraud alert on their accounts with the three major Credit Reporting Agencies, Experian, Equifax, and TransUnion as soon as possible. The Louisiana Governor’s Office also recommends residents change their passwords for all of their online accounts out of an abundance of caution and to report any suspected identity theft to the FTC.


Thousands of malicious websites used in brand impersonation campaign

What we know: A threat research team has discovered a campaign where unknown individuals have set up thousands of phony websites that appear similar to many well-known brands. The phony websites have been shown to have a URL that includes a brand number used together with a city or a country, followed by a domain ending such as .com. Nike, Adidas, Cros, Reebok, and Tommy Hilfinger are among the brands impersonated in this scam. The research team behind the discovery said the end goal may be to sell counterfeit products or to obtain payment card information entered onto the sites.

Recommendations: When surfing the internet, make sure you pay attention to the spelling of the website you visit. Cybercriminals will set up websites that look very similar to the one they are impersonating, and to get targets onto their websites, they will spell the URL slightly differently, or using a different domain ending, in the hopes that the potential victims will not notice. This is a practice known as “typosquatting.” A good way to avoid this is to bookmark websites you have previously visited. Additionally, be very careful about websites that appear in a Google search under promoted results, as cybercriminals can exploit this feature to push their phony websites.


Cyberattacks can target anyone

It doesn’t matter if you are a Fortune 500 CEO or a small business owner, cybercriminals will target just about anyone in hopes of obtaining valuable sensitive information. 

Learn how social engineering attacks have targeted CEOs, and a new slate of cyberattacks aimed against plastic surgeons.