Contact Us

Cyber Security Today, May 12, 2021 – Hate on messaging apps, Zix used in scams and QR code warning

Cyber Security | July 22, 2021

Fight hate on private messaging apps, how Zix is used for scams, a warning on QR codes and more.

Welcome to Cyber Security Today. It’s Wednesday, May 12th. I’m Howard Solomon, contributing reporter on cybersecurity for

The government of Canada should do more to stop disinformation on private internet messaging platforms like WhatsApp, Telegram, WeChat, Facebook Messenger and Snapchat. That’s the recommendation of the cybersecurity policy exchange at Toronto’s Ryerson University. There’s a lot of discussion about disinformation on public social media platforms like Twitter and Facebook. But in a report issued Tuesday the exchange says private messaging apps are also being abused by fake news, hate speech, sexual comments and materials that incite violence. In a survey of 2,500 Canadians, a quarter of respondents said they get messages with hate speech at least once a month. Rates are higher among people of colour. Almost half said they get private messages at least once a month that they suspect are false. Some platforms label suspect messages and limit the number of targets that suspect messages can go to. But the report says the federal government should do more, including improving digital literacy so people can spot falsehoods, and demanding transparency from private messaging platforms on how many accounts host and distribute bad material. There’s a link to the full report here.

Recently I told you a ransomware gang had threatened to release confidential files of the Washington, D.C. police department unless it was paid. According to news reports the gang says it has started putting that data online. If true the files could damage police operations. Meanwhile the city of Tulsa, Oklahoma has suffered a ransomware attack.

Hackers are abusing the Zix secure messaging service. Here’s how it works, according to a cybersecurity company called Abnormal Security: Victims get a phishing message from a company’s compromised email account. For example, one message came from a real estate title searching firm and went to a legal firm or someone trying to buy a house. The attachment claims to have a closing settlement counteroffer for a residence. The header on the link looks like it goes through Zix, which checks links. Those who know about Zix are supposed to be reassured. But the link goes to a page where victims are asked to enter their Microsoft login credentials to see a document. The reason why some anti-malware systems may miss this scam is the use of Zix. Be careful with any messages that have links to documents where you have to enter a password. You may be giving away access to your computer.

QR codes are black-and-white speckled squares that are scanned with a smartphone to get access to services or apps. But be careful what you scan: Crooks also use them to infect mobile devices, because they can be made into stickers and slapped on top of legitimate codes. Victims think the scanned app will be helpful, but it’s really data-stealing malware. Anna Chung, a threat researcher for Palo Alto Networks, told me this week that crooks are taking more interest in QR codes. That’s because they’re being used more by legitimate businesses as a result of COVID-19. For example, restaurants and stores use them as an aid to virus contact tracing. Rather than have someone take down your name when you enter a store so you can be called if a customer tests positive for the virus, you scan the code. It takes your smartphone number. Or restaurant customers are asked to scan a code to access menus and order food from their mobile device. Chung offers this advice for protection: Install an anti-malware app for mobile devices that has QR code protection. Disable the automatic redirect capability in your mobile browser. That way instead of automatically going to where the scanned code wants, the browser will first tell you which website it’s going to. Ignore invitations to scan a QR code for free internet. And be careful about the codes you scan. Stay away from codes on walls or windows. Beware of codes that look like they’re made from a sticker.

I have another warning to smartphone owners to be careful choosing and downloading mobile apps. This comes after an Italian cybersecurity company called Cleafy discovered new Android malware apps whose goal is to steal passwords to bank accounts. This malware hides in apps like media players and package trackers from well-known couriers like UPS and DHL If downloaded by a victim it asks to be installed as an Android Service. That’s a warning sign. Android Services run in the background. Why would you want an app to run in the background? Other suspicious signs: The app asks for permission to observe your actions, to retrieve window content and to perform gestures. If you say yes to all of these things and the app can silently take screenshots of whatever you do, such as enter passwords. If there is no way to say no to an app when it asks for access permissions, that’s another sign of a malicious app. Finally, if after you download an app you can’t find its icon, for sure you’ve been hacked. This campaign so far is aimed at stealing passwords for banks in Europe. It probably won’t be long before it goes after banks in Canada and the U.S.

Don’t download apps sent to you. Only rely on Android apps from the Google Play store. Even then bad apps can sneak in. If the app you choose starts demanding permission to things you don’t want, delete the app.

Finally, yesterday was the monthly Microsoft Patch Tuesday. Check that Windows has installed the latest security updates. Also check your Adobe Reader is patched. And Google has updated the Chrome browser with security fixes.

That’s it for now. Remember links to details about these stories are in the text version of this podcast at That’s where you’ll also find other cybersecurity stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

This content was originally published here.