Hackers Social Engineer Amazon Worker, Bug Wendy’s Payment System and Defraud Boeing Supplier

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches: 

Fraud Victim Claims a Duped Amazon Customer Service Rep Opened His Digital Life to Hackers

“All a hacker needs to unlock your whole damn life is your name, email address, and a mailing address—and the mailing address doesn’t even have to be correct,” Gizmodo writes.

Amazon customer Eric Springer first suspected mischief of some sort after receiving an email from the tech giant that thanked him for contacting customer service. Springer hadn’t actually contacted customer service.

Troubled by the message, he connected with Amazon and managed to get a hold of a transcript of his supposed chat with customer service. He discovered that a social engineer—a hacker—was pretending to be him to gain access to critical information in Springer’s Amazon account.

The address the fake guy provided to the rep for confirmation wasn’t even the location of Springer’s real home. It was a bogus address Springer had used to register websites online.

Springer breaks down the horror show on Medium:

“Wow. Just wow. The attacker gave Amazon my fake details from a whois query, and got my real address and phone number in exchange. Now, they had enough to bounce around a few services, even convincing my bank to issue them a new copy of my credit card.”

Springer informed Amazon of the epic fail and the company promised to improve security.

Similar social engineering stunts ensued over the next two months, with the story ending where Springer closes his account and takes to social media to hold Amazon accountable.

“The biggest vulnerability isn’t a password or an email address; it’s the gullibility of the person on the other end of the line,” Gizmodo writes.

Wendy’s Bitten by Payment System Bug

The fast food chain says it’s investigating claims of a possible credit card breach at some locations.

Banking industry sources discovered a pattern of fraud on cards all recently used at various Wendy’s locations.

Company spokesman Bob Bertini said Wendy’s began receiving reports earlier in January from its payment industry contacts about the potential breach.

“Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurant,” he said.

Bertini said it was too soon to say whether the incident is contained, how long it may have persisted, or how many stores may be affected.

Boeing Supplier Partly Owned by China Is Defrauded

Austria’s FACC AG, which supplies parts to Boeing and Airbus, suffered $55 million in damages after a hack attack. The company's biggest investor is Aviation Industry Corp. of China.

A financial accounting department at the firm was the target, FACC disclosed Jan. 20.

"The FACC case is intriguing because the company is ultimately controlled by China, often linked to intellectual property theft," Bloomberg reports.

Rick Gamache, a managing director at U.S. cybersecurity firm Wapack Labs, said a competitor or another nation state could be responsible for the intrusion.

Texas Teens Hack School District’s Network, Forge False Bomb Report

Two male students at Midway High School in Waco allegedly posted a screenshot of a falsified administrative document warning families about potential violence at the school.

The boys, 15 and 16, hacked into the school district’s online information portal and created a bogus document with an administrator’s signature.

The boys then took a screenshot of the document, posted it on social media and deleted the original document.

District officials fielded about 200 calls regarding the post after it appeared on a Tuesday. The message told students to stay home from school the next day because of threats of violence between classes on Tuesday and Wednesday.

(Image via Ken Wolter/Shutterstock.com)