Toyota data breachToyota Motor Corporation announced on October 7, 2022 that approximately 296,000 customers' personal information had been compromised.

Toyota T-Connect allows owners of Toyota cars to connect their phones to their vehicles using their mobile phones. Users can listen to music, track fuel consumption, and monitor engine status.

Toyota recently discovered that a section of its source code was available on GitHub. Access keys to the T-Connect data servers were included in the source code.

These keys can be used to gain access the T-Connect data servers. When customers register via the T-connect app, their email addresses are stored on the data server. Unauthorized third parties can access customer records between December 2017 to September 2022, because of this.

To prevent any unauthorized access, the database keys were last updated on September 17, 2022.

The stolen information did not contain any personal information about the consumers, including their names, credit card numbers or phone numbers.

Toyota also apologized for any inconvenience caused due to the incorrect handling of customer data and said that the error was the fault of a subcontractor.

There is no evidence that data was misused. The Japanese automaker cannot rule out the possibility that the data could have been accessed or stolen.

T-Connect users who enrolled between July 2017 to September 2022 should be wary of email attachments coming from unknown senders. Phishing attacks may be carried out by threat actors posing as Toyota officials.

Callback Phishing Scams: The Evolution

phishingPhishing is one the oldest forms cybercrime. It is difficult to defend yourself against it as it continues to evolve.

Callback Phishing scams use email to trick recipients into signing up for expensive services.

The email contains a number that the recipient can call to cancel or learn more about the "membership". This opens up to social engineering attacks that can infect victims' computers with malware, and in some cases full-blown ransomware.

This attack was initiated by what are now called BazarCall campaigns.

Threat actors began sending emails under the alias of "BazarCall" posing as subscriptions for popular services. They also included a number to call to cancel the purchase.

The threat actors directed the target to dial the number and guided them through a series prompts that eventually led to the downloading of an Excel file infected by the BazarLoader malware. BazarLoader enabled remote access to compromised devices which allowed for ransomware attacks.

The evolution

Although the social engineering technique has evolved in recent callback-phishing attacks, the bait is still an invoice from well known service provider companies.

After the victim calls the provided number, the scammer asks for verification invoice data. The scammer then claims that no matching records exist and that the victim was spam.

The spam email sent by the fake customer service representative infected the victim's computer with malware. She offers to connect the victim with a technician. The victim is then connected to the technician and directed to a website that allows them to download malware disguised to be antivirus software.

The scammers claim that the security program pre-installed on victim's computer has expired and has been automatically renewed. The fraudster eventually takes the victim to a malware-dropping cancellation and refund gateway.

These tricks convince victims to install malware such as BazarLoader or remote access trojans.

The last step is to persuade the victim to access their bank accounts to receive the reimbursement. The victim is tricked into paying the con artist money by locking their screen and then starting a transfer out request. Once the transaction is complete, the screen can be unlocked.

The victim is then provided with a fake refund success page in order to fool him into thinking that they have received their refund. To prevent victims from becoming aware of fraud, threat actors may also send SMS messages to the victim claiming that they have received a refund.

The threat actors may launch more dangerous malware to spy on users for longer periods of time and steal sensitive data.

Because they are always evolving, callback Phishing scams can be difficult to detect. It is important to recognize the warning signs of a scam such as unannounced invoices or calls from unknown numbers. You should not panic if you think you might be the victim of a callback scam. Instead, call your bank or service provider to confirm any suspicious activity.

Phishing artist are skilled at their craft. Your employees need to be trained to recognize these attacks and how to take appropriate action.  Call Integrated Technology Systems to see how we can help

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017