The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to student loans, scammer AI and a Ghoul haunting industrial firms.
Student Loans Company Issues Phishing Alert
A student loans company in the United Kingdom had to issue an alert to prospective students. This warning was to inform the students that phishing e-mails were being used to scam students. The e-mails were part of a phishing scam that was targeting students for their personal and financial information. The e-mails stated that if the student did not click on the link in the e-mail, they would lose or have a delay in their loan payments. Once the student clicked on the link, they were forwarded to a fake website that was used to obtain the information the scammers wanted. Click here to read more.
Scammer AI Knows Your Gullibility
Scammers are using a new technology to trick people into phishing scams. Security researchers have recently found that scammers are using machine learning techniques to create tweets that look similar to company or high-profile twitter users. However, unknown to the victim, the tweets contained malicious links that would forward the victim to fake websites. Once a person visited the website, they were either tricked into downloading malware or divulging their personal and financial information. The difficulty with these phishing Twitter and Facebook messages was that they were extremely convincing to the victim. Because the victim trusts the source of the tweet, they click the link without thinking about it. Click here to read more.
Operation Ghoul Targets Engineering and Industrial Firms
Security Researchers at Kaspersky Lab have found a new cyber-attack called Operation Ghoul. It was conducted by a group of hackers, who are targeting industrial and engineering firms from more than 30 countries. The purpose of the attack was to gain information from these firms so that the hackers could turn a profit. The attack began with a spear-phishing e-mail that contained a VBA macro enable Office document, as an attachment. When an employee at the engineering firm opened the attachment, their computer was infected with malware. The malware collected keystrokes, clipboard data and other important information used by the firm. The malware would send this information to the hackers who would use it for further activities. Click here to read more.