The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to EBay, WhatsApp and Gazan Hackers.
XSS Security Flaw Allows EBay Customers To Be Phished
Late last year, a security researcher named MLT found a cross-site scripting (XSS) flaw in eBay’s homepage. This security flaw allowed hackers to inject malicious code into the login page of the website for the purpose of stealing user’s login credentials. For this scam to be successful, the hacker would use a phishing e-mail disguised as a legitimate eBay e-mail and trick the customer into clicking a link embedded in the body of the e-mail. This link would forward the victim to a fake login page. The fake page used the XSS flaw to steal the user’s login credentials and redirect the user to their eBay profile account without them knowing that their login information was stolen. Click the link below to read more.
WhatsApp Users Are The New Target Of A Phishing Scam
Earlier this week, e-mails disguised as messages from WhatsApp were targeting users of the popular mobile messaging service. Hackers were using these phishing e-mails to distribute malware for the purpose of infecting computers. The phishing e-mails contained subject lines that made it appear that the user was receiving a notification from WhatsApp. Each e-mail contained a compressed file attachment containing the executable malware. Once opened and installed, the malware would spy on the user’s browsing activities, as well as possibly log their key strokes. Click the link below to read more.
Gazan Hackers Use Phishing To Target Isrealis
A group of Gazan hackers known as the Molerats were discovered using off-the-shelf malware to spy on Isreali targets. This hacking group targets Israeli industries, embassies, journalists, banks and military. The new malware was being used by the group as a keylogger and phishing tool, which could grant access to computer systems. It was distributed through phishing e-mails sent to several employees of an organization. These e-mails would usually contain subject lines about Gilad Shalit and Bar Refaeli, which would trick the recipient into opening the malicious attachment. Click the link below to read more.