The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Partners Healthcare, CareerBuilder and an online colouring book.
Answered Phishing Email Puts Partners Healthcare Data At Risk
Partner Healthcare System released a statement late last week that personal healthcare data belonging to its patients were potentially exposed because of unauthorized access to their systems. This data breach occurred when an employee responded to a phishing email that may have allowed hackers to access the “workforce members'” email accounts within their network. These accounts would have likely contained patient names, addresses, date of birth and phone numbers. In some cases, clinical information on these patients were also accessible to the hackers. Click the link below to read more.
Job Seekers Are Targets on CareerBuilder
Security researchers highlighted recently that job seekers who use CareerBuilder to find jobs, have been the target of a phishing scam. The phishing attack had been described as one that uses CareerBulder’s e-mail notification system. When a job hunter submitted a resume, an e-mail notification was sent to the job poster, which also attached the resume document. This Microsoft Word document contained a malicious VBA macro that is used to deliver malware onto the victim’s computer. Since job posters’ are expecting the e-mail attachments from CareerBuilder, the probability of them opening the documents were very high. Click the link below to read more.
Ads on Colouring Pages Website Lead to Malware Installs
Earlier this week, MalwareBytes illustrated a phishing scam involving websites that offered colouring pages. These pages were available on the website so that parents could download and print these pages for their children. These sites featured popular characters from My Little Pony, Looney Tunes, Despicable Me and others. The phishing attack used a transparent full-window advertisement that appeared when a person visited the website. If they clicked anywhere on the page with the exception of the “x”, another window in the web browser opened. This new window would take them to another site with unrelated content. This included pornography and click-bait type content. Click the link below to read more.