CUSTOMERS OF VANS, THE NORTH FACE,
AND OTHER BRANDS PERSONAL DATA POTENTIALLY STOLEN.

VF Corporation, parent company to popular brands including, Vans, The North Face, Timberland, Dickies, JanSport and more, reported that their IT systems were impacted on December 15, 2023 and that some personal data was stolen.

They reported that their computer systems were affected and that personal information was stolen, but they haven't provided any specific details. This is important because cybercriminals commonly use stolen data from these breaches to launch scams, so please be cautious, particularly if you have a loyalty account or have made direct orders through their websites (such as Vans, North Face, Altra, Dickies, etc.). Visit their corporate website for a full list of their brands: www.vfc.com .

Assume that anything you shared with
these brands could be in the hands
of the thieves.

If you stored a credit card, monitor your account closely for any suspicious activity and report it promptly. If you use the same password for any of your online accounts, especially email or social media, update those passwords. According to their SEC 8-K report, the attackers disrupted VF Corporation's operations by encrypting some computer systems and stealing data, including personal information. The company is working to restore the affected systems and find alternative solutions to minimize disruption for customers. VF-operated retail stores are open, but there may be some operational issues. While consumers can still place orders on most brand websites, fulfilling those orders is currently impacted.

SEC 8-K report here: https://www.sec.gov/ix?doc=/Archives/edgar/data/103379/000095012323011228/d659095d8k.htm

Congratulations on making it almost all the way through 2023! Now that holiday shopping is in full swing, we wanted to let you know about a few online shopping trends we've noticed and give a few tips about how to stay safe online while buying gifts for everyone on your list.

Generally, experts seem to believe that the average American is going to spend less this year – though pandemic restrictions have largely lifted, we've entered a new season of economic uncertainty. This means every dollar is even more important, which is why we want to help you protect your hard-earned cash from the scammers and hackers that pop up every year. It's like they don't care about the naughty list! Here is what we think is cheerful and what we think is coal-worthy for shopping online this holiday season:

You can soon set up alerts for whenever your home address, phone number, or email address appears in Search.

In 2022, GOOGLE expanded the ways you can submit removal requests for search results containing personal info. Prior to this change, you had to meet a very high bar to get results with sensitive data wiped. Finding personal details in a Google search, like a home address or phone number, can be scary, but you can take action to protect your privacy.

There’s no guarantee that unwanted search results will disappear completely, but as a result of your request, the web page could be removed from searches on Google.

There are services that can help you make your disappear digitally like DeleteMe. More information on using DeleteMe can be found here.

Under the new Google policy expansion, you can now request removal of other types of information like phone number, email address, or physical address. It also allows for the removal of additional information that may pose a risk for identity theft. Think confidential log-in credentials that my appear in search results.

REQUEST REMOVAL FROM GOOGLE HERE

Google requests your full name, country of residence, and email. You are only permitted to submit takedown requests for results pertaining to yourself or someone you officially represent. You can submit up to 1,000 links at once. Google asks for the URL of the offending content or image, and the company wants you to share the search results where it shows up. It’s not clear how long it will take to review your case, but Google will let you know when it has decided to take action—or do nothing at all. The company promises to include brief explanations with any rejections and allows repeat submissions.

-end-

Reference: Rogers, Reece. “How to Remove Your Personal Info from Google’s Search Results.” Wired.com, APR 29, 2023, https://www.wired.com/story/remove-personal-info-from-google-search-results/

Urgent Information for Barracuda Email Security Gateway Users

DO you have Barracuda Email Security Gateway devices in use to filter your inbound emails for spam, phishing, and malware?

Barracuda is urging replacement of these devices as their recently discovered vulnerabilities cannot be fixed with patches or upgrades. Contact Barracuda support or whomever manages your Barracuda Email Security Gateway to correct this very serious vulnerability.

As always, keep things up to date and properly configured continues to be good advice, but in this particular case, that isn’t going to be enough.

(Barracuda is a physical device that sits on your network in front of your email system)

MORE DETAILED INFORMATION IS PROVIDED BY KREBS ON SECURITY IN THIS ARTICLE.

What are the biggest threats to each of us right now?

Scammers are using AI and ChatGPT as a tool to create even cheekier scams than normal!

THE ARRIVAL OF FLEECEWARE

One of the more irreverent scams is called Fleeceware, a type of mobile application (or website) that comes with excessive subscription fees you may quickly forget you’re paying. The ones oriented around these AI apps have catchy names like Genie – AI Chatbot. It can also be a website that looks like a legitimate site or uses a similar name to a trusted site to give a false sense of legitimacy.

The goal of these apps or websites is to get your to complete a sign up for a weekly/monthly subscription for what you’ll quickly find out is pretty useless.

HOW WELL DOES THE SCAM WORK?

Sophos reports that the people who publish the Genie AI Chatbot app (still available in the Apple apps store btw) are raking in $1 Million a month in subscription fees for something better, and free if you go to the source, https://openai.com/blog/chatgpt 

IS THERE AN OFFICIAL OPEN AI IPHONE OR ANDROID APP FOR CHATGPT?

There is only one official app released as an iPhone app for ChatGPT and there is not one for Android, yet.

If you search the app store for ChatGPT, you’ll see dozens (maybe hundreds of apps) but only one is the official Open AI ChatGPT app. There isn’t an official app for Android yet, but there are more than a few pretenders available. 

The only official app OpenAI has published, download it here for the iPhone:  https://apps.apple.com/us/app/openai-chatgpt/id6448311069

SHOULD I BE SUSPICIOUS OF EMAILS RELATED TO CHATGPT?

The scams wouldn’t be complete without using the headlines to send phishing emails. The current hearings in Congress are news, and news means new subject lines for phishing emails.

There are new domain names popping up related to ChatGPT, many of which are common misspellings of legitimate domain names. BE EXTRA SUSPICIOUS of any email or text messages you receive with subjects or links related to ChatGPT. If you intend to use ChatGPT, be sure to access the service through the official OpenAI site, https://openai.com/blog/chatgpt

 SHOULD I USE CHATGPT FOR BUSINESS?

For businesses, these tools bring the added risk of your employees inputting sensitive information into these tools. Your best protection is to have a policy around the use of these AI tools, similar to what you probably already have to social media usage.

If you have a legitimate business use for these AI tools, great – review their privacy policies and terms of use. You’ll have better privacy and control over your data usage is you pay for a subscription vs. using free ones.

Be sure to know how the service will use any data you give it before committing.