The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows OLE, Apple iOS and a fake Coca Cola lottery.
Security researchers have recently seen an upsurge in the use of a Windows OLE bug that bypasses anti-virus program detection. This bug used in Microsoft PowerPoint attachments found in phishing e-mails. The attack begins with a phishing e-mail that tricks the user into opening a PowerPoint file. This executes a VBA-marco that infects the victim's computer with malware. Scammers are using this exploit to infect business computers for the purpose of stealing files and login credentials. Furthermore, researchers believe that these phishing campaigns are being driven by Nigerian 419 actors because the behind-the-scene activities of this campaign are similar to their tactics. Click here the link below to read more.
An unpatched exploit in the iOS Mail App was recently found by an Ernst & Young security researcher. The flaw allows HTML code to be loaded into the app, which replaces the original e-mail message. This exploit would allow a hacker to build a functional password 'collector' that can be used to steal someones iCloud account password. The researcher continued to explain that this exploit could be used in a phishing e-mail. The attack would begin with a phishing e-mail that when opened, tricks the user into believing that they need to log into their iCloud account. Once the victim enters their login credentials, the hacker would have access to their photos, videos and music libraries stored on iCloud. Click here the link below to read more.
The South African bottling company for Coca Cola, PenBev recently warned their beverage consumers about phishing e-mail scams advertised as Coca Cola competitions. The company stated that scammers are using SMS and e-mail messages to trick victims into believing that they won a Coca Cola lottery. These messages then request the victim's personal information to collect their prize money. In some instances, scammers had established an relationship with their victims and were able to obtain financial information, such as bank account and credit card information. The company has released to the press a statement about the phishing scams, but have simply stated that if you have not entered a Coca Cola competition, then you should not reply to any e-mails purporting the same. Click here the link below to read more.
APHC