[BreachExchange] Full House Lottery targeted by scammers for second time in a month

Audrey McNeil audrey at riskbasedsecurity.com
Wed Mar 1 20:19:46 EST 2017


http://globalnews.ca/news/3273558/alberta-charity-targeted-by-scammers-for-
second-time-in-a-month/


Global News has learned that Full House Lottery’s website was hacked
earlier this month, compromising the financial information of some 3,000
Albertans.

Lottery manager Frank Calder confirmed that everyone who has been affected
by the security breach has been notified. They have also been instructed to
contact their credit card providers.

Calder said they became aware of what had happened on February 22, but
security had likely been compromised on February 9.

“We’ve done absolutely everything that we can to monitor the site around
the clock to make sure that there are no more breaches,” he added.

A cybersecurity team has been brought in to assist the charity, whose
website is now back up and running. Calder confirmed Edmonton Police
Service is investigating.

“We would not be selling tickets right now if we believed anyone was at
risk,” Calder said.

When asked how sure they are that no one beyond the 3,000 donors had been
affected, Calder replied, “We’re very sure.”

He said they are taking the breach very seriously and are monitoring the
website “night and day” to ensure no other breaches occur.

Last month, a fake Full House Lottery website (FHLottery.ca) was shut down
after it was posing as the legitimate organization, trying to obtain
personal and financial information from donors.

READ MORE: Fake Full House Lottery website shut down after phishing scam

The charity explained on its Facebook page that this was a phishing scam,
in an attempt to gather information including addresses, dates of birth and
credit card details under the guise of early registration for VIP tickets.

I’m not sure if they’re being selective. And we can be as upset as we are
that they would attack a charity, but they do. And they may be in a country
far away where they don’t know who we are particularly,” Calder said.

Tickets sold by Full House Lottery fund life-changing programs that include
neo-natal intensive care, advanced trauma surgery and critical brain care.

The charity lottery supports the University Hospital Foundation and the
Royal Alexandra Hospital Foundation.

Cyber security expert David Papp believes scammers are becoming
increasingly more sophisticated in their approach.

“Making sure you’re running the updated software, making sure you can even
get some – what they call – white hat hackers to do some penetration
testing on your own website to see if they can compromise it,” he offered.

While preventative measures exist, Papp cautions: “Most website on the
internet are very vulnerable. In fact, you couldn’t even say that anything
is 100 per cent secure out there. There’s nothing sacred.”

One step he has recommended before is having a second credit card with a
low limit, specifically for online transactions. If a security breach
occurs, thieves would not have the opportunity to embark on a large-scale
shopping spree with a card used to pay utilities and other bills.

As for Full House Lottery, they said they are continuing to monitor their
site very closely.

“We really hope that they will continue to support us because we’ve got
some truly important causes and things that are life-changing for patients
at the Alex and the University Hospital.”

Proceeds from this year’s lottery will go towards an advanced CT scanner
that will help with cancer detection, as well as a stroke ambulance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170301/58f1a358/attachment.html>


More information about the BreachExchange mailing list