APHChttps://antiphishing.club/2016-10-14T02:38:00-04:00Raising Awareness through good practicesPhishing Scams - Weekly Top 3 - ED-41.20162016-10-14T02:38:00-04:002016-10-14T02:38:00-04:00Jon Phishtag:antiphishing.club,2016-10-14:/phishing-scams-weekly-top-3-ed-41-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Blue Cross, U-mail and SWIFT.</p>
<div class="section" id="health-insurance-phishing-scams-on-the-rise">
<h2>Health Insurance …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Blue Cross, U-mail and SWIFT.</p>
<div class="section" id="health-insurance-phishing-scams-on-the-rise">
<h2>Health Insurance Phishing Scams On The Rise</h2>
<p>Health insurance scams are becoming more popular. This is due to the ease at which scammers are able to obtain personal information from their victims. The customers of Blue Cross Blue Shield are frequently targeted by scammers. The phishing scams usually began with the scammers claiming to be the health insurer, when they called or e-mailed the victim. They would use the opportunity to obtain the victim's date-of-birth, Social Security Number or bank account information. Once they obtain this information, the scammers used it to apply for credit cards and obtained loans from various banks in the victim's name. <a class="reference external" href="http://www.palmbeachpost.com/business/personal-finance/watch-out-for-these-blue-cross-blue-shield-scams/TfNsqXptvXhcZMXLKwqVwM/">Click Here to read more</a>.</p>
</div>
<div class="section" id="u-mail-phishing-scams-targets-university-students">
<h2>U-Mail Phishing Scams Targets University Students</h2>
<p>The students of the University of California, Santa Barbara (UCSB) were the victims of a phishing scam originating from compromised U-mail accounts. These compromised accounts were used in the phishing scam to steal the usernames and passwords to other students' university accounts. These stolen credentials would be used by the hackers to access the respective e-mail accounts. The newly compromised accounts were used to send more phishing e-mails for the same purpose. Hackers used U-mail accounts to spread the phishing e-mail because these accounts were trusted by the students, which made the phishing scam harder to detect. <a class="reference external" href="http://dailynexus.com/2016-10-13/u-mail-phishing-scams-resurface/">Click Here to read more</a>.</p>
</div>
<div class="section" id="swift-financial-platform-targeted-by-odinaff-banking-trojan">
<h2>SWIFT Financial Platform Targeted By Odinaff Banking Trojan</h2>
<p>Earlier this week, Symantec reported that there was a campaign targeting financial organizations worldwide. This campaign involved the use of phishing e-mails to infiltrate banking, securities, trading and payroll departments of these organizations. The phishing e-mails would usually contain a malicious attachment that contained a Trojan malware called Odinaff. This malware was designed to target users of the <a class="reference external" href="https://www.swift.com/">SWIFT</a> global financial messaging system. It would infect the users' computers and monitor the SWIFT customer logs. These logs contained International Bank Account Numbers (BAN) and account balances, which the hackers could use for other hacks on the SWIFT network. <a class="reference external" href="http://www.ecommercetimes.com/story/Odinaff-Trojan-Targets-Banks-Financial-Firms-Worldwide-83987.html">Click Here to read more</a>.</p>
</div>
Phishing Scams - Weekly Top 3 - ED-40.20162016-10-07T00:50:00-04:002016-10-07T00:50:00-04:00Jon Phishtag:antiphishing.club,2016-10-07:/phishing-scams-weekly-top-3-ed-40-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to IRS, South African Airways and stolen bitcoins …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to IRS, South African Airways and stolen bitcoins.</p>
<div class="section" id="new-irs-scam-tricks-victims-using-health-coverage">
<h2>New IRS Scam Tricks Victims Using Health Coverage</h2>
<p>Scammers have started a new IRS phishing scam in an attempt to steal monies from unsuspecting taxpayers. The phishing scam began with fake IRS e-mails with the subject "CP-2000 notice". In these e-mails the scammers stated that the victim's income or payment declaration did not match with their tax returns. The e-mails continue to state that the taxpayer owed the IRS an outstanding balance towards the Affordable Care Act health coverage requirements. After reading this notice, the e-mail requested that the victim either reply to the e-mail or call the phone number in the e-mail. Once the victim replied, the scammer used the opportunity to trick the victim into sending them money or obtaining their personal, or financial information. <a class="reference external" href="http://www.spamfighter.com/News-20517-New-IRS-Email-Scam-Reaching-Your-Inbox.htm">Click Here to read more</a>.</p>
</div>
<div class="section" id="south-african-airways-warns-customers-of-phishing-campaign">
<h2>South African Airways Warns Customers Of Phishing Campaign</h2>
<p>The South African Airlines (SAA) released a warning this week concerning several new phishing scams. The first popular scam used phishing e-mails requesting that the 'selected' customer participate in a short survey. Upon completion they would get two SAA tickets for free. However, the e-mail contained a malicious link to a fake website used by hackers to obtain personal and financial information. No other information was given concerning the second scam. However like the first scam, customers would receive a phishing e-mail containing a malicious link to a website used by the hackers to steal personal information. <a class="reference external" href="http://citizen.co.za/1306734/saa-warns-public-of-scams/">Click Here to read more</a>.</p>
</div>
<div class="section" id="scammer-stole-10k-usernames-and-passwords-in-dark-web-phishing-scheme">
<h2>Scammer Stole 10K Usernames And Passwords In Dark Web Phishing Scheme</h2>
<p>Earlier this week, a man was arrested by the FBI for stealing over 10,000 usernames and passwords from users on the Dark Web. He used these login credentials to steal bitcoins from his victims. He was able to steal these bitcoins through an online phishing scheme, which began with him placing fake links to online marketplaces on dark web forums. Unknowing users clicked on these links and they were forwarded to a fake login page, which was setup to steal login credentials. Once he had the username and password, he monitored the victim's bitcoin balance and stole bitcoins. He then exchanged these bitcoins for U.S. currency, which he deposited in his bank account. <a class="reference external" href="http://patch.com/connecticut/wallingford/wallingford-man-steals-more-10k-usernames-passwords-dark-web-phishing-scheme">Click Here to read more</a>.</p>
</div>
Phishing Scams - Weekly Top 3 - ED-37.20162016-09-27T23:18:00-04:002016-09-27T23:18:00-04:00Jon Phishtag:antiphishing.club,2016-09-27:/phishing-scams-weekly-top-3-ed-37-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to American Express, NAB and Fancy Bears...again …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to American Express, NAB and Fancy Bears...again.</p>
<div class="section" id="american-express-customers-targeted-in-phishing-prevention-scam">
<h2>American Express Customers Targeted In Phishing Prevention Scam</h2>
<p>The customers of American Express have been the victim of a phishing campaign with a new twist. The phishing e-mails being used by scammers contain a promise to the receiver that they would be given an identity theft and phishing prevention tool. The e-mail disguises itself as a legitimate program called SafeKey by American Express. This program is used by American Express to add an extra layer of security for their customers. However, scammers are using phishing e-mails with malicious links to forward American Express customers to fake websites that collect their personal and financial information. <a class="reference external" href="http://betanews.com/2016/09/14/american-express-phishing/">Click Here to Read More.</a></p>
</div>
<div class="section" id="new-phishing-scam-preys-on-nab-customers">
<h2>New Phishing Scam Preys On NAB Customers</h2>
<p>The customers of National Australian Bank were being targeted in a new phishing scam. The phishing e-mail being sent to customers requested that their account with NAB required <em>"additional verification"</em>. However, the e-mail was designed to trick them into opening a malicious attachment. Scammers tricked the users by stating in the e-mail that their accounts with NAB would be suspended, if they did not comply. Once the victim opened the attachment, they were presented with a webpage that was used to steal their login credentials. <a class="reference external" href="http://www.theaustralian.com.au/business/technology/nab-users-warned-of-new-phishing-scam/news-story/0366f227a5f2220013316304e451ee58">Click Here to Read More.</a></p>
</div>
<div class="section" id="russian-hackers-leak-simone-biles-and-serena-williams-files">
<h2>Russian Hackers Leak Simone Biles And Serena Williams Files</h2>
<p>Following up from <a class="reference external" href="http://antiphishing.club/phishing-scams-weekly-top-3-ed-35-2016/">a previous week's report</a>, the Fancy Bear hacking group leaked information taken from the World Anti-Doping Agency (WDA). The leaked information contained the medical files of two US athletes, who recently competed in the Rio 2016 Olympics. Both Serena Williams and Simone Biles personal medical information were released by the hackers as an attempt to discredit the WDA. The hackers released information detailing "Therapeutic Use Exemptions". Where both athletes informed WDA that they were taking banned substances, but were verified for their medical needs. The hackers claimed that this was "licensed doping" by the athletes, but other Sport authorities have stated that this is a normal practice. <a class="reference external" href="http://www.bbc.com/news/world-37352326">Click Here to Read More.</a></p>
</div>
Phishing Scams - Weekly Top 3 - ED-36.20162016-09-27T22:03:00-04:002016-09-27T22:03:00-04:00Jon Phishtag:antiphishing.club,2016-09-27:/phishing-scams-weekly-top-3-ed-36-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to NatWest, Phishing-as-a-Service and Pokemon Go.</p>
<div class="section" id="fake-natwest-support-accounts-steal-customers-bank-details">
<h2>Fake NatWest …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to NatWest, Phishing-as-a-Service and Pokemon Go.</p>
<div class="section" id="fake-natwest-support-accounts-steal-customers-bank-details">
<h2>Fake NatWest Support Accounts Steal Customers' Bank Details</h2>
<p>Fake banking support Twitter accounts are still being used by scammers to steal bank login credentials. The customers of NatWest Bank were targeted earlier this week by this type of phishing scam. The phishing scam began with customers attempting to contact NatWest via their Twitter account. However, while searching for the Twitter account, some customers ended up contacting scammers through the fake NatWest Twitter page. Once the scammer had made contact with the customer, they tricked them into click on malicious links in tweets forwarded to the customer. These links forwareded the customers to a fake login page setup by the scammers to steal their login credentials to their bank accounts. <a class="reference external" href="http://www.telegraph.co.uk/money/consumer-affairs/fake-natwest-twitter-account-targets-customers-to-steal-bank-det/">Click Here to Read More.</a></p>
</div>
<div class="section" id="phishing-as-a-service-makes-everthing-easier">
<h2>Phishing-As-A-Service Makes Everthing Easier</h2>
<p>Scammers use fake login websites to steal login credentials. This method is the most popular method to trick users into giving up their account logins. These pages look and feel like the legitmate websites that they emulate. However, security researchers have now found a Russian underground webiste that offers these fake login pages for free. THe service is known as "Fake-Game" and it allows anyone to create an athentic looking phishing page. The user does not need to have any training or technical knowlodge to use it. However, even though the service is free, there is also a paid plan that allows users to access all the stolen login credentials collected by the free users. Additionally, paid users can block other paid users from using stolen accounts they are accessing. <a class="reference external" href="http://thetechnews.com/this-phishing-service-makes-stealing-passwords-the-easiest-task-ever/">Click Here to Read More.</a></p>
</div>
<div class="section" id="pokemon-go-scammers-using-soical-media-phishing-to-target-gamers">
<h2>Pokemon Go Scammers Using Soical Media Phishing To Target Gamers</h2>
<p>Scammers and hackers are using social media to spread fake apps and phishing messages that target Pokemon Go users. Security researchers have found that several social media pages related to Pokemon Go, were actually serving malicious links to unsuspecting gamers. The social media accounts offered gamers downloads to game guides and apps to assist them with their gaming experience. However, these downloads actually contained adware and/or malware that was used to infect players' smartphones. Once installed, these apps recorded user's actions on their smartphones or redirected gamers to fake dating websites. <a class="reference external" href="http://www.scmagazine.com/researchers-spot-fake-pokemon-go-social-channels-and-imitation-apps/article/521306/">Click Here to Read More.</a></p>
</div>
Phishing Scams - The Weekly Top 3 - ED-35.20162016-09-02T00:42:00-04:002016-09-02T00:42:00-04:00Jon Phishtag:antiphishing.club,2016-09-02:/phishing-scams-weekly-top-3-ed-35-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to GoDaddy, Paypal and a classic $44m e-mail …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to GoDaddy, Paypal and a classic $44m e-mail scam.</p>
<div class="section" id="godaddy-customers-receive-phishing-emails">
<h2>GoDaddy Customers Receive Phishing Emails</h2>
<p>A new phishing scam targeting <a class="reference external" href="https://godaddy.com">GoDaddy</a> customers surfaced earlier this week. The phishing e-mail contained a notification that informed the customer that their e-mail storage had reached its capacity. As a result, they would not be able to receive any e-mails. The e-mail continued by requesting the customer upgrade their storage or have their account suspended. They were directed to click on a malicious e-mail link, which forwarded them to a fake GoDaddy login page. This page was used to steal the customer's login credentials. <a class="reference external" href="http://www.scmagazine.com/godaddy-customers-target-of-phishing-scam/article/519092/">Click Here</a> to read more.</p>
</div>
<div class="section" id="paypal-customers-targeted-in-new-phishing-scam-dubbed-angular-phishing">
<h2>Paypal Customers Targeted In New Phishing Scam Dubbed Angular Phishing</h2>
<p>Customers of the popular payment service, <a class="reference external" href="https://paypal.com">PayPal</a> have been tricked into giving their login credentials via malicious links on Twitter. The phishing scam dubbed <em>angular phishing</em>, has been around for sometime, but has recently resurfaced on social media. It begins with the scammer using a fake customer-support account to help customers, but instead the scammers attempt to steal their victim's login credentials. The latest in this type of attack involved the use of two fake PayPal Twitter accounts. Where a tweet was sent out to customers, which encouraged the recipients to go to the actual PayPal account for assistance. While there, the scammers would be monitoring the PayPal page in the hope of convincing their victims that they were actual PayPal support. The scammers would supply the customer with a malicious link to a fake login website and steal their login credentials. <a class="reference external" href="http://www.scmagazine.com/paypal-users-targeted-in-new-angler-phishing-scam-proofpoint-report/article/519731/">Click Here</a> to read more.</p>
</div>
<div class="section" id="oldest-e-mail-scam-nets-hackers-44m-in-a-single-heist">
<h2>Oldest E-mail Scam Nets Hackers $44m In A Single Heist</h2>
<p>The leading cable manufacturer, <a class="reference external" href="https://www.leoni.com/en/">Leoni AG</a> announced that they were the victim of a phishing scam. It cost the company $44 million dollars and the scammers used an old phishing scam to swindle the funds from the company. The phishing scam involved using fake payment request e-mails, which were sent to a Leoni satellite in Romania. The messages were received and handled by one of the company's financial officers, who processed the request. This netted the scammers $44 million dollars, with no questions asked. <a class="reference external" href="http://thenextweb.com/insider/2016/09/01/leading-european-company-loses-40-million-classic-email-scam/#gref">Click Here</a> to read more.</p>
</div>
Phishing Scams - Weekly Top 3 - ED-34.20162016-08-25T21:38:00-04:002016-08-25T21:38:00-04:00Jon Phishtag:antiphishing.club,2016-08-25:/phishing-scams-weekly-top-3-ed-34-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, USAA and a very Fancy Bear …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, USAA and a very Fancy Bear.</p>
<div class="section" id="apple-and-netflix-customers-targeted-in-phishing-scam">
<h2>Apple and Netflix Customers Targeted In Phishing Scam</h2>
<p>A new Apple iTunes phishing scam had surfaced, earlier this week. Apple customers reported to receive phishing e-mails containing fake invoices. These invoices contained purchases from the iTunes, App Store or Netflix subscriptions. In the e-mails, the scammers claimed that the victim purchased these items/services from Apple. They requested that the victim click on a 'refund' link in the e-mail. When the link was clicked, the victim was forwarded to a fake Apple website. This website was used by the scammers steal credit card information. <a class="reference external" href="http://www.thisismoney.co.uk/money/news/article-3755377/Alert-Apple-email-scam-scares-victims-thinking-used-bank-details.html">Click Here</a> to read more.</p>
</div>
<div class="section" id="usaa-members-targeted-in-new-phishing-campaign">
<h2>USAA Members Targeted In New Phishing Campaign</h2>
<p>Members of the United Services Automobile Association (USAA) were the target of a new phishing scam, earlier this week. Security experts found that USAA members were receiving e-mails from SPAM hosts. Upon further investigation, the researchers found that the phishing e-mails stated that either the member had a pending transaction or their account must be updated. The e-mail contained a link that fowarded the victim to a fake USAA website. This website was used to steal the USAA members' login information. <a class="reference external" href="http://www.scmagazine.com/usaa-members-hit-with-multiple-phishing-attacks/article/517955/">Click Here</a> to read more.</p>
</div>
<div class="section" id="fancy-bear-hacking-group-target-world-anti-doping-agency">
<h2>'Fancy Bear' Hacking Group Target World Anti-Doping Agency</h2>
<p>The World Anti-Doping Agency (WADA) was the target of a phishing campaign to steal login credentials. Security researchers beleive that an old Russian hacking group called 'Fancy Bear', was behind the phishing attacks. This hacking group was also responsible for the hacking of WADA's website, after its report on the 2014 Sochi Games doping scandal. The phishing e-mails were sent to both WADA and Court of Arbitration for Sport (CAS). These e-mails stated that WADA was requesting the login credentials for a datbase used by the officials. The e-mails contained a malicious link that forwarded the victim to a fake website operated by the hacking group. This website was used to steal the login credentials for the database. <a class="reference external" href="http://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508">Click Here</a> to read more.</p>
</div>
Phishing Scams - The Weekly Top 3 - ED.33.20162016-08-18T23:31:00-04:002016-08-18T23:31:00-04:00Jon Phishtag:antiphishing.club,2016-08-18:/phishing-scams-weekly-top-3-ed-33-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to student loans, scammer AI and a Ghoul …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to student loans, scammer AI and a Ghoul haunting industrial firms.</p>
<div class="section" id="student-loans-company-issues-phishing-alert">
<h2>Student Loans Company Issues Phishing Alert</h2>
<p>A student loans company in the United Kingdom had to issue an alert to prospective students. This warning was to inform the students that phishing e-mails were being used to scam students. The e-mails were part of a phishing scam that was targeting students for their personal and financial information. The e-mails stated that if the student did not click on the link in the e-mail, they would lose or have a delay in their loan payments. Once the student clicked on the link, they were forwarded to a fake website that was used to obtain the information the scammers wanted. <a class="reference external" href="http://www.infosecurity-magazine.com/news/student-loans-company-in-phishing/">Click here</a> to read more.</p>
</div>
<div class="section" id="scammer-ai-knows-your-gullibility">
<h2>Scammer AI Knows Your Gullibility</h2>
<p>Scammers are using a <a class="reference external" href="https://www.newscientist.com/article-topic/machine-learning/">new technology</a> to trick people into phishing scams. Security researchers have recently found that scammers are using machine learning techniques to create tweets that look similar to company or high-profile twitter users. However, unknown to the victim, the tweets contained malicious links that would forward the victim to fake websites. Once a person visited the website, they were either tricked into downloading malware or divulging their personal and financial information. The difficulty with these phishing Twitter and Facebook messages was that they were extremely convincing to the victim. Because the victim trusts the source of the tweet, they click the link without thinking about it. <a class="reference external" href="https://www.newscientist.com/article/2101483-scammer-ai-can-tailor-clickbait-to-you-for-phishing-attacks/">Click here</a> to read more.</p>
</div>
<div class="section" id="operation-ghoul-targets-engineering-and-industrial-firms">
<h2>Operation Ghoul Targets Engineering and Industrial Firms</h2>
<p>Security Researchers at Kaspersky Lab have found a new cyber-attack called <a class="reference external" href="https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/">Operation Ghoul</a>. It was conducted by a group of hackers, who are targeting industrial and engineering firms from more than 30 countries. The purpose of the attack was to gain information from these firms so that the hackers could turn a profit. The attack began with a spear-phishing e-mail that contained a VBA macro enable Office document, as an attachment. When an employee at the engineering firm opened the attachment, their computer was infected with malware. The malware collected keystrokes, clipboard data and other important information used by the firm. The malware would send this information to the hackers who would use it for further activities. <a class="reference external" href="http://www.itproportal.com/2016/08/18/operation-ghoul-industrial-and-engineering-firms-under-attack/">Click here</a> to read more.</p>
</div>
The Weekly Top 3 - ED-22.20162016-06-02T23:23:00-04:002016-06-02T23:23:00-04:00Jon Phishtag:antiphishing.club,2016-06-02:/weekly-top-3-ed-22-2016.html<div class="line-block">
<div class="line">The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to UK Students, a Kraken and a stealthy …</div></div><div class="line-block">
<div class="line">The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to UK Students, a Kraken and a stealthy Falcon.</div>
<div class="line"><br /></div>
</div>
<div class="section" id="criminals-using-passport-information-phone-scam-to-target-students">
<h2>Criminals Using Passport Information Phone Scam to Target Students</h2>
<p>Foreign students studying in the UK are the latest victim of a vishing scam. Scammers have obtained the personal information about Tier 4 visa students and are using this information to scam these students out of money. The scam involves an phone call from an individual claiming to represent the UK Home Office. The scammers tell the students that they owe the UK government money for an "immigration service". They continue to threaten the student with imprisonment, if they do not pay the fee. These aggressive attacks often coerced the student into making the payment. Even though the scammers are not calling from the Home Office, they have masked their number so that the caller ID matches that of the Home Office. Click the link below to read more.</p>
<blockquote>
<a class="reference external" href="http://www.yorkvision.co.uk/news/criminals-tell-students-weve-got-your-passport-number-pay-up-or-get-kicked-out-of-the-country/02/06/2016">http://www.yorkvision.co.uk/news/criminals-tell-students-weve-got-your-passport-number-pay-up-or-get-kicked-out-of-the-country/02/06/2016</a></blockquote>
</div>
<div class="section" id="kraken-phishing-e-mal-targets-bitcointalk-users-and-mt-gox-victims">
<h2>Kraken Phishing E-mal Targets Bitcointalk Users And Mt. Gox Victims</h2>
<blockquote>
<p>Recently users of the forum <a class="reference external" href="https://bitcointalk.org/">Bitcointalk</a> received an phishing e-mail purporting to come from the Kraken Bitcoin Exchange. The e-mail claimed to have information about the ongoing investigation into the Mt. Gox exchange. The phishing e-mail stated that contained a list of accepted and rejected Mt. Gox claims and it contained a link to a file stored on Google Drive. Once the victim downloaded and opened the file, their computer was infected with either malware or ransomware. Even though the phishing e-mail was directed at Mt. Gox victims, it appears that the actual target of these scammers are users of the forum, who in most cases don't have any claims with Mt. Gox. Click the link below to read more.</p>
<p><a class="reference external" href="http://bitcoinist.net/spoofed-kraken-email-is-a-mt-gox-victims-phishing-attempt/">http://bitcoinist.net/spoofed-kraken-email-is-a-mt-gox-victims-phishing-attempt/</a></p>
</blockquote>
</div>
<div class="section" id="stealth-falcon-targets-uae-activists-and-dissidents">
<h2>Stealth Falcon Targets UAE Activists And Dissidents</h2>
<p>An Advanced Persistent Threat (APT) group named Stealth Falcon had recently carried out a phishing campaign that targeted UAE journalists, activists and dissidents. The cyber espionage group's actions have been linked to the UAE government. The phishing campaign involved the use of both e-mail and social media messages to spread custom made spyware onto their target's computer. The spyware was delivered by Office document files that were either attached to the message or a link was provided to download the malicious document file. Researchers stated that once installed, the spyware would transfer data to numerous Command & Control servers. This data would then be analyzed and reported by the group. Click the link below to read more.</p>
<blockquote>
<a class="reference external" href="http://www.ibtimes.co.uk/cyberespionage-group-stealth-falcon-targeting-uae-dissidents-spyware-1563092">http://www.ibtimes.co.uk/cyberespionage-group-stealth-falcon-targeting-uae-dissidents-spyware-1563092</a></blockquote>
</div>
The Weekly Top 3 - ED-20.20162016-05-19T23:17:00-04:002016-05-19T23:17:00-04:00Jon Phishtag:antiphishing.club,2016-05-19:/weekly-top-3-ed-20-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Rio Olympics, Sainsbury's and phishing fishermen.</p>
<div class="section" id="phishing-scam-leverages-the-2016-rio-olympics">
<h2>Phishing …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Rio Olympics, Sainsbury's and phishing fishermen.</p>
<div class="section" id="phishing-scam-leverages-the-2016-rio-olympics">
<h2>Phishing Scam Leverages the 2016 Rio Olympics</h2>
<p>The 2016 Rio de Janeiro Olympics is starting very soon and scammers are using the opportunity to cash in before this worldwide event begins. Earlier this week, security researchers discovered an increase in phishing attacks, spam and other scams related to this prestigious event. They stated that scammers are registering domains that contain the words "Rio" and "rio2016" for the purpose of setting up fake websites to steal personal and financial information. Additionally, the phishing e-mails being sent to unsuspecting victims contain PDF document attachments informing them that they have won the lottery. Click the link below to read more.</p>
<p><a class="reference external" href="https://www.hackread.com/rio-olympics-phishing-malware-scams/">https://www.hackread.com/rio-olympics-phishing-malware-scams/</a></p>
</div>
<div class="section" id="sainsbury-insurance-e-mails-revealed-to-be-just-spam">
<h2>Sainsbury Insurance E-mails Revealed To Be Just SPAM</h2>
<p>Several UK customers of the Sainsbury's Bank received a strange e-mail from the institution confirming purchases for insurance policies. The e-mail claimed that the customer purchased policies for travel, home and car insurance from the Bank. Analysis of the e-mail showed that the branding and format of the e-mails were convincing enough to the recipient, but gave no further details. It appeared that these e-mails could have been the start of a phishing scam. However, Sainsbury's Bank released a statement later that day saying that the e-mail was sent in error and have issued an apology letter to the recipients. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2016/05/17/sainsburys_bank_spam_confusion/">http://www.theregister.co.uk/2016/05/17/sainsburys_bank_spam_confusion/</a></p>
</div>
<div class="section" id="phishing-scam-in-ukraine-targets-actual-fishermen">
<h2>Phishing Scam In Ukraine Targets Actual Fishermen</h2>
<p>For several years, Ukraine has been facing cyberattacks because of the ongoing armed conflict between the government and separatist movements. As a result, security researchers from ESET have uncovered and other cyber-espionage operation by the name of Operation Groundbait. The purpose of this campaign was to target anti-government separatists by infecting their computers with Trojan malware that stole passwords and other sensitive information. This malware was spread using spear phishing e-mails that contained a malicious attachment. When the victim opened this attachment, they were presented with a document price list of fishing ground-bait, while the malware installed itself on the computer. Once installed, the malware logged all the victim's keystrokes which were sent to a remote server controlled by the hackers. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.welivesecurity.com/2016/05/18/groundbait/">http://www.welivesecurity.com/2016/05/18/groundbait/</a></p>
</div>
The Weekly Top 3 - ED-19.20162016-05-12T23:42:00-04:002016-05-12T23:42:00-04:00Jon Phishtag:antiphishing.club,2016-05-12:/weekly-top-3-ed-19-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Google, Dropbox and Russian Hackers.</p>
<div class="section" id="google-cuts-payday-loans-to-stop-misleading-advertising-and-potential-phishing">
<h2>Google Cuts …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Google, Dropbox and Russian Hackers.</p>
<div class="section" id="google-cuts-payday-loans-to-stop-misleading-advertising-and-potential-phishing">
<h2>Google Cuts Payday Loans To Stop Misleading Advertising and Potential Phishing</h2>
<p>Google stated earlier this week that it will stop serving online advertisements for short-term loans. The company decided to stop these ads because they were considered harmful or misleading and could lead to counterfeit merchandise or phishing sites. These type of ads go against Google's policies with regard to serving advertising content to users. They continued to explain that the company has a responsibility to protect users from harmful financial products, which can result in unaffordable payment plans and high interest rates. These legitimate scams are used to target poor people with money problems, who use Google's search engine for financial advice. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2016/05/11/google_kneecaps_payday_loan_ads/">http://www.theregister.co.uk/2016/05/11/google_kneecaps_payday_loan_ads/</a></p>
</div>
<div class="section" id="old-dropbox-scam-resurfaces-with-a-twist">
<h2>Old Dropbox Scam Resurfaces With A Twist</h2>
<p>Scammers and hackers are at it again with another Dropbox phishing scam. The phishing scam involved a message that stated someone had shared with the victim a document via Dropbox. It further stated that in order to access the file, the victim would have to click the link in the message. However, instead of taking the victim to the Dropbox website, the link allowed malware to be downloaded onto the victim's computer. Once installed, the malware logged the infected computer's keystrokes so as to steal passwords and other personal information. Click the link below to read more.</p>
<p><a class="reference external" href="http://whnt.com/2016/05/10/dropbox-phishing-alert-old-scam-new-twist/">http://whnt.com/2016/05/10/dropbox-phishing-alert-old-scam-new-twist/</a></p>
</div>
<div class="section" id="russian-hackers-target-german-political-party">
<h2>Russian Hackers Target German Political Party</h2>
<p>Earlier this week, cyber attacks have been launched against a German political party, who is affiliated with German Chancellor Angela Merkel. These attacks are being coordinated by a hacker group called Pawn Storm. The purpose of this attack was to steal personal and government information from the Christian Democratic Party (CDU). The hackers set up a fake corporate e-mail server so as to send phishing e-mails to party members. The e-mails sent from these servers would be used to steal online account login credentials from the party members. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.ibtimes.co.uk/pawn-storm-russian-hackers-target-german-chancellor-angela-merkels-cdu-party-1559671">http://www.ibtimes.co.uk/pawn-storm-russian-hackers-target-german-chancellor-angela-merkels-cdu-party-1559671</a></p>
</div>
The Weekly Top 3 - ED-18.20162016-05-05T22:30:00-04:002016-05-05T22:30:00-04:00Jon Phishtag:antiphishing.club,2016-05-05:/weekly-top-3-ed-18-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Brunswick and a one dollar password …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Brunswick and a one dollar password sale.</p>
<div class="section" id="apple-warns-uk-iphone-users-of-phishing-scam">
<h2>Apple Warns UK iPhone Users Of Phishing Scam</h2>
<p>A new phishing scam targeting Apple’s customers in the United Kingdom has surfaced early this week. The victims of this phishing scam stated that they were receiving texts from an unknown number claiming to be from “iSupport”. The phishing message warned their recipients that their iCloud accounts were deactivated. The message then requested that they clicked on the link in the message so as to reactivate the account. Once the victim clicked on the link, they were forwarded to a fake Apple login page that would ask them for their Apple ID and password. This page was used to steal the victim’s Apple ID credentials. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.peterboroughtoday.co.uk/news/crime/apple-warn-iphone-users-of-scam-targeting-its-customers-in-uk-today-1-7364486">http://www.peterboroughtoday.co.uk/news/crime/apple-warn-iphone-users-of-scam-targeting-its-customers-in-uk-today-1-7364486</a></p>
</div>
<div class="section" id="brunswick-discloses-incident-involving-employee-information">
<h2>Brunswick Discloses Incident Involving Employee Information</h2>
<p>The Brunswick Corporation recently informed the public that they were a victim of an incident involving a phishing attack. As a result, the scammers were able to potentially obtain W-2 tax information of their current and previous employees. No further details were given about the phishing attack. However, Brunswick stated that they are offering credit monitoring and identity theft insurance to all persons affected by this incident. Click on the link below to read more.</p>
<p><a class="reference external" href="http://boatingindustry.com/news/2016/05/02/brunswick-reports-phishing-incident/">http://boatingindustry.com/news/2016/05/02/brunswick-reports-phishing-incident/</a></p>
</div>
<div class="section" id="massive-e-mail-repository-sold-for-less-than-1">
<h2>Massive E-mail Repository Sold For Less Than $1</h2>
<p>Security researchers from <a class="reference external" href="http://holdsecurity.com/">Hold Security</a> recently discovered hacker on a Russian forum attempting to sell a trove of over 1.17 billion stolen e-mail credential records. Strangely enough, the hacker only wanted 50 roubles (i.e. less than USD $1.00) for the entire database. The security firm was able to trade favors with the hacker in order to obtain the records, which were analyzed by the firm. The analysis of these records showed that the majority of them came from Mail.ru accounts, while the rest came from Gmail, Microsoft and Yahoo. German and Chinese e-mail provider accounts were also found in the records. The stolen credentials can be used to execute phishing campaigns on the affected users, which can include account take-over and inbox reconnaissance. Click on the link below to read more.</p>
<p><a class="reference external" href="http://uk.reuters.com/article/us-cyber-passwords-idUKKCN0XV1I6">http://uk.reuters.com/article/us-cyber-passwords-idUKKCN0XV1I6</a></p>
</div>
The Weekly Top 3 - ED-17.20162016-04-29T01:52:00-04:002016-04-29T01:52:00-04:00Jon Phishtag:antiphishing.club,2016-04-29:/weekly-top-3-ed-17-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, Wick Hill and ICA.</p>
<div class="section" id="new-facebook-phishing-campaign-surfaces">
<h2>New Facebook …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, Wick Hill and ICA.</p>
<div class="section" id="new-facebook-phishing-campaign-surfaces">
<h2>New Facebook Phishing Campaign Surfaces</h2>
<p>Security researchers at <a class="reference external" href="https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwizsPaX0rLMAhUBPj4KHa3CBfMQFggeMAA&url=http%3A%2F%2Fwww.netcraft.com%2F&usg=AFQjCNFsjONC41aSoL3aVgA3hQOyGauRsw">NetCraft</a> have recently discovered another Facebook phishing scam. According to the researchers, the scammers were using Facebook's own Transport Layer Security (TLS) certificates to create fake Facebook Verification pages. The phishing scam involved sending a message to Facebook user requesting their credentials for security reasons. Once the victim clicked the link in the message, they were forwarded to the fake Facebook Verification page. Once the victim entered their credentials, they received an e-mail stating that their credentials were being verified and they must wait for a response. In the meanwhile, the scammers would sell the stolen credentials or use them for their other scamming activities. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.zdnet.com/article/facebook-serves-up-its-own-phishing-campaigns-to-users/">http://www.zdnet.com/article/facebook-serves-up-its-own-phishing-campaigns-to-users/</a></p>
</div>
<div class="section" id="wick-hill-warns-employees-of-phishing-scam">
<h2>Wick Hill Warns Employees Of Phishing Scam</h2>
<p>The popular distribution company, Wick Hill sent a warning to their employees about a phishing scam involving a court summons. This phishing scam was detected by an employee, who received an e-mail from an unknown party stating they must give evidence involving the company. The e-mail also contained an attachment that the sender claimed contained a list of documents to bring to the trial. The employee who received the e-mail was able to determine that the e-mail was a phishing e-mail and the company was able to warn the other employees of the scam. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.channelweb.co.uk/crn-uk/news/2456439/wick-hill-warns-channel-over-phishing-scam">http://www.channelweb.co.uk/crn-uk/news/2456439/wick-hill-warns-channel-over-phishing-scam</a></p>
</div>
<div class="section" id="ica-warns-public-of-fake-website-used-in-phishing-scam">
<h2>ICA Warns Public Of Fake Website Used In Phishing Scam</h2>
<p>The Immigration and Checkpoints Authority (ICA) of Singapore recently warned the public of a phishing scam involving a fake ICA website. The phishing scam involved sending unsuspecting visa applicants to this fake ICA website using phishing e-mails. Once the applicants were sent to the fake website, they were requested to enter their visa application numbers and/or passport numbers, which were stolen by the scammer through the website's form. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.channelweb.co.uk/crn-uk/news/2456439/wick-hill-warns-channel-over-phishing-scam">http://www.todayonline.com/singapore/ica-warns-about-fake-phishing-website-police-report-made</a></p>
</div>
The Weekly Top 3 - ED-15.20162016-04-14T23:47:00-04:002016-04-14T23:47:00-04:00Jon Phishtag:antiphishing.club,2016-04-14:/weekly-top-3-ed-15-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Olympia School and "Lets Play a …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Olympia School and "Lets Play a Game....."</p>
<div class="section" id="new-apple-id-phishing-scam-targets-users">
<h2>New Apple ID Phishing Scam Targets Users</h2>
<p>Apple users are being targeted for their Apple ID credentials yet again. The new phishing scam involves messages being sent to the victims from AppleInc. The phishing message indicated that the victim's Apple ID was expiring and requested that they click a link in the message to prevent it. When the victim clicked on the link, they were forwarded to a fake website that imitated an Apple ID login page. Once they entered their login credentials into the fake website, the website would notify the victim that their Apple ID was "locked for security reasons". The webpage would then prompt the victim to give their personal and credit card information so that their account could be "verified". Click the link below to read more.</p>
<p><a class="reference external" href="http://www.ibtimes.co.uk/be-aware-phishers-target-apple-customers-steal-their-id-credentials-1554871">http://www.ibtimes.co.uk/be-aware-phishers-target-apple-customers-steal-their-id-credentials-1554871</a></p>
</div>
<div class="section" id="olympia-school-district-falls-victim-to-phishing-scam">
<h2>Olympia School District Falls Victim To Phishing Scam</h2>
<p>Another organization has fallen victim to a phishing attack. An employee with the Olympia School District in Washington fell victim to a phishing e-mail and released over 2,100 employees personal information to a scammer. The spear phishing e-mail was sent to the employee using a spoofed e-mail address of the District's Superintendent. The e-mail requested the personal information of all employees during 2015. As a result, the victim sent the information to the fake Superintendent. The affected employees have been informed by the District and were given free credit reports so as to avoid identity theft. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/olympia-school-district-employee-data-compromised-in-phishing-attack/article/489911/">http://www.scmagazine.com/olympia-school-district-employee-data-compromised-in-phishing-attack/article/489911/</a></p>
</div>
<div class="section" id="jigsaw-ransomware-deletes-user-s-data-file-by-file">
<h2>Jigsaw Ransomware Deletes User's Data File By File</h2>
<p>Ransomware is becoming an increasing problem for computer users. A new ransomware called Jigsaw, was released earlier this week. It was named after the Saw horror films. Like other ransomware, it encrypts the victim's files using cryptography techniques and holds them ransom till the victim pays the hacker in bitcoins. However, this type of ransomware actually deletes the victim's files every hour that they delay payment. This malware was spread through malicious attachments in SPAM e-mails. Once opened the malware pretended to be the Mozilla Firefox web browser or Dropbox file storage client service, which it used to infect the computer and encrypt the victim's files. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.ibtimes.co.uk/jigsaw-ransomware-saw-inspired-malware-deletes-files-bit-by-bit-hourly-until-you-pay-1554862">http://www.ibtimes.co.uk/jigsaw-ransomware-saw-inspired-malware-deletes-files-bit-by-bit-hourly-until-you-pay-1554862</a></p>
</div>
The Weekly Top 3 - ED-12.20162016-03-25T02:45:00-04:002016-03-25T02:45:00-04:00Jon Phishtag:antiphishing.club,2016-03-25:/weekly-top-3-ed-12-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Verizon, Kemuri Water Company and whaling for …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Verizon, Kemuri Water Company and whaling for tax forms.</p>
<div class="section" id="customer-data-stolen-from-verizon">
<h2>Customer Data Stolen From Verizon</h2>
<p>Last week, Verizon discovered a vulnerability in their online portal that allowed hackers to extract the contact information of over 1.5 million enterprise customers. These customers use Verizon Enterprise Solutions to run the day-to-day operations at their respective companies. The contact information was very likely related to the technical managers or employees at these companies, who are easy targets for phishing or spear phishing attacks. The security vulnerability that was used to obtain this information has been fixed, but the customer database is currently being sold online for a large sum of money. Click the link below to read more.</p>
<p><a class="reference external" href="https://krebsonsecurity.com/2016/03/crooks-steal-sell-verizon-enterprise-customer-data/">https://krebsonsecurity.com/2016/03/crooks-steal-sell-verizon-enterprise-customer-data/</a></p>
</div>
<div class="section" id="water-treatment-plant-hacked-and-chemical-mix-altered">
<h2>Water Treatment Plant Hacked And Chemical Mix Altered</h2>
<p>Earlier this week, hackers were able to gain access to the control systems at a water treatment plant. The name of the company was not given in the security report, but it was given the pseudonym, Kemuri Water Company (KWC). The report stated that hackers used SQL injection and phishing techniques to gain access to the operational control system using stolen credentials. Once they accessed the system, they were able to make changes to the chemical mixtures used in the water treatement process. As a result, the hackers were able to handicap KWC's operations. However, these changes were detected by the control systems and KWC was able to reverse the effects. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2016/03/24/water_utility_hacked/">http://www.theregister.co.uk/2016/03/24/water_utility_hacked/</a></p>
</div>
<div class="section" id="spouts-grocery-is-the-latest-victim-in-a-popular-tax-spear-phishing-scam">
<h2>Spouts Grocery Is The Latest Victim In A Popular Tax Spear Phishing Scam</h2>
<p>Sprouts Farmers Markets was hit by a phishing attack aimed at obtaining employee contact and tax information. Using a spear phishing e-mail, the scammers were able to trick the payroll department into sending them the W-2 tax forms of their employees. The information included on these forms contained names, addresses, salaries and Social Security Numbers. This new type of spear phishing attack has now been dubbed "whaling" because the e-mails used in the attack appear to come from a senior member in the company or the CEO, but are actually the scammers pretending to be the same. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/w2-whaling-epidemic-hits-sprouts/">http://www.infosecurity-magazine.com/news/w2-whaling-epidemic-hits-sprouts/</a></p>
</div>
The Weekly Top 3 - ED-10.20162016-03-11T00:04:00-04:002016-03-11T00:04:00-04:00Jon Phishtag:antiphishing.club,2016-03-11:/weekly-top-3-ed-10-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to SevOne, Seagate and the unemployed.</p>
<div class="section" id="sevone-hit-by-spear-phishing-attack">
<h2>SevOne Hit …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to SevOne, Seagate and the unemployed.</p>
<div class="section" id="sevone-hit-by-spear-phishing-attack">
<h2>SevOne Hit By Spear Phishing Attack</h2>
<p>A digital infrastructure management company named SevOne is the latest company to fall victim to a spear phishing scam. Earlier this week, the company disclosed that employee information was sent to an unauthorized recipient as a consequence of a spear phishing e-mail. The company has not released the details of this incident, but has stated that employees’ names, addresses, salaries and Social Security numbers were stolen. It is likely that the scammers who received this information would use it to file false tax returns or commit identity theft. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.delawareonline.com/story/money/business/2016/03/09/sevone-released-employee-data-online-scammers/81532396/">http://www.delawareonline.com/story/money/business/2016/03/09/sevone-released-employee-data-online-scammers/81532396/</a></p>
</div>
<div class="section" id="seagate-releases-employee-tax-details-after-phishing-scam">
<h2>Seagate Releases Employee Tax Details After Phishing Scam</h2>
<p>The popular technology company, Seagate has also been the victim of a spear phishing scam. Employee information was stolen as well, in this phishing attack. The scam targeted the HR department of the company. In this instance, a spear phishing e-mail was received by an employee that appeared to have been sent by the CEO. In the e-mail the fake CEO requested the company’s W2 (tax) forms. This request tricked the employee into sending the information to the scammer. As a result, employees’ names, addresses, birth dates and other information were stolen. In response to the data breach, the company has offered their employees identity theft protection. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theinquirer.net/inquirer/news/2450313/seagate-gives-out-employee-tax-details-after-phishing-scam">http://www.theinquirer.net/inquirer/news/2450313/seagate-gives-out-employee-tax-details-after-phishing-scam</a></p>
</div>
<div class="section" id="unemployed-persons-targeted-in-phishing-scam">
<h2>Unemployed Persons Targeted in Phishing Scam</h2>
<p>The Iowa Workforce Development agency in Mason City, Iowa, U.S.A., recently learnt of several phishing scams targeting unemployed persons in the State. The phishing scams involved an e-mails being sent to Iowans who filed for unemployment and were awaiting benefits. There were no details given about the phishing e-mails, but the agency had stated that clicking on a link in the body of an e-mail could either infect your computer with malware or forward you to a fake website. This fake website was used to steal the victim’s personal and/or credit card information. Click the link below to read more.</p>
<p><a class="reference external" href="http://kimt.com/2016/03/10/phishing-email-targets-unemployed/">http://kimt.com/2016/03/10/phishing-email-targets-unemployed/</a></p>
</div>
The Weekly Top 3 - ED-09.20162016-03-03T23:17:00-04:002016-03-03T23:17:00-04:00Jon Phishtag:antiphishing.club,2016-03-03:/weekly-top-3-ed-09-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Main Line Health, First National Bank and …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Main Line Health, First National Bank and Snapchat.</p>
<div class="section" id="main-line-health-employee-information-leaked">
<h2>Main Line Health Employee Information Leaked</h2>
<p>Another health institution has become a victim of a spear phishing scam this week. The Main Line Health organization in Philadelphia, U.S.A. had their employee data stolen by a scammer. The scammer pretended to be an executive of the company in a spear phishing e-mail sent to an employee. In the e-mail the fake executive requested the personal information of all employees. As a result, approximately 11,000 employees were affected by the data breach and the scammer was able to obtain employee names, Social Security Numbers, birth dates, addresses and salaries. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.phillyvoice.com/almost-11000-main-line-health-employees-affected-phishing-scam/">http://www.phillyvoice.com/almost-11000-main-line-health-employees-affected-phishing-scam/</a></p>
</div>
<div class="section" id="thousands-of-rands-lost-in-fnb-mtn-phishing-scam">
<h2>Thousands Of Rands Lost In FNB, MTN Phishing Scam</h2>
<p>A South African forensic investigator uncovered a Sim-swapping scam, which netted the scammer thousands of rands from the country's First National Bank. The scam involved the scammer tricking the MTN call center operator into moving the doctor's phone number to another SIM card owned by the scammer. This allowed the scammer to monitor the doctor's mobile phone and eventually transfer funds out of the doctor's bank account. This unauthorized SIM card change was not disclosed by MTN and therefore it took a while before the doctor noticed the stolen monies. Click the link below to read more.</p>
<p><a class="reference external" href="http://thesouthafrica.co.za/thousands-rands-lost-fnb-mtn-scam/">http://thesouthafrica.co.za/thousands-rands-lost-fnb-mtn-scam/</a></p>
</div>
<div class="section" id="snapchat-employee-falls-for-phishing-e-mail">
<h2>Snapchat Employee Falls For Phishing E-mail</h2>
<p>Yet again another employee has fallen for a spear phishing scam, which allowed scammers to steal employee information. However, the company involved in the breach was Snapchat. The spear phishing e-mail was sent to an employee in the payroll department and appeared to come from the Chief Executive of Snapchat. It requested employee information from all employees who worked for the company. As a result, over 700 present and past employees were affected when the employee who received the e-mail, sent the information to the scammer. The information disclosed included name, address, Social Security numbers, salaries and other tax information. Click the link below to read more.</p>
<p><a class="reference external" href="http://tech.firstpost.com/news-analysis/snapchat-employee-data-leaks-out-in-phishing-attack-but-user-data-is-safe-302219.html">http://tech.firstpost.com/news-analysis/snapchat-employee-data-leaks-out-in-phishing-attack-but-user-data-is-safe-302219.html</a></p>
</div>
The Weekly Top 3 - ED-08.20162016-02-26T01:26:00-04:002016-02-26T01:26:00-04:00Jon Phishtag:antiphishing.club,2016-02-26:/the-weekly-top-3-ed-08-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to St. Joseph's Healthcare, ICICI Bank and the …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to St. Joseph's Healthcare, ICICI Bank and the IRS.</p>
<div class="section" id="phishing-scam-compromises-healthcare-employees-information">
<h2>Phishing Scam Compromises Healthcare Employees' Information</h2>
<p>The St. Joseph Healthcare system in New Jersey, U.S.A. announced earlier this week that employee information of more than 5,000 employees was possibly stolen as the result of a phishing scam. The Vice Presedent of External Affairs stated that patient and medical data were not compromised because their internal systems were not breached. However, the names and social security numbers of the affected employees were accessed. There was not much detail surrounding the scam, but the vice president did state that it involved a named company executive using an internal e-mail. Click the link below to read more.</p>
<p><a class="reference external" href="http://healthitsecurity.com/news/phishing-scam-leaks-employee-information-at-nj-facility">http://healthitsecurity.com/news/phishing-scam-leaks-employee-information-at-nj-facility</a></p>
</div>
<div class="section" id="phishing-scam-targets-customers-of-the-largest-private-bank-in-india">
<h2>Phishing Scam Targets Customers Of The Largest Private Bank In India</h2>
<p>Customers of ICICI Bank were recently the target of a phishing scam this week, as reported by <a class="reference external" href="https://hacked.com/tag/comodo-antispam-labs/">Comodo Anti-Spam Labs</a>. The phishing scam involved an e-mail that appeared to come from the Bank. In the e-mail the recipient was asked to update their banking details, which the scammer claimed was mandatory. The phishing e-mail contained a link, which forwarded the victim to a fake webpage. This webpage requested the victim's details including user ID, password, mobile number and debit card information. Click the link below to read more.</p>
<p><a class="reference external" href="https://hacked.com/phishing-malware-strikes-one-largest-private-banks-india/">https://hacked.com/phishing-malware-strikes-one-largest-private-banks-india/</a></p>
</div>
<div class="section" id="irs-reports-400-increase-in-phishing-scams">
<h2>IRS Reports 400% Increase In Phishing Scams</h2>
<p>In the USA, tax season is approaching and Americans are getting ready to file their taxes. However, the <a class="reference external" href="https://www.irs.gov/uac/Newsroom/Consumers-Warned-of-New-Surge-in-IRS-Email-Schemes-during-2016-Tax-Season-Tax-Industry-Also-Targeted">IRS has reported</a> that there is a substantial increase in tax related phishing scams. The phishing e-mails involved in these scams, try to obtain personal and other financial information from their victims. The stolen information is used by the scammers to file bogus tax returns so as to steal money from the IRS. In some instances the e-mails contained links that forwarded their victims to fake IRS webpages, where hackers would steal their victim's social security number and even taxpayer number. Click the link below to read more.</p>
<p><a class="reference external" href="https://nakedsecurity.sophos.com/2016/02/22/irs-reports-400-increase-in-phishing-malware-in-the-past-12-months/">https://nakedsecurity.sophos.com/2016/02/22/irs-reports-400-increase-in-phishing-malware-in-the-past-12-months/</a></p>
</div>
The Weekly Top 3 - ED-06.20162016-02-12T06:54:00-04:002016-02-12T06:54:00-04:00Jon Phishtag:antiphishing.club,2016-02-12:/the-weekly-top-3-ed-06-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to ANZ, SIM swapping and stolen Netflix accounts …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to ANZ, SIM swapping and stolen Netflix accounts.</p>
<div class="section" id="new-sms-phishing-scam-targets-anz-mobile-banking-customers">
<h2>New SMS Phishing Scam Targets ANZ Mobile Banking Customers</h2>
<p>The customers of the Australian and New Zealand Banking Group (ANZ) have become the recent target of cyber criminals. It was reported that a short messaging system (SMS) phishing scam has been luring victims to fake ANZ online banking pages for the purpose of stealing their online banking login credentials. The scam started with an SMS message sent to the cell phone of the victim. This SMS contained a malicious link that forwarded the victim to the mobile version of a genuine-looking banking login webpage. This fake mobile webpage was used to steal the victim's login credentials. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.lifehacker.com.au/2016/02/beware-online-banking-sms-scam-that-snares-victims-with-fake-websites/">http://www.lifehacker.com.au/2016/02/beware-online-banking-sms-scam-that-snares-victims-with-fake-websites/</a></p>
</div>
<div class="section" id="sim-swapping-scams-on-the-rise">
<h2>SIM Swapping Scams On The Rise</h2>
<p>A new type of scam has recently found its way into the mobile banking arena. This new phishing scam is called SIM swap and its purpose is to circumvent bank security. This scam begins with the use of an individual's banking details, which were obtained through phishing techniques. These details and other personal details obtained from social media, were used by the fraudster to create a false identity. The fraudster would use this identity to pose as the victim to the cell phone operator. They would use social engineering techniques to get the operator to cancel the existing victim's mobile number and reactivating it on another SIM which was in the fraudster possession. This allowed the fraudster to receive all calls and texts from the victim's cell number, which included one-time pin or password from a bank. This allowed the fraudster to potentially access the customer's bank account for the purpose of stealing funds. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.itproportal.com/2016/02/11/sim-swap-scams-what-you-need-to-know/">http://www.itproportal.com/2016/02/11/sim-swap-scams-what-you-need-to-know/</a></p>
</div>
<div class="section" id="hackers-stealing-netflix-accounts-and-placing-them-on-the-black-market">
<h2>Hackers Stealing Netflix Accounts And Placing Them On The Black Market</h2>
<p>The demand for cheaper Netflix accounts have lead to hackers selling stolen Netflix accounts on the black market. A <a class="reference external" href="http://www.symantec.com/connect/blogs/netflix-malware-and-phishing-campaigns-help-build-emerging-black-market">report released by Symantec</a> earlier this week revealed that hackers are obtaining these stolen accounts through phishing techniques and malware. The phishing scam involved an e-mail that appeared to come from Netflix. This e-mail instructed the victim to update their account information by clicking on a link in the e-mail. However, this link forwarded the victim to a fake Netflix login webpage, which was used to steal their login credentials. The other method of stealing these credentials was the use of malware, which was disguised as Netflix software. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.techinsider.io/hackers-are-selling-stolen-netflix-accounts-2016-2">http://www.techinsider.io/hackers-are-selling-stolen-netflix-accounts-2016-2</a></p>
</div>
The Weekly Top 3 - ED-04.20162016-01-29T02:32:00-04:002016-01-29T02:32:00-04:00Jon Phishtag:antiphishing.club,2016-01-29:/the-weekly-top-3-ed-04-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, TalkTalk and an Angler of Executives …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, TalkTalk and an Angler of Executives.</p>
<div class="section" id="new-security-phishing-scam-targets-facebook-users">
<h2>New "Security" Phishing Scam Targets Facebook Users</h2>
<p>Security researchers at Malwarebytes recently <a class="reference external" href="https://blog.malwarebytes.org/fraud-scam/2016/01/more-fake-facebook-security-system-page-scams/?utm_source=twitter&utm_medium=social">reported in a blog post</a> that a new phishing scam was discovered to be targeting Facebook users. The scam involved a phishing e-mail that appeared to be a Facebook notification e-mail. This e-mail informed the user that their account was reported for abuse. It continued to state that the user's account would be disabled, if they did not click on the link in the e-mail. Once the user clicked the malicious link in the e-mail, they were forwarded to a fake Facebook page, which was used to steal their login credentials, personal information and credit card information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/phishers-target-facebook-users/">http://www.infosecurity-magazine.com/news/phishers-target-facebook-users/</a></p>
</div>
<div class="section" id="talktalk-call-center-employees-caught-in-data-leak">
<h2>TalkTalk Call Center Employees Caught In Data Leak</h2>
<p>TalkTalk was recently a victim of a data breach in October 2015, where customers' data was stolen in the cyber attack. However, recently TalkTalk found a connection between a vishing (phishing-over-the-phone) scam and certain employees of a third party call center company. Upon further investigation, TalkTalk was able to determine that these employees were leaking customer data to the vishing scammers. The employees were arrested by the local authorities and TalkTalk is currently reviewing their relationship with the call center company. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.engadget.com/2016/01/28/talktalk-call-centre-leak/">http://www.engadget.com/2016/01/28/talktalk-call-centre-leak/</a></p>
</div>
<div class="section" id="angler-exploit-kit-now-targets-executives">
<h2>Angler Exploit Kit Now Targets Executives</h2>
<p>The very popular Angler exploit kit has recently resurfaced in a <a class="reference external" href="http://drops.wooyun.org/papers/12184">new phishing attack</a>. This exploit used a vulnerability found in Adobe Flash and Firefox that allowed hackers to infect computers with malware. This kit was being used by hackers in a campaign called Dark-Hotel. In this campaign, the Wifi routers of hotel networks were hacked and the exploit kit was placed on these routers so as to compromise the computers of executives staying at the hotel. If successful, the exploit kit drops a Trojan virus onto the computer and infects it with more malware or key logging software. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2016/01/28/angler_exploit_kit_now_hooking_execs_with_xmas_flash_hole/">http://www.theregister.co.uk/2016/01/28/angler_exploit_kit_now_hooking_execs_with_xmas_flash_hole/</a></p>
</div>
The Weekly Top 3 - ED-03.20162016-01-22T02:36:00-04:002016-01-22T02:36:00-04:00Jon Phishtag:antiphishing.club,2016-01-22:/the-weekly-top-3-ed-03-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to LastPass, Hong Kong City and Trojans.</p>
<div class="section" id="new-phishing-attack-targets-lastpass-users">
<h2>New …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to LastPass, Hong Kong City and Trojans.</p>
<div class="section" id="new-phishing-attack-targets-lastpass-users">
<h2>New Phishing Attack Targets LastPass Users</h2>
<p>Earlier this week, the Chief Technological Officer (CTO) of <a class="reference external" href="https://www.praesidio.com/">Praesidio</a> and a security researcher named Sean Cassidy revealed a proof-of-concept phishing attack using LastPass. The phishing attack relied on LastPass' browser extension, which allows users to auto-fill forms and create passwords. To implement this attack, a hacker would trick the user into believing that they were logged out of LastPass' service. Afterwards, the hacker would present the user with a fake LastPass login screen, which looked exactly like the one used by LastPass. Once the user entered their login credentials, the hacker would steal the master password to the user's LastPass password vault. Click the link below to read more.</p>
<p><a class="reference external" href="http://mashable.com/2016/01/20/lastpass-hack-phish/#Kj1qOYm2Osq6">http://mashable.com/2016/01/20/lastpass-hack-phish/#Kj1qOYm2Osq6</a></p>
</div>
<div class="section" id="phishing-scams-rise-in-hong-kong">
<h2>Phishing Scams Rise In Hong Kong</h2>
<p>Information Security experts in Hong Kong have recorded an increase in phishing attacks on companies and internet users alike. They stated that over 5000 incidents relating to phishing attacks have been responded to by the Hong Kong Computer Emergency Response Team in 2015. They stated that most of these phishing scams involved bogus websites from overseas and the Chinese mainland. These scams focused on stealing their victim's personal information and credit card information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.shanghaidaily.com/article/article_xinhua.aspx?id=317085">http://www.shanghaidaily.com/article/article_xinhua.aspx?id=317085</a></p>
</div>
<div class="section" id="trojan-malware-most-commonly-used-in-phishing-attacks">
<h2>Trojan Malware Most Commonly Used In Phishing Attacks</h2>
<p>Symantec recently <a class="reference external" href="http://www.symantec.com/connect/blogs/indian-us-uk-finance-department-employees-targeted-remote-access-trojans">published in a blog post</a> that SMBs in the US and UK are under the threat of remote access Trojan malware. They have identified two particular remote access Trojans which have been found throughout a range of businesses. The hackers behind these attacks used phishing e-mails with compressed file attachments containing the malware. Once the victim opened the attachment, the malware would infect the computer. This infected computer gave the hacker remote access to the network of the business, where they would search for a way of stealing money. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theinquirer.net/inquirer/news/2442630/money-mad-hackers-using-trojans-to-withdraw-cash-from-phished-firms">http://www.theinquirer.net/inquirer/news/2442630/money-mad-hackers-using-trojans-to-withdraw-cash-from-phished-firms</a></p>
</div>
The Weekly Top 3 - ED-02.20162016-01-15T01:23:00-04:002016-01-15T01:23:00-04:00Jon Phishtag:antiphishing.club,2016-01-15:/weekly-top-3-ed-02-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to EBay, WhatsApp and Gazan Hackers.</p>
<div class="section" id="xss-security-flaw-allows-ebay-customers-to-be-phished">
<h2>XSS Security …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to EBay, WhatsApp and Gazan Hackers.</p>
<div class="section" id="xss-security-flaw-allows-ebay-customers-to-be-phished">
<h2>XSS Security Flaw Allows EBay Customers To Be Phished</h2>
<p>Late last year, a security researcher named MLT found a cross-site scripting (XSS) flaw in eBay's homepage. This security flaw allowed hackers to inject malicious code into the login page of the website for the purpose of stealing user's login credentials. For this scam to be successful, the hacker would use a phishing e-mail disguised as a legitimate eBay e-mail and trick the customer into clicking a link embedded in the body of the e-mail. This link would forward the victim to a fake login page. The fake page used the XSS flaw to steal the user's login credentials and redirect the user to their eBay profile account without them knowing that their login information was stolen. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.komando.com/happening-now/343011/ebay-security-flaw-threatened-millions">http://www.komando.com/happening-now/343011/ebay-security-flaw-threatened-millions</a></p>
</div>
<div class="section" id="whatsapp-users-are-the-new-target-of-a-phishing-scam">
<h2>WhatsApp Users Are The New Target Of A Phishing Scam</h2>
<p>Earlier this week, e-mails disguised as messages from WhatsApp were targeting users of the popular mobile messaging service. Hackers were using these phishing e-mails to distribute malware for the purpose of infecting computers. The phishing e-mails contained subject lines that made it appear that the user was receiving a notification from WhatsApp. Each e-mail contained a compressed file attachment containing the executable malware. Once opened and installed, the malware would spy on the user's browsing activities, as well as possibly log their key strokes. Click the link below to read more.</p>
<p><a class="reference external" href="https://hacked.com/whatsapp-users-targeted-phishing-scam/">https://hacked.com/whatsapp-users-targeted-phishing-scam/</a></p>
</div>
<div class="section" id="gazan-hackers-use-phishing-to-target-isrealis">
<h2>Gazan Hackers Use Phishing To Target Isrealis</h2>
<p>A group of Gazan hackers known as the Molerats were discovered using off-the-shelf malware to spy on Isreali targets. This hacking group targets Israeli industries, embassies, journalists, banks and military. The new malware was being used by the group as a keylogger and phishing tool, which could grant access to computer systems. It was distributed through phishing e-mails sent to several employees of an organization. These e-mails would usually contain subject lines about <a class="reference external" href="https://en.wikipedia.org/wiki/Gilad_Shalit">Gilad Shalit</a> and <a class="reference external" href="https://en.wikipedia.org/wiki/Bar_Refaeli">Bar Refaeli</a>, which would trick the recipient into opening the malicious attachment. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.haaretz.com/israel-news/1.697278">http://www.haaretz.com/israel-news/1.697278</a></p>
</div>
The Weekly Top 3 - ED-01.20162016-01-09T01:11:00-04:002016-01-09T01:11:00-04:00Jon Phishtag:antiphishing.club,2016-01-09:/the-weekly-top-3-ed-01-2016.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to HSBC, Time Warner and a Ukrainian power …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to HSBC, Time Warner and a Ukrainian power outage.</p>
<div class="section" id="new-hsbc-and-natwest-scams-target-customers">
<h2>New HSBC and NatWest Scams Target Customers</h2>
<p>Christmas is finally over and consumers are now worried about their spending habits over the Christmas break. Scammers are using this opportunity to trick consumers into divulging their bank account information and the login credentials to their online banking account. Two different phishing e-mails were circulated earlier this week targeting the customers of HSBC and NatWest respectively. The e-mails appeared to be sent by these banks and stated that the customer's account was disabled because of "security reasons". In order to enable access, the customer would have to click on a link in the e-mail and login to their account. However, the malicious link in the phishing e-mail lead to a fake banking website, which was used to collect the customer's personal and bank account information, as well as their login credentials. Click the link below to read more.</p>
<p><a class="reference external" href="http://metro.co.uk/2016/01/01/dont-be-the-chump-who-falls-for-this-hsbc-scam-5595376/">http://metro.co.uk/2016/01/01/dont-be-the-chump-who-falls-for-this-hsbc-scam-5595376/</a></p>
</div>
<div class="section" id="customers-affected-in-time-warner-cable-hack">
<h2>32,000 Customers Affected In Time Warner Cable Hack</h2>
<p>The Federal Bureau of Investigations (FBI) informed Time Warner Cable that there was a breach of their systems and hackers may have stolen the personal information of 32,000 customers. As a result, Time Warner began informing customers about the breach and requested them to change their password to their accounts. The Time Warner company has not been able to determine the cause of the breach, but they have stated that it was likely the cause of a phishing attack or a breach of third-party systems containing customer information. Click the link below to read more.</p>
<p><a class="reference external" href="http://venturebeat.com/2016/01/06/time-warner-cable-advises-320000-customers-of-possible-hack/">http://venturebeat.com/2016/01/06/time-warner-cable-advises-320000-customers-of-possible-hack/</a></p>
</div>
<div class="section" id="hackers-shutdown-ukrainian-power-utility">
<h2>Hackers Shutdown Ukrainian Power Utility</h2>
<p>Just before Christmas, 1.4 million Ukrainian people were left in the dark for several hours. The reason for this power outage at the Prykarpattya Oblenergo utility company was a malware named the BlackEnergy trojan. According to <a class="reference external" href="http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/">security researchers at ESET</a>, the malware may have been delivered to the power utility through a phishing e-mail containing a Microsoft Word document. This malicious attachment contained a VBA marco, which was used to infect the victim's computer with the malware. Once the malware took over the infected computer, it made its way to the SCADA (supervisory control and data acquisition) systems, which control the plant's electrical systems. It would then deliver its malicious payload to these SCADA systems, which forced the system to shutdown and no longer function. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.itworldcanada.com/article/ukrainian-power-attack-a-wake-up-call-says-canadian-utility-ciro/379727">http://www.itworldcanada.com/article/ukrainian-power-attack-a-wake-up-call-says-canadian-utility-ciro/379727</a></p>
</div>
The Weekly Top 3 - ED-50.20152015-12-11T02:26:00-04:002015-12-11T02:26:00-04:00Jon Phishtag:antiphishing.club,2015-12-11:/the-weekly-top-3-ed-50-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Middlesex Hospital, a seven-year Packrat campaign and …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Middlesex Hospital, a seven-year Packrat campaign and pwning your BBQ grill.</p>
<div class="section" id="middlesex-hospital-loses-customer-data-through-phishing-scam">
<h2>Middlesex Hospital Loses Customer Data Through Phishing Scam</h2>
<p>Earlier this week Middlesex Hospital in Connecticut, USA divulged a data breach that affected close to 950 patients. The hospital stated that in October 2015, employees fell victim to a phishing e-mail that lead to the compromise of the patients' information. The information leaked included names, addresses, date of birth, medical record numbers and other diagnosis information. However, Social Security Numbers were not accessed, along with patients' medical history. The affected patients were offered free credit monitoring services and the hospital stated that they had implemented measures to further secure their systems. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/phishing-scam-hits-middlesex-hospital-in-conn/article/458813/">http://www.scmagazine.com/phishing-scam-hits-middlesex-hospital-in-conn/article/458813/</a></p>
</div>
<div class="section" id="south-american-malware-campaign-runs-for-seven-years">
<h2>South American Malware Campaign Runs For Seven Years</h2>
<p>Security researchers at Citizens Lab <a class="reference external" href="https://citizenlab.org/2015/12/packrat-report/">released a report</a> earlier this week that revealed a seven year malware campaign targeting journalists, activists, politicians and other public figures. The malware used in these attacks was named Packrat, which is a Remote Access Tool (RAT) that allows hackers to remotely access an infected computer. Researchers found that Packrat was distributed through phishing websites and social media accounts for fake opposition political parties, and fake news organizations. One of these phishing sites contained a fake login page used to target Ecuador's National Assembly. The malware campaign was active in several South American countries including Argentina, Brazil and Venezuela. Click the link below to read more.</p>
<p><a class="reference external" href="http://phys.org/news/2015-12-reveals-seven-year-south-american-malware.html">http://phys.org/news/2015-12-reveals-seven-year-south-american-malware.html</a></p>
</div>
<div class="section" id="security-researchers-pwn-an-iot-bbq-grill">
<h2>Security Researchers Pwn an IoT BBQ Grill</h2>
<p>Internet-connected barbecues are now vulnerable to hackers. This was highlighted by security researchers at the recent Kiwicon conference in Australia. Researchers were able to hack a popular Internet-of-Things (IoT) barbecue grill called <a class="reference external" href="https://www.bbqguru.com/StoreNav?CategoryId=1&ProductId=35">CyberQ</a>. The researchers told the conference that <a class="reference external" href="https://www.google.com">Google</a> was able to detect servers that contained the CyberQ administration webpage. Using this knowledge, someone could develop a phishing webpage containing a malicious link that when clicked, would send a malicious request to an owner's CyberQ grill. This could change the settings on the owner's grill with the owner being none the wiser to the hack. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/12/10/american_hacker_duo_throws_pwns_on_iot_bbqs_grills_open_admin/">http://www.theregister.co.uk/2015/12/10/american_hacker_duo_throws_pwns_on_iot_bbqs_grills_open_admin/</a></p>
</div>
The Weekly Top 3 – ED #48.20152015-11-27T01:54:00-04:002015-11-27T01:54:00-04:00Jon Phishtag:antiphishing.club,2015-11-27:/weekly-top-3-ed-48-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to UK Startups, Terrorist Strikes and CryptoWall.</p>
<div class="section" id="uk-startup-targeted-by-spear-phishing-attack">
<h2>UK …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to UK Startups, Terrorist Strikes and CryptoWall.</p>
<div class="section" id="uk-startup-targeted-by-spear-phishing-attack">
<h2>UK Startup Targeted by Spear Phishing Attack</h2>
<p>Spear phishing e-mails are harder to detect than normal phishing e-mails because the cyber criminal crafting the e-mail has done research on their target by monitoring their social media accounts and other online company profiles. As a result, these cyber criminals are registering domain names similar to the ones used by their victims. An anonymous web-based internet company told <a class="reference external" href="http://wired.co.uk">WIRED</a> that they were tricked in a similar fashion when an spear phishing e-mail was sent to their payments department from an sender impersonating their CEO. The spear phishing e-mail stated that the fake CEO needed to make an urgent payment. When the payment department replied by requesting a sort code and account number, the cyber criminal provided this information for an account that they controlled. Unfortunately for the company, the funds were transferred to the cyber criminal's account without them calling the CEO on the phone to verify the payment. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.wired.co.uk/news/archive/2015-11/25/hacking-start-up-email-london-phishing-attacks-money">http://www.wired.co.uk/news/archive/2015-11/25/hacking-start-up-email-london-phishing-attacks-money</a></p>
</div>
<div class="section" id="cyber-criminals-use-terrorist-strikes-in-new-phishing-campaign">
<h2>Cyber Criminals Use Terrorist Strikes In New Phishing Campaign</h2>
<p>Cyber criminals are now taking advantage of the fear of terrorist attacks to launch phishing campaigns against large companies in Canada and the Middle East. The spear phishing e-mails appear to be sent by real security personnel and even contain legitimate attachments. However, some of these e-mails also contained malware-laced attachments and malicious links to phishing sites used to steal personal information or download malware. The majority of the malware found in these e-mails had remote access tool (RAT) capabilities, which would allow the cyber criminal to remotely access the infected computers. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19966-Cyber-criminals-Employ-Fear-of-Terrorist-Strikes-in-Spear-Phishing-Campaign.htm">http://www.spamfighter.com/News-19966-Cyber-criminals-Employ-Fear-of-Terrorist-Strikes-in-Spear-Phishing-Campaign.htm</a></p>
</div>
<div class="section" id="cryptowall-ransomware-used-in-bitcoin-extortion">
<h2>CryptoWall Ransomware Used In Bitcoin Extortion</h2>
<p>CryptoWall ransomware has recently been highlighted as the most dangerous malware used by cyber criminals to extort Bitcoin from their victims. The <a class="reference external" href="http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/">latest version</a> of the malware encrypts the victim's personal computer files and their respective file names. These file cannot be decrypted unless the victim pays the cyber criminal a certain amount of Bitcoin. If no payment was received, the cyber criminal deletes the private cryptography key and the victim's files are lost forever. This malware is usually distributed in phishing e-mails or SPAM messages, but recently the malware has been known to be used with the <a class="reference external" href="https://heimdalsecurity.com/blog/nuclear-exploit-kit-flash-player/">Nuclear Exploit Kit</a> that uses zero-day vulnerabilities to force a computer to download malware. This exploit kit is usually placed on phishing sites and only triggers when someone visits the website. Click the link below to read more.</p>
<p><a class="reference external" href="http://bitcoinist.net/bitcoin-ransomware-cryptowall-back-improvements/">http://bitcoinist.net/bitcoin-ransomware-cryptowall-back-improvements/</a></p>
</div>
The Weekly Top 3 – ED #47.20152015-11-20T03:34:00-04:002015-11-20T03:34:00-04:00Jon Phishtag:antiphishing.club,2015-11-20:/the-weekly-top-3-ed-47-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to DHL, World Bank and the terrorist attacks …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to DHL, World Bank and the terrorist attacks in Paris.</p>
<div class="section" id="dhl-customers-targeted-in-new-phishing-scam">
<h2>DHL Customers Targeted In New Phishing Scam</h2>
<p>The holiday season is upon us and online shoppers are on the prowl for deals. As a result, they are also expecting many packages and scammers are on the prowl for these online shoppers as well. This is the reason why the latest phishing scam reported by <a class="reference external" href="https://www.comodo.com/">Comodo</a> is targeting users of the DHL shipping service. The phishing e-mails appear to come from DHL Worldwide with the subject '<em>DHL Shipping Delivery Tracking Number</em>'. The e-mail asked the recipients to click on a link in the e-mail to obtain their tracking number for a delivery that they were supposed to receive. However, the link forwarded the recipient to a fake DHL website that was used to steal their DHL ID and password. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.itproportal.com/2015/11/17/new-phishing-scam-targets-dhl-customers/">http://www.itproportal.com/2015/11/17/new-phishing-scam-targets-dhl-customers/</a></p>
</div>
<div class="section" id="world-bank-group-hacked-by-paypal-phishing-group">
<h2>World Bank Group Hacked By PayPal Phishing Group</h2>
<p>Earlier this week, hackers were able to gain access to a website operated by the <a class="reference external" href="http://www.worldbank.org/">World Bank Group</a> and installed a convincing Paypal phishing site. The phishing site page looked and felt like an official Paypal login page. However, when the user entered their login credentials, hackers would steal these credentials. The other interesting development from this scam, was that the hackers were able to benefit from the official Extended Validation SSL certificate for the website. This gave the phishing webpage a certain level of validity because any visitor to the phishing page would have seen the padlock icon in the browser's address bar indicating that the content can be trusted. Click the link below to read more.</p>
<p><a class="reference external" href="http://news.netcraft.com/archives/2015/11/19/world-bank-hacked-by-paypal-phishers.html">http://news.netcraft.com/archives/2015/11/19/world-bank-hacked-by-paypal-phishers.html</a></p>
</div>
<div class="section" id="phishing-scams-use-paris-tragedy-to-target-charity-givers">
<h2>Phishing Scams Use Paris Tragedy To Target Charity Givers</h2>
<p>With the terrorist attacks in Paris, fresh in everyone's mind and the holiday season fast approaching, people are very likely to give money towards relief funds and charities setup to assist victims. However, scammers are also using this opportunity to target charity givers with phishing scams. Some of these scams involve using known or trusted companies in phishing e-mails to trick their recipients into giving up their personal and financial information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.khou.com/story/news/local/2015/11/16/better-business-bureau-warns-paris-tragedy-scams/75875940/">http://www.khou.com/story/news/local/2015/11/16/better-business-bureau-warns-paris-tragedy-scams/75875940/</a></p>
</div>
The Weekly Top 3 – ED #46.20152015-11-13T02:22:00-04:002015-11-13T02:22:00-04:00Jon Phishtag:antiphishing.club,2015-11-13:/the-weekly-top-3-ed-46-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Ocado and a Nigerian scam on …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Ocado and a Nigerian scam on their government's website.</p>
<div class="section" id="apple-id-targeted-in-global-phishing-scam">
<h2>Apple ID Targeted In Global Phishing Scam</h2>
<p>A new phishing scam targeting Apple users surfaced earlier this week. A <a class="reference external" href="https://blog.comodo.com/antispam/apple-ids-targeted-in-new-global-phishing-email-scam/?key5sk1=405f6f6007da23679c790c67ba9f0a0147f180f7">report</a> from <a class="reference external" href="https://www.comodo.com">Comodo</a> Antispam Labs highlighted that the scam attempted to steal Apple IDs, passwords and credit card information. The phishing e-mail contained a notification that informed users that their Apple account was having issues and offered a link to resolve the issue. However, the link in the e-mail directed the user to a fake Apple page and requested the user to confirm their Apple ID, password and credit card details. The phishing e-mail was difficult to detect because it perfectly mimicked a official Apple notification e-mail. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.pymnts.com/in-depth/2015/apple-ids-caught-up-in-global-phishing-email-scam/">http://www.pymnts.com/in-depth/2015/apple-ids-caught-up-in-global-phishing-email-scam/</a></p>
</div>
<div class="section" id="phishing-e-mails-involving-ocado-used-in-new-scam">
<h2>Phishing E-mails Involving Ocado Used In New Scam</h2>
<p>The popular online supermarket, Ocado was being impersonated in a recently devised phishing scam that was targeting their customers. The phishing e-mail appeared to come from the Customer Services division of the company and contained details surrounding a purchase made on their website. The e-mail contained an attachment named 'receipt.doc' and encouraged users to open the attachment to view their purchase. However, this attachment contained a malicious VBA macro program that downloaded a Trojan malware, once the document was opened. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19934-Phishing-E-mails-Using-Ocados-Name-Spreading.htm">http://www.spamfighter.com/News-19934-Phishing-E-mails-Using-Ocados-Name-Spreading.htm</a></p>
</div>
<div class="section" id="nigerian-government-website-serves-up-phishing-scam">
<h2>Nigerian Government Website Serves Up Phishing Scam</h2>
<p>Hackers were able to embed a phishing scam inside the website of the Financial Reporting Council of Nigeria. The phishing scam was embedded by planting the web page in the website's images directory. The scam involved tricking users into giving their e-mail address, a password and the phone number used for GMail e-mail address recovery. This would allow the hackers to perform further phishing attacks on their victims for the purpose of stealing their GMail login credentials. Another possibility would be an attempt by the hackers to steal the credentials of those persons who use the same password for multiple sites. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/11/06/nigerian_government_site_popped_used_for_phishing_scam/">http://www.theregister.co.uk/2015/11/06/nigerian_government_site_popped_used_for_phishing_scam/</a></p>
</div>
The Weekly Top 3 – ED #45.20152015-11-06T01:46:00-04:002015-11-06T01:46:00-04:00Jon Phishtag:antiphishing.club,2015-11-06:/the-weekly-top-3-ed-45-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to PageFair, online gaming and hijacked scientific journals …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to PageFair, online gaming and hijacked scientific journals.</p>
<div class="section" id="pagefair-analytics-hacked-and-used-to-distribute-malware">
<h2>PageFair Analytics Hacked And Used To Distribute Malware</h2>
<p>Earlier this week, PageFair disclosed that their systems were breached by hackers who used their service to distribute malware. The popular analytics service stated that they were a victim of a spear phishing attack that gave hackers access to a key e-mail account. This e-mail account was used to reset the password on PageFair's Content Delivery Network (CDN) system, which contained the JavaScript code used to deliver PageFair's service to their customers. The hackers replaced the code with their own malicious version, which was used to trick users, who accessed websites using PageFair analytics, into downloading malware that appeared to be an Adobe Flash update. Click the link below to read more.</p>
<p><a class="reference external" href="https://nakedsecurity.sophos.com/2015/11/04/pagefair-analytics-hacked-and-used-to-distribute-malware-on-halloween/">https://nakedsecurity.sophos.com/2015/11/04/pagefair-analytics-hacked-and-used-to-distribute-malware-on-halloween/</a></p>
</div>
<div class="section" id="online-gamers-warned-of-new-phishing-scams">
<h2>Online Gamers Warned of New Phishing Scams</h2>
<p>A new public advisory has been issued by the Federal Trade Commission (FTC) warning online gamers to be aware of phishing scams targeting them. The FTC stated that the online gaming micro-transaction market has been successful and scammers are seeing this success as an opportunity to benefit. The FTC stated that these scams would come in the form of a phishing e-mail appearing to be a notification from a popular online gaming service. However, this e-mail would accuse the gamer of some sort of wrongdoing, such as unlawful trades of gaming assets, and threaten them with legal action. The e-mail would then instruct them to click on a malicious link, which would forward the gamer to a fake website used to steal their online gaming login credentials or even financial information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19923-FTC-Warns-Gamers-of-Online-Phishing-Scams.htm">http://www.spamfighter.com/News-19923-FTC-Warns-Gamers-of-Online-Phishing-Scams.htm</a></p>
</div>
<div class="section" id="scientist-scammed-by-hijacked-online-journals">
<h2>Scientist Scammed By Hijacked Online Journals</h2>
<p>A new type of scam has recently emerged and it concerns scientific journals. Researchers in Poland and Iran had stated that hijacked scientific journals were having an effect on science, its progress and its authors. The scam starts with fraudsters stealing the names and numbers of reputable and lesser known journals. They used this information to create a phishing e-mail to send an author. This e-mail proposed an opportunity for the author to publish his/her article in the hijacked journal. If the author accepted the proposal, the fraudster charged the author a standard publication charge. Once the author paid, the fraudster took the money and never published the author's work. Click the link below to read more.</p>
<p><a class="reference external" href="http://phys.org/news/2015-11-scientists-defrauded-hijacked-journals.html">http://phys.org/news/2015-11-scientists-defrauded-hijacked-journals.html</a></p>
</div>
The Weekly Top 3 – ED #44.20152015-10-30T01:56:00-04:002015-10-30T01:56:00-04:00Jon Phishtag:antiphishing.club,2015-10-30:/the-weekly-top-3-ed-44-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, British Gas and Talk Talk.</p>
<div class="section" id="new-apple-phishing-scam-targets-users-personal-information">
<h2>New …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, British Gas and Talk Talk.</p>
<div class="section" id="new-apple-phishing-scam-targets-users-personal-information">
<h2>New Apple Phishing Scam Targets Users' Personal Information</h2>
<p>A new phishing scam targeting Apple product users has appeared recently. The phishing scam involved an e-mail that appears to be from an app known as "Co Pilot Premium HD". The phishing e-mail was in the format of an invoice and thanked its recipient for buying the app from Apple's App Store. The e-mail invoice listed the total of the purchase as USD $35.99, which tricks the victim into thinking that they overpaid for the app. The e-mail contained a malicious link that would allow the user to get a "refund" on their purchase. However, this link directed the victim to a web page where they were required to enter their credit card information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.techtimes.com/articles/98999/20151028/beware-this-new-apple-email-phishing-scam.htm">http://www.techtimes.com/articles/98999/20151028/beware-this-new-apple-email-phishing-scam.htm</a></p>
</div>
<div class="section" id="british-gas-confirms-data-breach-affecting-2000-customers">
<h2>British Gas Confirms Data Breach Affecting 2000 Customers</h2>
<p>British Gas had a leak of sorts, but fortunately it was not a gas leak. Details surrounding a data breach at the company was communicated to the Information Commissioner's Office for further investigation. However, British Gas has confirmed that over 2000 of their customers were affected by the data breach, which compromised their customers' e-mail addresses and passwords. No bank account information had been leaked, but the company has advised their customers to be aware of phishing campaigns that would likely target them. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.bbc.com/news/technology-34663210">http://www.bbc.com/news/technology-34663210</a></p>
</div>
<div class="section" id="data-stolen-in-talk-talk-cyber-attack">
<h2>Data Stolen In Talk Talk Cyber Attack</h2>
<p>Recently Talk Talk, the phone and broadband Internet service provider, had been the victim of a cyber attack that involved a Distributed Denial of Service attack (DDoS). This allowed hackers to access their servers and steal the personal data of their customers. This data included name, address, date of birth, e-mail address, telephone numbers and credit card information. Over 4 million customers were affected by this hack. Talk Talk has informed their customers to be aware of phishing schemes requesting that they change their password or update their account information. They have instructed customers to change the passwords for their online banking accounts and monitor them for unusual activity. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.wrekinnews.co.uk/talk-talk-cyber-attack/">http://www.wrekinnews.co.uk/talk-talk-cyber-attack/</a></p>
</div>
The Weekly Top 3 - ED #43.20152015-10-23T03:08:00-04:002015-10-23T03:08:00-04:00Jon Phishtag:antiphishing.club,2015-10-23:/the-weekly-top-3-ed-43-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Bournemouth Water, Electrum and a gang of …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Bournemouth Water, Electrum and a gang of fake prosecution officials.</p>
<div class="section" id="latest-phishing-scam-targets-bournemouth-water-consumers">
<h2>Latest Phishing Scam Targets Bournemouth Water Consumers</h2>
<p>Earlier this week, the Bournemouth Water company warned customers not to fall for a phishing e-mail purporting to be from the company. The phishing e-mail used a false e-mail address to make it look like it came from the water company. It urged its victim to open an attachment, which was a Microsoft Word document titled 'Water Services Invoice'. When the victim opened the attachment their computer was infected with malware because the document contained malicious VBA macro code. The company stated that anyone who received this e-mail should immediately delete it. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.bournemouthecho.co.uk/news/13885719.Bournemouth_Water__don_t_fall_for_scam_email/?ref=arc">http://www.bournemouthecho.co.uk/news/13885719.Bournemouth_Water__don_t_fall_for_scam_email/?ref=arc</a></p>
</div>
<div class="section" id="twitter-phishing-attack-targets-electrum-bitcoin-users">
<h2>Twitter Phishing Attack Targets Electrum Bitcoin Users</h2>
<p><a class="reference external" href="http://electrum.org/">Electrum</a> is a popular bitcoin wallet for desktop and mobile devices that communicates with a trusted server connected to the bitcoin P2P network. It was reported this week that scammers had created a fake Electrum Twitter account for the purpose of starting a phishing attack against the users of the service. The Twitter account was an exact clone of the original Electrum account with the only difference being the spelling of the word, "Electrum". If a user followed this fake account, they would have received a private message asking to reply quickly because there was a concern with their Electrum wallet. Users who replied to this message could have had their bitcoins stolen through a phishing attack. Click the link below to read more.</p>
<p><a class="reference external" href="https://www.cryptocoinsnews.com/impostors-attempt-twitter-phishing-attack-on-users-of-bitcoin-wallet-electrum/">https://www.cryptocoinsnews.com/impostors-attempt-twitter-phishing-attack-on-users-of-bitcoin-wallet-electrum/</a></p>
</div>
<div class="section" id="korean-vietnam-joint-operation-catches-phishing-gang">
<h2>Korean-Vietnam Joint Operation Catches Phishing Gang</h2>
<p>Earlier this week, the Seoul Metropolitan Police Agency stated that they arrested several people in Vietnam for allegedly defrauding 200 people of hundreds of millions of won. The gang set up a call center in Ho Chi Minh City, where they devised a phishing scam that allowed them to steal 490 million won. The phishing scam entailed the gang pretending to be police or prosecution officials. They would call unspecified persons in Korea and trick them into wiring money into bank accounts under the pretext of deposit protection. They also pretended to be bank workers and claimed that the money they were attempting to obtain was part of a tax scheme for low-interest loans. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.koreatimes.co.kr/www/news/nation/2015/10/116_188893.html">http://www.koreatimes.co.kr/www/news/nation/2015/10/116_188893.html</a></p>
</div>
The Weekly Top 3 - ED #42.20152015-10-16T03:25:00-04:002015-10-16T03:25:00-04:00Jon Phishtag:antiphishing.club,2015-10-16:/the-weekly-top-3-ed-42-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Siri, Chip cards and Adobe.</p>
<div class="section" id="hackers-silently-control-siri-from-far-away">
<h2>Hackers Silently …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Siri, Chip cards and Adobe.</p>
<div class="section" id="hackers-silently-control-siri-from-far-away">
<h2>Hackers Silently Control Siri From Far Away</h2>
<p>Siri is you personal assistant; now she is likely to become your personal hacker. Researchers at <a class="reference external" href="http://www.ssi.gouv.fr/">ANSSI</a> have shown that they could send radio waves to silently trigger voice commands on any Android or iPhone. This hack allowed a hacker to tell Siri to dial a number, open the phone's browser to a phishing site or send SPAM messages via e-mail, Facebook or Twitter. The phone must have Google Now or Siri enabled to perform the hack, but the fact that the hacker can turn the phone into an eavesdropping device without saying a word, makes extremely dangerous. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/">http://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/</a></p>
</div>
<div class="section" id="phishing-scam-tied-to-new-chip-credit-cards">
<h2>Phishing Scam Tied To New Chip Credit Cards</h2>
<p>EMV Chip cards are very new to the credit card market. They were created for the express purpose of stopping credit card fraud. Unfortunately, scammers are using the opportunity to trick new cardholders through a phishing scheme. The phishing e-mail involved in this scam, requested a potential cardholder to update their account information in order to obtain their new chip card. However, the phishing e-mail contained a link that either forwarded the victim to a malicious website or downloaded malware to infect their computer. This allowed the scammers to steal their personal and financial information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.stltoday.com/business/credit/scam-tied-to-new-chip-credit-cards/article_53121317-e550-5b9e-95ff-d0610f43cbdf.html">http://www.stltoday.com/business/credit/scam-tied-to-new-chip-credit-cards/article_53121317-e550-5b9e-95ff-d0610f43cbdf.html</a></p>
</div>
<div class="section" id="adobe-flash-new-zero-day-attack-exploited-in-phishing-scam">
<h2>Adobe Flash New Zero-Day Attack Exploited In Phishing Scam</h2>
<p>Pawn Storm, the cyber espionage group based in Russia has been using a new Adobe Flash zero-day attack to infect the computers of foreign affairs ministries. Security researchers at <a class="reference external" href="https://www.trendmicro.com">Trend Micro</a> stated that the group has been using spear phishing e-mail attacks against various foreign affairs ministries around the globe. The e-mails contained malicious links that lead to a website that hosts an Adobe Flash malware. This malware exploited version 19.0.0.207 of the Adobe Flash Player. Once a victim visited the site, the malware executed and allowed the hacker to take over the infected computer. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.darkreading.com/attacks-breaches/pawn-storm-flashes-a-new-flash-zero-day/d/d-id/1322670">http://www.darkreading.com/attacks-breaches/pawn-storm-flashes-a-new-flash-zero-day/d/d-id/1322670</a></p>
</div>
The Weekly Top 3 - ED #41.20152015-10-09T01:54:00-04:002015-10-09T01:54:00-04:00Jon Phishtag:antiphishing.club,2015-10-09:/the-weekly-top-3-ed-41-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Amazon, LinkedIn and the 'most sensational celebrity' …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Amazon, LinkedIn and the 'most sensational celebrity' in cyberspace.</p>
<div class="section" id="amazon-iphone-order-phishing-e-mail-has-malware">
<h2>Amazon iPhone Order Phishing E-mail Has Malware</h2>
<p>Did you order an iPhone from Amazon? If you did not order a phone then you should be wary of the latest phishing scam involving the popular online retailer, Amazon. Earlier this week, a phishing e-mail appearing to be sent by Amazon, was being used to infect computers with malware. The phishing e-mail tried to trick its victim by thinking that an order was placed on the Amazon website for an expensive iPhone 6 with their credit card. The phishing e-mail continues to state that the billing confirmation receipt is attached. However, the attachment is a malicious Microsoft Word document that contains malware. Once the victim opens the attachment, their computer was infected with a Trojan horse, which can be used to download more malware or allowed further exploitation of the victim's computer. Click the link below to read more.</p>
<p><a class="reference external" href="https://grahamcluley.com/2015/10/amazon-iphone-order-email-malware/">https://grahamcluley.com/2015/10/amazon-iphone-order-email-malware/</a></p>
</div>
<div class="section" id="fake-linkedin-recruiter-network-used-to-target-business-users">
<h2>Fake LinkedIn Recruiter Network Used To Target Business Users</h2>
<p>Security researchers at Dell SecureWorks recently discovered that an Iranian hacking group was behind a phishing scheme on LinkedIn. The researchers <a class="reference external" href="http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/">released an analysis</a> detailing the scheme involving over 25 fake LinkedIn profiles that were developed to draw potential targets. Using these recruiter profiles, the hacker group used a recruitment ruse to infect and phish details from their targets. The hacker group was known to use fake resume submission systems that were actually malware in disguise. This malware was used to log keystrokes, capture screenshots and even disable a victim's anti-virus. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.zdnet.com/article/the-fake-linkedin-recruiter-network-hackers-are-using-to-reel-in-business-users/">http://www.zdnet.com/article/the-fake-linkedin-recruiter-network-hackers-are-using-to-reel-in-business-users/</a></p>
</div>
<div class="section" id="this-celebrity-is-the-most-sensational-celebrity-in-india-s-cyberspace">
<h2>This Celebrity Is The 'Most Sensational Celebrity' In India's Cyberspace</h2>
<p>Bollywood actress Priyanka Chopra now tops the list of "most sensational celebrity", but not in a good way. Unfortunately, her fame is being used by cyber criminals to lure their victims to malicious websites. According to Intel Security, cyber criminals are constantly on the lookout for new ways of scamming people. One of the methods involve using consumer interest around popular celebrities, cultural events and award shows. Through an evaluation of the top ten most searched celebrity names, the company found that there were several malware ridden or suspicious sites claiming to offer music and videos involving the actress. Some of these sites also required their visitors to provide information such as their credit card, e-mail, name and address. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.business-standard.com/article/pti-stories/pc-most-sensational-celebrity-in-indian-cyberspace-intel-115100701201_1.html">http://www.business-standard.com/article/pti-stories/pc-most-sensational-celebrity-in-indian-cyberspace-intel-115100701201_1.html</a></p>
</div>
The Weekly Top 3 - ED #40.20152015-10-02T02:18:00-04:002015-10-02T02:18:00-04:00Jon Phishtag:antiphishing.club,2015-10-02:/the-weekly-top-3-ed-40-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to the DVLA and a couple of Trojans …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to the DVLA and a couple of Trojans named Dyeza and Upatre.</p>
<div class="section" id="uk-drivers-targeted-in-phony-dvla-scam">
<h2>UK Drivers Targeted In Phony DVLA Scam</h2>
<p>Earlier this week the Driver and Vehicle Licensing Agency (DVLA) warned UK motorist of a phishing e-mail sent by fraudsters for the purpose of obtaining personal and financial information. The phishing e-mail sent to the victims appeared to be from the DVLA, but actually contained a malicous link that forwarded them to a fake version of the DVLA website. Once the victim had viewed the page, it prompted them to enter their driver's license number and payment information under the threat of revoking their license, if they did not pay. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.thisismoney.co.uk/money/cars/article-3238605/Drivers-warned-surge-spam-e-mails-asking-licence-number-payment-information-phony-website.html">http://www.thisismoney.co.uk/money/cars/article-3238605/Drivers-warned-surge-spam-e-mails-asking-licence-number-payment-information-phony-website.html</a></p>
</div>
<div class="section" id="upatre-trojan-phishing-campaign-resurfaces">
<h2>Upatre Trojan Phishing Campaign Resurfaces</h2>
<p>"Attorney-client agreement" was the subject line of a new phishing e-mail being sent by hackers for the purpose of infecting Windows XP computers with the Upatre Trojan. The phishing e-mail referred to a court case, where the victim was involved in a breach of contract. This action tricked the victim into either downloading or executing a malicious attachment. This malware was designed to steal personal details and download additional malware to the infected computer so as to further disarm its target. Furthermore, the malware appeared to only attack computers with Windows XP, which Microsoft no longer supports. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.itpro.co.uk/security/25371/new-upatre-trojan-phishing-campaign-targets-windows-xp">http://www.itpro.co.uk/security/25371/new-upatre-trojan-phishing-campaign-targets-windows-xp</a></p>
</div>
<div class="section" id="dyreza-trojan-targets-the-it-supply-chain">
<h2>Dyreza Trojan Targets The IT Supply Chain</h2>
<p>The Dyreza Trojan has been known to steal banking credentials from its victims. However, earlier this week security researchers had found that the malware was being configured to steal credentials for the IT supply chain. Researchers found that over 20 companies who supported computer warehousing and distribution were listed in the Trojan's configuration files. This configuration would allow hackers to potentially divert computer shipments or even create new orders. Similar to the Upatre Trojan, this malware was sent to a victim via phishing e-mail. However, it logs all browser data and sends it to the hacker. Click on the link below to read more.</p>
<p><a class="reference external" href="https://threatpost.com/dyreza-trojan-targeting-it-supply-chain-credentials/114836/">https://threatpost.com/dyreza-trojan-targeting-it-supply-chain-credentials/114836/</a></p>
</div>
The Weekly Top 3 - ED #39.20152015-09-24T18:25:00-04:002015-09-24T18:25:00-04:00Jon Phishtag:antiphishing.club,2015-09-24:/the-weekly-top-3-ed-39-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to APEGA, Facebook and the exploitation of innocent …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to APEGA, Facebook and the exploitation of innocent apps on the iCloud.</p>
<div class="section" id="alberta-s-engineering-association-targeted-in-phishing-scheme">
<h2>Alberta's Engineering Association Targeted In Phishing Scheme</h2>
<p>The Assoication of Professional Engineers and Geoscientists of Alberta (APEGA) announced earlier this week that they were the victims of a data breach. A database containing the information of approximately 75,000 members of their association was compromised by a phishing incident. No further details were given as to how the incident occurred, but the association has stated that no passwords and financial information were leaked. The association had sent an advisory to its members cautioning them to not to respond to any phishing e-mails requesting personal and financial information. Click the link below to read more.</p>
<p><a class="reference external" href="http://globalnews.ca/news/2232859/75k-members-of-alberta-engineering-group-victims-of-phishing-scheme/">http://globalnews.ca/news/2232859/75k-members-of-alberta-engineering-group-victims-of-phishing-scheme/</a></p>
</div>
<div class="section" id="facebook-s-dislike-hype-produces-phishing-campaign">
<h2>Facebook's Dislike Hype Produces Phishing Campaign</h2>
<p>A proposed feature was announced by Facebook's CEO during an interview last week. The feature was a "Dislike" button, which has been discussed among users of Facebook for some time. During the interview, Mark Zuckerberg confirmed that their would be a public launch of this feature very soon. However, this hype had given scammers the opportunity to exploit anxious Facebook users who were awaiting this new feature. The phishing scam involved a link share via Facebook post that was titled 'Get newly introduced Facebook dislike button on your profile'. When the victim clicked on the link, they were forwarded to a malicious website that prompted them to complete a phishing survey. Upon completion of the survey, scammers obtained the personal and financial information of the victim. Click the link below to read more.</p>
<p><a class="reference external" href="https://thestack.com/security/2015/09/21/facebook-dislike-hype-exploited-in-phishing-campaign/">https://thestack.com/security/2015/09/21/facebook-dislike-hype-exploited-in-phishing-campaign/</a></p>
</div>
<div class="section" id="icloud-s-phishing-attack-infects-over-39-ios-apps">
<h2>iCloud's Phishing Attack Infects Over 39 iOS Apps</h2>
<p>Apple users were once again threatened by hackers who were able to infect legitimate apps on Apple's App Store. Over 39 iOS apps have been identified as being compiled using a malicious version of Xcode app framework that cyber criminals released on file-sharing forums. This malicious Xcode framework allowed hackers to launch phishing attacks on unsuspecting users for the purpose of obtaining iCloud credentials. The phishing attack involved unsuspecting dialogue prompts, which tricked the victims into reentering their iCloud credentials. Other reports also showed that this malicious framework was also used to eavesdrop on iOS devices and record users activities. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/09/21/icloud_phishing_attack_hooks_39_ios_apps_most_popular_message_client/">http://www.theregister.co.uk/2015/09/21/icloud_phishing_attack_hooks_39_ios_apps_most_popular_message_client/</a></p>
</div>
The Weekly Top 3 - ED #38.20152015-09-18T02:04:00-04:002015-09-18T02:04:00-04:00Jon Phishtag:antiphishing.club,2015-09-18:/the-weekly-top-3-ed-38-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to BitPay, Amazon and a cat made out …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to BitPay, Amazon and a cat made out of metal.</p>
<div class="section" id="bitpay-loses-1-8m-in-phishing-attack">
<h2>BitPay Loses $1.8M in Phishing Attack</h2>
<p>Last year in December 2014, BitPay lost over one million dollars worth of bitcoins (approx. 5000 BTC) in an undisclosed theft. In an effort to recover some of the money lost in the theft, BitPay filed a lawsuit against the insurer and disclosed via court documents the details of the attack that lead to the theft. According to documents the CFO of BitPay received an e-mail from someone posing as an employee of a digital currency publication. However, the sender's e-mail account had been compromised and the hacker sent a phishing e-mail with a malicious link. This link directed the CFO to a fake website that was used to steal the credentials to his corporate e-mail account. The hacker then used the CFO's email account to fraudulently transfer the bitcoins. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.finextra.com/news/fullstory.aspx?newsitemid=27865">http://www.finextra.com/news/fullstory.aspx?newsitemid=27865</a></p>
</div>
<div class="section" id="amazon-uk-customers-targeted-by-phishing-scam">
<h2>Amazon UK Customers Targeted By Phishing Scam</h2>
<p>Earlier this week, Amazon UK customers were the target of a phishing scam. Security researchers from <a class="reference external" href="https://www.malwarebytes.org">Malwarebytes</a> obtained the phishing e-mail, which purported to come from Amazon's customer service. The phishing e-mails stated that a small number of accounts with the online retailer were breached last month and requested that the victim complete a verification process or have their account restricted. The malicious link contained in the e-mail forwarded the victim to a fake Amazon UK site that was used to steal the victim's login credentials, name, address and credit card information. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/researchers-at-malwarebytes-spotted-an-phishing-scam-targeting-amazon-uk-users/article/439141/">http://www.scmagazine.com/researchers-at-malwarebytes-spotted-an-phishing-scam-targeting-amazon-uk-users/article/439141/</a></p>
</div>
<div class="section" id="phishing-campaign-iron-tiger-steals-terabytes-of-data-in-the-usa">
<h2>Phishing Campaign 'Iron Tiger' Steals Terabytes Of Data In The USA</h2>
<p>Security researchers at <a class="reference external" href="http://www.trendmicro.com">Trend Micro</a> recently discovered an attack campaign from a China-based hacker group that targeted hi-tech US government contractors. The campaign called Iron Tiger focused on spying on these companies for the purpose of stealing intellectual property and financial-related content. This phishing campaign involved spear phishing e-mails aimed at executives, government officials, engineers and PR officers, of which contained subject matters deigned to pique the interest of the victim. These e-mails also included malicious attachments and links, which would assist the hackers in infecting the computers of their victims. Security researchers stated that this campaign has been able to steal almost terabytes of information including credentials, strategic planning documents and financial budgets. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/iron-tiger-stole-terabytes-data/">http://www.infosecurity-magazine.com/news/iron-tiger-stole-terabytes-data/</a></p>
</div>
The Weekly Top 3 - ED #34.20152015-08-21T01:19:00-04:002015-08-21T01:19:00-04:00Jon Phishtag:antiphishing.club,2015-08-21:/the-weekly-top-3-ed-34-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to EZ Pass, Mumsnet and Ubiquiti Networks.</p>
<div class="section" id="ez-pass-owners-targeted-in-phishing-campaign">
<h2>EZ …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to EZ Pass, Mumsnet and Ubiquiti Networks.</p>
<div class="section" id="ez-pass-owners-targeted-in-phishing-campaign">
<h2>EZ Pass Owners Targeted in Phishing Campaign</h2>
<p>Recently a mass phishing campaign targeting users of the EZ Pass toll booth system. Drivers in Maryland, Virginia and Washington DC, have been targeted by scammers who are using phishing e-mails to steal credit card information. The phishing e-mail used in the scam was titled "Notice to Appear" and contained a malicious link embedded in the body of the mail. The e-mail tricks the victim into believing that their accounts are in arrears. When the victim clicked on the link, they are sent to a fake EZ Pass website, which the scammers used to steal their credit card information and charge bogus fees. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.business2community.com/cybersecurity/e-zpass-users-hit-with-more-phishing-scams-01305213">http://www.business2community.com/cybersecurity/e-zpass-users-hit-with-more-phishing-scams-01305213</a></p>
</div>
<div class="section" id="mumsnet-targeted-by-phishing-scams-and-ddos-attacks">
<h2>Mumsnet Targeted By Phishing Scams and DDoS Attacks</h2>
<p>The website that hosts blogs and forums devoted to parenting, have fallen victim to a hack earlier this week. Based on reports, users of Mumsnet were targeted in a phishing scam, which was used to steal their login credentials. The phishing e-mails were appeared to originate from Mumsnet and contained a link, which carried the victims to a fake Mumsnet login page. However, further investigations proved that hackers were exploiting a vulnerability in the website to capture user data. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.itproportal.com/2015/08/20/mumsnet-targeted-by-ddos-and-phishing-cyberattacks/">http://www.itproportal.com/2015/08/20/mumsnet-targeted-by-ddos-and-phishing-cyberattacks/</a></p>
</div>
<div class="section" id="ubiquiti-networks-defrauded-46m-cyberheist">
<h2>Ubiquiti Networks Defrauded $46M Cyberheist</h2>
<p>Last week, Ubiquiti Networks divulged a cyberheist that cost the company about $46 million. These cyber thieves impersonated an employee and made fraudulent requests to the company's finance department. Even though these cyber thieves targeted the finance department from outside the company, they were able to trick the department into completing several transfers of funds that totaled $46 million. The company did not divulge the way in which the fraud occurred, but it is likely that the cyber thieves obtained a domain address similar in spelling to that of the company and used spear-phishing e-mails to trick their victims into initiating the international wire transfers. Click the link below to read more.</p>
<p><a class="reference external" href="http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/">http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/</a></p>
</div>
The Weekly Top 3 - ED #32.20152015-08-07T00:12:00-04:002015-08-07T00:12:00-04:00Jon Phishtag:antiphishing.club,2015-08-07:/the-weekly-top-3-ed-32-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows 10, the Pentagon and Vishing.</p>
<div class="section" id="windows-10-phishing-scam-targets-early-users">
<h2>Windows …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows 10, the Pentagon and Vishing.</p>
<div class="section" id="windows-10-phishing-scam-targets-early-users">
<h2>Windows 10 Phishing Scam Targets Early Users</h2>
<p>The release of Windows 10 is big news for Microsoft. It is also great news for scammers and hackers, who have used the opportunity to start phishing campaign. One such of these phishing campaigns involved e-mails disguised as a free Windows 10 upgrade e-mails. These e-mails contained a fake disclaimer message stating that the e-mail originated from Microsoft. The e-mail also contained an additional note claiming that the e-mail's attachment was scanned by anti-virus software and was cleared as being safe. However, if the victim opened the file attachment, their computer would be infected by ransomware that encrypts their personal files. The victim would have to pay the hacker within a certain time period to decrypt the files. If the victim did not pay, the files were left encrypted. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/cisco-details-new-phony-microsoft-emails/article/430418/">http://www.scmagazine.com/cisco-details-new-phony-microsoft-emails/article/430418/</a></p>
</div>
<div class="section" id="russia-hacks-the-pentagon-s-joint-chiefs-of-staff">
<h2>Russia Hacks The Pentagon's Joint Chiefs Of Staff</h2>
<p>Late this week, news broke that the Joint Chiefs of Staff had to shut down their e-mail systems for eleven days because they detected an intrusion into their systems in late July. News sources stated that the Pentagon believes that Russian hackers were responsible for the attack and they also believe that the attack may have been a Russian government funded operation. Reports on the incident continue to highlight that hackers were able infect computers via phishing e-mails and social media accounts were used to coordinate the hack. No other details were released, but it has been noted that phishing was used to by the hackers to exploit the unclassified network. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.dailymail.co.uk/news/article-3187344/Russia-hacked-Joint-Chiefs-Staff-shut-email-4-000-defence-department-employees-ELEVEN-DAYS.html">http://www.dailymail.co.uk/news/article-3187344/Russia-hacked-Joint-Chiefs-Staff-shut-email-4-000-defence-department-employees-ELEVEN-DAYS.html</a></p>
</div>
<div class="section" id="scammers-con-thousands-using-vishing">
<h2>Scammers Con Thousands Using Vishing</h2>
<p>A new social engineering scam has surfaced, robbing victims over thousands of euros over the telephone. Adequately named "vishing", this scam uses social engineering techniques over the phone to trick the victim's into transferring monies to the scammers, but with a catch. The scam begins with a person posing as a security manager at a high-end retail store claiming that someone was using the victim's card in the shop. The scammer then asks the victim to provide financial details. If the victim refuses to give the details, the fake security manager advises the victim to call the bank. However, unknown to the victim, the phone line does not disconnect after the call has ended because the scammers were using an exploit in the telephone system to keep the line alive after the victim hangs up. When the victim calls the bank, they automatically reconnect to the scammers, who now act as the banker and convinces them to move their money into another account. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.irishmirror.ie/news/irish-news/scammers-conning-thousands-euro-out-6207318">http://www.irishmirror.ie/news/irish-news/scammers-conning-thousands-euro-out-6207318</a></p>
</div>
The Weekly Top 3 - ED #31.20152015-07-31T03:00:00-04:002015-07-31T03:00:00-04:00Jon Phishtag:antiphishing.club,2015-07-31:/the-weekly-top-3-ed-31-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Google Drive, a Potao Trojan and a …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Google Drive, a Potao Trojan and a robot's Stage Fright</p>
<div class="section" id="google-drive-used-in-phishing-attacks">
<h2>Google Drive Used In Phishing Attacks</h2>
<p>Security researchers have unearthed another phishing campaign that utilizes the web forms on Google Drive to function like a fake website. The scammers use <a class="reference external" href="https://mail.google.com/">Gmail</a> to distribute phishing e-mails that contain malicious links to web pages hosted on Google Drive. These web pages take the form of the Google login page and is used to steal the victim's login credentials. These Google accounts are valuable to the scammers because of Gmail's popularity and the amount of services offered by Google. Additionally these e-mail accounts are usually used as verification e-mail accounts for other online accounts such as <a class="reference external" href="https://www.twitter.com">Twitter</a> and <a class="reference external" href="https://www.facebook.com">Facebook</a>. Click the link below to read more.</p>
<p><a class="reference external" href="http://blog.check-and-secure.com/290715-google-drive-abused-for-phishing/">http://blog.check-and-secure.com/290715-google-drive-abused-for-phishing/</a></p>
</div>
<div class="section" id="russian-truecrypt-site-serves-up-potao-trojan">
<h2>Russian TrueCrypt Site Serves Up Potao Trojan</h2>
<p>The Potao trojan malware has been used in attacks against the Ukraine for the past five years. This malware has been used in various spear-phishing campaigns to infect and exploit the computers of its victims, for the purpose of taking control or stealing information from their computers. The malware has also been linked to SMS phishing messages and pyramid-selling scheme phishing e-mails. However, security researchers at <a class="reference external" href="http://www.eset.com">ESET</a> have found that hackers are using a trojanized version of the popular encryption software <a class="reference external" href="http://truecrypt.sourceforge.net/">TrueCrypt</a> to infect computers. The purpose of this attack was to target the Ukrainian government and military because of the large number of victims' computers infected with the malware. Furthermore, this version of the software was only served to selected visitors of the Russian-based TrueCrypt site. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/potao-trojan-served-up-by-russian/">http://www.infosecurity-magazine.com/news/potao-trojan-served-up-by-russian/</a></p>
</div>
<div class="section" id="android-s-stagefright-maybe-its-greatest-vulnerability">
<h2>Android's StageFright Maybe Its Greatest Vulnerability</h2>
<p>Earlier this week security researchers highlighted a new vulnerability in the popular Android Mobile Operating System. It affects roughly 95% of smartphones with the mobile OS. StageFright is actually the name of a media library used by Android to process several media formats. However, researchers highlighted that this library is vulnerable to memory corruption that can be exploited by hackers to unknowingly install malware on a victim's smartphone. Attackers only need a victim's phone number and the use of a specially crafted media file sent via MMS. Once the victim's phone receives the message, the embedded malicious code is executed and the phone is compromised. This allows attackers to remotely control the phone or download additional malware to the phone. Since the original message can be deleted remotely, the victim becomes none the wiser to the attack. It is not an actual phishing attack because the victim is not tricked into opening the media file in the MMS message. However, the vulnerability threatens unpatched Android phones. Android users are advised to update their phones so as to avoid this vulnerability. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.networkworld.com/article/2954617/security/the-stagefright-vulnerability-maybe-the-greatest-android-vulnerability-so-far.html">http://www.networkworld.com/article/2954617/security/the-stagefright-vulnerability-maybe-the-greatest-android-vulnerability-so-far.html</a></p>
</div>
The Weekly Top 3 - ED #30.20152015-07-24T00:42:00-04:002015-07-24T00:42:00-04:00Jon Phishtag:antiphishing.club,2015-07-24:/the-weekly-top-3-ed-30-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Nigerian scammers, USAJobs and Ashley Madison.</p>
<div class="section" id="nigerian-scammers-target-asian-businesses-with-bought-exploit-kits">
<h2>Nigerian …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Nigerian scammers, USAJobs and Ashley Madison.</p>
<div class="section" id="nigerian-scammers-target-asian-businesses-with-bought-exploit-kits">
<h2>Nigerian Scammers Target Asian Businesses With Bought Exploit Kits</h2>
<p>The security firm, <a class="reference external" href="http://www.fireeye.com">FireEye</a> has stated in a report that Nigerian scammers are using more sophisticated methods to defraud business. Their primary target appears to be the Asian market, where these scammers perform reconnaissance of their victims and divert funds from their financial transactions. To carry out the scam, these scammers use malicious Microsoft Word documents sent as attachments in spear phishing e-mails. Once the attachment is opened, the victim's computer is infected with keylogger and remote access malware. This malware is used to collect login credentials and monitor e-mail correspondence between the business and supplier. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.pcadvisor.co.uk/news/security/nigerian-scammers-buy-exploit-kits-to-defraud-asian-businesses-3620657/">http://www.pcadvisor.co.uk/news/security/nigerian-scammers-buy-exploit-kits-to-defraud-asian-businesses-3620657/</a></p>
</div>
<div class="section" id="usajobs-scam-targets-federal-job-seekers">
<h2>USAJobs Scam Targets Federal Job Seekers</h2>
<p>The Office of Personnel Management (OPM) had recently issued an alert to job seekers that there was a phishing campaign targeting them for their personal information. The advisory advised that persons who receive an e-mail requesting them to validate their account information should delete it immediately. This phishing e-mail is the result of the hack involving personal data stolen from the OPM. There has been no indication that USAJobs site has been compromised because of the hack. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.nextgov.com/cybersecurity/2015/07/dont-fall-usajobs-phishing-scam/118350/">http://www.nextgov.com/cybersecurity/2015/07/dont-fall-usajobs-phishing-scam/118350/</a></p>
</div>
<div class="section" id="ashley-madison-site-hacked-phishing-inbound">
<h2>Ashley Madison Site Hacked: Phishing Inbound</h2>
<p>Earlier this week, the popular extra-marital affair website, Ashley Madison was hacked by an unknown hacking group calling themselves The Impact Team. The group claims to have obtained user databases containing the financial records and personal information of all persons who have signed up on the website. The hackers have also demanded that the website be taken offline or they will release all of the customers' information, which includes their sexual fantasies. The parent company has asked their users to immediately change their passwords and it is expected that phishing attacks against their customers will increase as a result of this data breach. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/07/20/ashley_madison_hacked/">http://www.theregister.co.uk/2015/07/20/ashley_madison_hacked/</a></p>
</div>
The Weekly Top 3 - ED #28.20152015-07-09T22:34:00-04:002015-07-09T22:34:00-04:00Jon Phishtag:antiphishing.club,2015-07-09:/the-weekly-top-3-ed-28-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Adobe, Edinburgh Council and Zeus (not the …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Adobe, Edinburgh Council and Zeus (not the God of Thunder).</p>
<div class="section" id="new-phishing-scam-targets-users-adobe-flash">
<h2>New Phishing Scam Targets Users Adobe Flash</h2>
<p>An APT hacking group by the name of Wekby has been reported as using phishing e-mails to exploit a zero-day bug found in Adobe Flash. Security researchers stated that spear phishing e-mails were sent to their intended victims, indicating that they needed to download and update their Adobe Flash. The e-mail contained a malicious link that would forward the victim to a website containing a '.swf' file that exploits the Adobe Flash Player. This exploit allows the hacker group to execute commands on the victim's computer and allows for further remote access to the computer. Click the link below to read more.</p>
<p><a class="reference external" href="https://threatpost.com/apt-group-exploiting-hacking-team-flash-zero-day/113715">https://threatpost.com/apt-group-exploiting-hacking-team-flash-zero-day/113715</a></p>
</div>
<div class="section" id="thousands-of-e-mail-addresses-stolen-in-edinburgh-council-cyber-attack">
<h2>Thousands Of E-mail Addresses Stolen In Edinburgh Council Cyber Attack</h2>
<p>The Edinburgh City Council stated earlier this week that hackers were able to obtain over 13,000 e-mail addresses from their computer systems. They have indicated that no other personal information was stolen during the cyber attack. The hackers gained access by bypassing the security of one of their web service providers. They are expecting that users will get an increase in phishing e-mails as a result, but have asked users of the Council's website to change their passwords. This is to ensure that the hackers do not gain access their online account. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazineuk.com/thousands-of-email-addresses-stolen-in-edinburgh-council-cyber-attack/article/425369/">http://www.scmagazineuk.com/thousands-of-email-addresses-stolen-in-edinburgh-council-cyber-attack/article/425369/</a></p>
</div>
<div class="section" id="zeus-like-dyre-malware-will-scam-at-least-one-in-25-uk-bank-customers">
<h2>Zeus-like Dyre Malware Will Scam 'At Least' One In 25 UK Bank Customers</h2>
<p>Bank customers in the United Kingdom have been warned of a major phishing campaign by hackers that makes use of the Dyre malware to steal financial information. Security researchers from <a class="reference external" href="http://www.bitdefender.com">BitDefender</a> stated that almost 20,000 customers were targeted. The cyber criminals use compromised servers to send phishing e-mails with the Dyre banking trojan. Once a victim has allowed the malware to install itself on their computer, it waits still the user logs into the online banking website of a well known bank. Using malicious code, the malware will inject this code into the browser and covertly steal credentials, and manipulate user's accounts. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theinquirer.net/inquirer/news/2417128/zeus-like-dyre-malware-will-scam-at-least-one-in-25-uk-banking-customers">http://www.theinquirer.net/inquirer/news/2417128/zeus-like-dyre-malware-will-scam-at-least-one-in-25-uk-banking-customers</a></p>
</div>
The Weekly Top 3 - ED #27.20152015-07-04T00:09:00-04:002015-07-04T00:09:00-04:00Jon Phishtag:antiphishing.club,2015-07-04:/the-weekly-top-3-ed-27-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Microsoft, BitStamp and a scammed homeowner.</p>
<div class="section" id="fake-microsoft-e-mails-used-for-scavenging-financials">
<h2>Fake …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Microsoft, BitStamp and a scammed homeowner.</p>
<div class="section" id="fake-microsoft-e-mails-used-for-scavenging-financials">
<h2>Fake Microsoft E-mails Used For Scavenging Financials</h2>
<p>A phishing campaign targeting users of Microsoft products, was revealed earlier this week. The purpose of these phishing e-mails were to steal the personal and financial information of users that purchased at least one Microsoft product. The e-mail appeared to come from Microsoft and it requested that the recipient confirm their billing address before June 30. Furthermore, it contained a link, which delivered the victim to a fake website that was used to steal both personal and credit card information. Click the link below to read more.</p>
<p><a class="reference external" href="http://news.softpedia.com/news/fake-email-from-microsoft-asks-for-billing-address-confirmation-485598.shtml">http://news.softpedia.com/news/fake-email-from-microsoft-asks-for-billing-address-confirmation-485598.shtml</a></p>
</div>
<div class="section" id="bitstamp-lose-5-million-via-phishing-attack">
<h2>BitStamp Lose $5 Million Via Phishing Attack</h2>
<p>Earlier this year, BitStamp lost $5 million dollars in Bitcoins to an attack on their systems. However, the company did not release the details surrounding the attack, claiming that the report was confidential in nature. Earlier this week, a leaked report showed that the theft was caused by hackers gaining access to the laptop of an administrator of the company. The report highlighted that the administrator got invited to an online group via a phishing scam. This allowed the hackers to access the administrator's laptop and log into BitStamp's systems. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.coinspeaker.com/2015/07/02/new-report-in-bitstamps-5-million-bitcoin-hack-january-10381/">http://www.coinspeaker.com/2015/07/02/new-report-in-bitstamps-5-million-bitcoin-hack-january-10381/</a></p>
</div>
<div class="section" id="uk-woman-loses-deposit-to-a-phishing-e-mail">
<h2>UK Woman Loses Deposit To A Phishing E-mail</h2>
<p>A woman was cheated out of her life savings through a phishing scam, which promised her a new house. The phishing e-mail received by the woman appear to come from her lawyer and claimed that she needed to transfer $78,000 US dollars. This money was a deposit on a house that she was interested in buying. However, cyber criminals had hacked and were monitoring her lawyer's e-mail account. They used the opportunity to send her a phishing e-mail requesting that she deposit her money in a bank account of their choosing. After depositing the money, it was revealed that she was scammed because the law firm confirmed that it did not receive the money. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.digitaltrends.com/computing/uk-woman-loses-home-purchase-deposit-to-phishing-email/">http://www.digitaltrends.com/computing/uk-woman-loses-home-purchase-deposit-to-phishing-email/</a></p>
</div>
The Weekly Top 3 - ED #26.20152015-06-26T03:15:00-04:002015-06-26T03:15:00-04:00Jon Phishtag:antiphishing.club,2015-06-26:/the-weekly-top-3-ed-26-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Expedia, SingPass and an Insider Trader.</p>
<div class="section" id="expedia-warns-users-about-phishing-scam">
<h2>Expedia …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Expedia, SingPass and an Insider Trader.</p>
<div class="section" id="expedia-warns-users-about-phishing-scam">
<h2>Expedia Warns Users About Phishing Scam</h2>
<p><a class="reference external" href="http://www.expedia.com">Expedia</a> users were the target of a phishing scam earlier this week. Customers of the online hotel-booking site received phishing e-mails attempting to obtain their personal information and credit card information. In some instances, customers were called on the phone by scammers who attempted to trick them into divulging their credit card information. The company sent an alert to their customers stating that someone gained unauthorized access to customer information including name, e-mail address and booking details. However, Expedia stated that no credit card information was stolen. They also confirmed that the information was stolen from a partner hotel and their systems were not compromised by hackers. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.geekwire.com/2015/expedia-warns-users-about-unauthorized-access-of-name-phone-email-and-booking-info/">http://www.geekwire.com/2015/expedia-warns-users-about-unauthorized-access-of-name-phone-email-and-booking-info/</a></p>
</div>
<div class="section" id="singpass-users-targeted-by-phishing-campaign">
<h2>SingPass Users Targeted by Phishing Campaign</h2>
<p>SingPass gives Singapore residents access to electronic government services. Unfortunately, some residents fell victim to phishing scams, which were aimed at obtaining SingPass PINs. The phishing e-mail received by these victims tricked them into believing that their SingPass PINs were suspended and they were required to click on a link in the e-mail. Once this link was clicked, the victim was sent to a fake site that was used to steal their actual PINs. These stolen PINs were used by the scammers to submit fraudulent applications for work passes, which could then be sold. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.straitstimes.com/news/singapore/more-singapore-stories/story/users-warned-about-fraudulent-singpass-phishing-emails-2">http://www.straitstimes.com/news/singapore/more-singapore-stories/story/users-warned-about-fraudulent-singpass-phishing-emails-2</a></p>
</div>
<div class="section" id="us-targets-insider-trading-hackers">
<h2>US Targets 'Insider Trading' Hackers</h2>
<p>The U.S. Security Exchange Commission has recently asked eight companies to provide details about their data breaches because they had solid evidence that these breaches are leading to a new type of unlawful insider trading. Hackers are using spear phishing e-mails as a way of breaching corporate networks for the purpose of gaining knowledge on the U.S. stock markets. Security firms such as <a class="reference external" href="https://www.fireeye.com">FireEye</a> have warned companies that hackers are in the market for financial secrets. Hackers are using Microsoft Word documents with malware embedded, as attachments in these phishing e-mails. These phishing e-mails are subsequently sent to top level executives for the purpose of obtaining access to their e-mail accounts. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.bbc.com/news/technology-33254019">http://www.bbc.com/news/technology-33254019</a></p>
</div>
The Weekly Top 3 - ED #25.20152015-06-20T00:51:00-04:002015-06-20T00:51:00-04:00Jon Phishtag:antiphishing.club,2015-06-20:/the-weekly-top-3-ed-25-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to hotel bookings, Akorn Inc and a major …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to hotel bookings, Akorn Inc and a major US magazine publisher.</p>
<div class="section" id="fake-hotel-bookings-used-to-scam-travelers">
<h2>Fake Hotel Bookings Used To Scam Travelers</h2>
<p>A US senator recently brought to the attention of the Federal Trade Commission, a online hotel-booking scam used to trick travelers into revealing their personal information and payment details. In the letter, the senator noted that these third party sites look like legitimate sites in order to get travelers to pay for a reservation. However, in some cases the victim doesn't get a room at the hotel or the hotel does not provide the paid amenities that was advertised. In some instances, this scam involved phishing e-mails that contain great deals on hotel rooms, but contain links that lead to fake online hotel-booking sites. These sites are then used to obtain the credit card and personal information of the victim. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.latimes.com/travel/deals/la-tr-spot-20150614-story.html">http://www.latimes.com/travel/deals/la-tr-spot-20150614-story.html</a></p>
</div>
<div class="section" id="akorn-inc-has-customer-database-stolen">
<h2>Akorn Inc. Has Customer Database Stolen</h2>
<p><a class="reference external" href="http://www.akorn.com">Akorn Inc.</a> is a pharmaceutical company that held a customer database of over 500,000 records. However, a hacker has recently offered to sell a copy of this database to the highest bidder or back to the company. This offer was done via a post on a popular dark web forum. The database contains names, business related information and DEA numbers, which are used to track controlled substances. The compromised data is likely to increase spear phishing attacks on the company's customers, which include medical practitioners. These phishing attacks could give hackers further access to patient records and other sensitive information. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.csoonline.com/article/2938032/data-breach/akorn-inc-has-customer-database-stolen-records-offered-to-highest-bidder.html">http://www.csoonline.com/article/2938032/data-breach/akorn-inc-has-customer-database-stolen-records-offered-to-highest-bidder.html</a></p>
</div>
<div class="section" id="publisher-loses-1-5-million-in-phishing-attack">
<h2>Publisher Loses $1.5 million In Phishing Attack</h2>
<p>Bonnier Publications may have lost close to $1.5 million in a spear phishing attack. This publisher is responsible for publishing magazines such as Popular Science and Saveur. According to a report, hackers gained access to the CEO's e-mail account and used it to send fraudulent e-mails to the Accounting Department. The e-mails instructed the employees to wire transfer $3 million into a Chinese Bank. However, only $1.5 million was transferred by the employee who was tricked by the e-mails. The other half of the transaction was not transferred because the CEO was called to confirm the request, but denied giving authorization. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/bonnier-publications-falls-victim-to-chinese-phishing-email/article/421271/">http://www.scmagazine.com/bonnier-publications-falls-victim-to-chinese-phishing-email/article/421271/</a></p>
</div>
Video: Cybercriminals Phishing for E-mail Accounts using SMS2015-06-17T22:41:00-04:002015-06-17T22:41:00-04:00Jon Phishtag:antiphishing.club,2015-06-17:/video-cybercriminals-phishing-for-e-mail-accounts-using-sms.html<p>Phishing is not only localized to e-mail messages. It can be utilized through any form of messaging service once the sender can trick the victim into believing that they are a trusted entity. Hackers are now using SMS messages to bypass two factor authentication used by e-mail service providers to …</p><p>Phishing is not only localized to e-mail messages. It can be utilized through any form of messaging service once the sender can trick the victim into believing that they are a trusted entity. Hackers are now using SMS messages to bypass two factor authentication used by e-mail service providers to verify password reset requests. The SMS phishing attack is used to obtain the verification code sent by the e-mail provider to the victim's phone after the attacker has requested a password reset on the victim's account. The only problem is that it requires the hacker to know both the victim's e-mail address and cell phone number. However, here are two key points to remember when dealing with a phishing attack such as this one:</p>
<ul class="simple">
<li>E-mail providers will <strong>ONLY</strong> send you the verification code.</li>
<li><strong>DO NOT</strong> reply to SMS messages from senders who claim to be your e-mail provider.</li>
</ul>
<p>The video below shows how a hacker uses a simple SMS message to obtain the victim's verification code and ultimately take control of the e-mail account.</p>
<p><a class="reference external" href="https://youtu.be/_dj_90TnVbo">https://youtu.be/_dj_90TnVbo</a></p>
The Weekly Top 3 - ED #24.20152015-06-12T03:02:00-04:002015-06-12T03:02:00-04:00Jon Phishtag:antiphishing.club,2015-06-12:/the-weekly-top-3-ed-24-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows OLE, Apple iOS and a fake …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows OLE, Apple iOS and a fake Coca Cola lottery.</p>
<div class="section" id="window-ole-bug-a-target-for-phishing-attacks">
<h2>Window OLE Bug A Target For Phishing Attacks</h2>
<p>Security researchers have recently seen an upsurge in the use of a Windows OLE bug that bypasses anti-virus program detection. This bug used in Microsoft PowerPoint attachments found in phishing e-mails. The attack begins with a phishing e-mail that tricks the user into opening a PowerPoint file. This executes a VBA-marco that infects the victim's computer with malware. Scammers are using this exploit to infect business computers for the purpose of stealing files and login credentials. Furthermore, researchers believe that these phishing campaigns are being driven by Nigerian 419 actors because the behind-the-scene activities of this campaign are similar to their tactics. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/multiple-seemingly-unrelated-threat-actors-leveraging-windows-ole/article/419619/">http://www.scmagazine.com/multiple-seemingly-unrelated-threat-actors-leveraging-windows-ole/article/419619/</a></p>
</div>
<div class="section" id="ios-mail-app-exploitable-to-phishing-bug">
<h2>iOS Mail App Exploitable To Phishing Bug</h2>
<p>An unpatched exploit in the iOS Mail App was recently found by an <a class="reference external" href="http://www.ey.com">Ernst & Young</a> security researcher. The flaw allows HTML code to be loaded into the app, which replaces the original e-mail message. This exploit would allow a hacker to build a functional password 'collector' that can be used to steal someones iCloud account password. The researcher continued to explain that this exploit could be used in a phishing e-mail. The attack would begin with a phishing e-mail that when opened, tricks the user into believing that they need to log into their iCloud account. Once the victim enters their login credentials, the hacker would have access to their photos, videos and music libraries stored on iCloud. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.informationweek.com/mobile/mobile-applications/ios-mail-app-vulnerable-to-phishing-bug/d/d-id/1320819">http://www.informationweek.com/mobile/mobile-applications/ios-mail-app-vulnerable-to-phishing-bug/d/d-id/1320819</a></p>
</div>
<div class="section" id="coca-cola-warns-south-african-consumers-of-lottery-phishing-scam">
<h2>Coca Cola Warns South African Consumers of Lottery Phishing Scam</h2>
<p>The South African bottling company for Coca Cola, PenBev recently warned their beverage consumers about phishing e-mail scams advertised as Coca Cola competitions. The company stated that scammers are using SMS and e-mail messages to trick victims into believing that they won a Coca Cola lottery. These messages then request the victim's personal information to collect their prize money. In some instances, scammers had established an relationship with their victims and were able to obtain financial information, such as bank account and credit card information. The company has released to the press a statement about the phishing scams, but have simply stated that if you have not entered a Coca Cola competition, then you should not reply to any e-mails purporting the same. Click here the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-18226-Phishing-Scam-Supposedly-from-Coca-Cola-Spreading-Across-SA-Alerts-PenBev.htm">http://www.spamfighter.com/News-18226-Phishing-Scam-Supposedly-from-Coca-Cola-Spreading-Across-SA-Alerts-PenBev.htm</a></p>
</div>
The Weekly Top 3 - ED #23.20152015-06-06T02:42:00-04:002015-06-06T02:42:00-04:00Jon Phishtag:antiphishing.club,2015-06-06:/the-weekly-top-3-ed-23-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to the University of Michigan, Skype and US …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to the University of Michigan, Skype and US Federal Agency.</p>
<div class="section" id="scammers-steal-personal-information-from-u-m-email-system">
<h2>Scammers Steal Personal Information from U-M email system</h2>
<p>Students and staff of the University of Michigan have been compromised as a result of a phishing scam. The University stated that the victims who clicked on the link in the phishing e-mails had their names, dates of birth, Social Security Numbers and passwords stolen. According to the administration, scammers set up fake Google Forms and sent e-mails claiming to be from the Internal Revenue Service. The victims were tricked into validating their information by clicking on the link in the e-mail. This link forwarded them to the Google Form, which was used to steal their personal information. Furthermore, there were also reports of other phishing scams including e-mails related to "academic publishing". Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.mlive.com/news/ann-arbor/index.ssf/2015/06/scammers_get_personal_info_fro.html">http://www.mlive.com/news/ann-arbor/index.ssf/2015/06/scammers_get_personal_info_fro.html</a></p>
</div>
<div class="section" id="botnet-uses-skype-to-server-up-adware">
<h2>Botnet Uses Skype to Server Up Adware</h2>
<p>Botnets are a common place and they usually run on computer systems. However, a researcher at <a class="reference external" href="http://www.phishme.com">PhishMe</a> recently showed that botnets can survive on the Cloud. This particular botnet used <a class="reference external" href="https://www.skype.com">Skype</a> to trick victims into downloading Adware onto their systems. The attack starts with the victim receiving a call from the scammer. Once the call is answered, a voice directs the user to click the download link, that is given to them in the chat window. This download contains a "proprietary" video player which contains additional code used to install Adware. The attacker receives money on a per-install or per-download basis. This attack makes the campaign very lucrative for the attacker, but cumbersome for the victim because the Adware takes resources from the victim's computer. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/skypedwelling-botnet-serves-up/">http://www.infosecurity-magazine.com/news/skypedwelling-botnet-serves-up/</a></p>
</div>
<div class="section" id="four-million-federal-workers-exposed-in-us-agency-hack">
<h2>Four Million Federal Workers Exposed in US Agency Hack</h2>
<p>Earlier this week, hackers breached the US government agency network and stole the personal information of approximately four million federal workers. The Office of Personnel Management announced that the breach occurred in December 2014. This breach is significant because the data stolen could be used for further attacks on US government systems. However, hackers have stolen the names, Social Security Numbers, job assignments and performance ratings of federal workers. This data could be used in further spear-phishing attacks across agencies and is likely a precursor to penetrating other systems and agencies. No other details have been given as to how the systems were accessed, but the attacks have been neutralized. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.computerweekly.com/news/4500247588/Four-million-records-exposed-in-second-US-agency-hack-in-a-year">http://www.computerweekly.com/news/4500247588/Four-million-records-exposed-in-second-US-agency-hack-in-a-year</a></p>
</div>
The Weekly Top 3 - ED #22.20152015-05-28T22:13:00-04:002015-05-28T22:13:00-04:00Jon Phishtag:antiphishing.club,2015-05-28:/the-weekly-top-3-ed-22-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing scams related to YouTube, Facebook and nefarious digital spy campaign named Grabit …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing scams related to YouTube, Facebook and nefarious digital spy campaign named Grabit.</p>
<div class="section" id="sms-spammers-hide-adult-site-urls-in-youtube-videos">
<h2>SMS Spammers Hide Adult Site URLs in YouTube Videos</h2>
<p>Earlier this week, a SMS spam marketing campaign being monitored by <a class="reference external" href="https://www.symantec.com/">Symantec</a>, was found to involve YouTube videos as a method of directing recipients to Adult websites. The campaign used SMS messages that disguised the sender as a woman trying to date with the recipient. The message directed the recipient to a <a class="reference external" href="https://www.youtube.com">YouTube</a> video that contained another link that requested them to “<em>get verified</em>”. The new link forwarded the viewer to the signup page of an Adult website. This method of using links in YouTube videos to direct victims to other websites can also be used to direct them to phishing sites. Click the link below to read more.</p>
<p><a class="reference external" href="http://bharatpress.com/2015/05/27/sms-spammers-hide-adult-site-urls-in-youtube-videos/">http://bharatpress.com/2015/05/27/sms-spammers-hide-adult-site-urls-in-youtube-videos/</a></p>
</div>
<div class="section" id="facebook-disabled-account-scam-targets-users">
<h2>Facebook “Disabled Account” Scam Targets Users</h2>
<p>A phishing e-mail purporting to be from the “<em>Facebook Recovery</em>” team has been sent to several Facebook users recently. The phishing e-mail tricks the user into thinking that their <a class="reference external" href="https://www.facebook.com/">Facebook</a> account has been locked because their account abused Facebook’s User Agreement. The phishing e-mail continues to convey to the user that the account is blocked and in order to unblock it, the user must click on a link in the e-mail. This link forwards the victim to a fake Facebook login website that is used to steal the user’s login credentials. Click the link below to read more.</p>
<p><a class="reference external" href="http://techfrag.com/2015/05/27/facebook-scam-alert-phishing-reported/">http://techfrag.com/2015/05/27/facebook-scam-alert-phishing-reported/</a></p>
</div>
<div class="section" id="grabit-campaign-spies-on-small-business">
<h2>Grabit Campaign Spies on Small Business</h2>
<p>Researchers at <a class="reference external" href="https://www.kaspersky.com">Kaspersky</a> Labs have discovered a phishing campaign focused on stealing information from small and medium businesses (SMB). The name of the campaign was Grabit and its purpose was to spy on SMB and steal any sensitive data. Companies from the United States of America to as far as Thailand were targeted by these hackers. The attack involved the use of phishing e-mails with a malicious Microsoft Word document attachment. Once the attachment was opened, additional malware would be downloaded to the infected computer. This malware could allow the hacker to log keystrokes, remotely control the infected computer and/or steal electronic files from the company. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.zdnet.com/article/grabit-campaign-spies-on-smbs-steals-sensitive-data/">http://www.zdnet.com/article/grabit-campaign-spies-on-smbs-steals-sensitive-data/</a></p>
</div>
The Weekly Top 3 - ED #21.20152015-05-22T00:15:00-04:002015-05-22T00:15:00-04:00Jon Phishtag:antiphishing.club,2015-05-22:/the-weekly-top-3-ed-21-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing scams related to Apple Safari, Windows ID and CareFirst.</p>
<div class="section" id="apple-safari-url-spoofing-opens-door-for-phishing-attacks">
<h2>Apple Safari URL …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing scams related to Apple Safari, Windows ID and CareFirst.</p>
<div class="section" id="apple-safari-url-spoofing-opens-door-for-phishing-attacks">
<h2>Apple Safari URL Spoofing Opens Door For Phishing Attacks</h2>
<p>A security researcher recently found that the latest version of <a class="reference external" href="https://www.apple.com/safari/">Apple's Safari</a> web browser was vulnerable to a new <a class="reference external" href="http://en.wikipedia.org/wiki/Spoofed_URL">URL spoofing</a> method. The flaw demoed by the researcher shows that another web page can be loaded into the browser, while the address displayed is one from a trusted web site. This flaw can be exploited in OS X and iOS devices. It allows hackers the opportunity to direct their victims to a malicious website while the address bar shows a legitimate web address. This flaw can be used in phishing attacks on Apple users for the purpose of stealing login credentials or personal information. Click the link below to read more.</p>
<p><a class="reference external" href="http://news.softpedia.com/news/Same-Origin-Policy-Bypass-in-Safari-Opens-Door-for-Phishing-Attacks-481621.shtml">http://news.softpedia.com/news/Same-Origin-Policy-Bypass-in-Safari-Opens-Door-for-Phishing-Attacks-481621.shtml</a></p>
</div>
<div class="section" id="criminals-target-windows-id-accounts">
<h2>Criminals Target Windows ID Accounts</h2>
<p>Security researchers at <a class="reference external" href="http://www.kaspersky.com/">Kaspersky</a> Labs reported that their users are being targeted for their Windows Live ID. The new phishing scam comes in the form of an e-mail that baits the victim into thinking that their Windows Live accounts will be suspended, if they do not update their details. The link embedded in the phishing e-mail takes the victim to a Windows Live page. However, after the victim logs into their account, a prompt requesting access to their personal information and their contact address book appears. Once clicked a malicious program steals the necessary information including login credentials and calendar appointments. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.techweekeurope.co.uk/security/cyberwar/criminals-windows-live-id-168834">http://www.techweekeurope.co.uk/security/cyberwar/criminals-windows-live-id-168834</a></p>
</div>
<div class="section" id="carefirst-blue-cross-blue-shield-hacked-1-1-million-insured-at-risk">
<h2>CareFirst Blue Cross Blue Shield Hacked; 1.1 Million Insured At Risk</h2>
<p>The latest medical insurer to be compromised in the ongoing attacks on medical insurers is CareFirst Blue Cross Blue Shield. The company recently issued a statement that disclosed the details of a data breach of a database in June 2014. This breach affected 1.1 million members of the insurer and follows on the heels of the <a class="reference external" href="http://antiphishing.club/weekly-top-3-ed-12-2015/">Anthem</a>, <a class="reference external" href="http://antiphishing.club/weekly-top-3-ed-12-2015/">Premera</a> and <a class="reference external" href="http://antiphishing.club/weekly-top-3-ed-14-2015/">TRICARE</a> data breaches. The attackers gained unauthorized access to the database, which contained user names, identification numbers, birth dates and e-mail addresses. No Social Security Numbers and medical claims information were exposed during the hack and passwords were encrypted. However, the medical insurer has stated that spear-phishing attacks will be a result of this breach and have highlighted that some their customers have reported incidents of receiving phishing e-mails. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/11-million-hack-carefirst-blue/">http://www.infosecurity-magazine.com/news/11-million-hack-carefirst-blue/</a></p>
</div>
The Weekly Top 3 - ED #20.20152015-05-15T01:19:00-04:002015-05-15T01:19:00-04:00Jon Phishtag:antiphishing.club,2015-05-15:/the-weekly-top-3-ed-20-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Yahoo and Dropbox, Microsoft and the old 'new' Nigerian …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Yahoo and Dropbox, Microsoft and the old 'new' Nigerian scam.</p>
<div class="section" id="phishing-scam-targets-dropbox-and-yahoo-users">
<h2>Phishing Scam Targets Dropbox and Yahoo Users</h2>
<p>Security experts warned of two phishing campaigns that targeted <a class="reference external" href="https://mail.yahoo.com">Yahoo Mail</a> and <a class="reference external" href="https://www.dropbox.com">Dropbox</a> users, earlier this week. The purpose of the Yahoo user-targeted phishing campaign was to steal the login credentials and use users' identities to scam their contacts. The phishing e-mail was an 'expired account' type e-mail that contained a link that leads to a fake Yahoo login page. Once the victim enters their login credentials, an alternate account with the same username was created on <a class="reference external" href="https://www.live.com/">Outlook.com</a>. A rule was then created on the compromised Yahoo account, to forward all incoming mail to the alternate account and delete these messages right after. The scammers would then use the alternate account to send e-mails to the victim's address contacts claiming that an emergency occurred and they required money.</p>
<p>The Dropbox user-targeted campaign was similar to the other campaign described above. The phishing e-mails used in this attack requested that the victim click on an e-mail icon to view 'urgent and highly confidential' files. This linked the victim to a fake Dropbox login page, which would steal the victim's login credentials. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/phishers-out-in-force-con-yahoo/">http://www.infosecurity-magazine.com/news/phishers-out-in-force-con-yahoo/</a></p>
</div>
<div class="section" id="microsoft-s-technet-used-by-chinese-based-hackers-in-their-attacks">
<h2>Microsoft's TechNet Used By Chinese Based Hackers In Their Attacks</h2>
<p><a class="reference external" href="https://www.fireeye.com">FireEye</a> recently stated that a Chinese Hacker group called APT17 was using Microsoft's <a class="reference external" href="https://technet.microsoft.com/en-us/">TechNet</a> website as part of its attack infrastructure. As a result, Microsoft has taken measures to remove all traces of the hacker's malicious activities from their website. APT17 created accounts on TechNet and left comments on certain pages that contained the name of an encoded domain, which infected computers were instructed to contact. The hacker group is known for sending phishing e-mails with malicious attachments containing malware that would infect computers and force them to contact command-and-control (C&C) servers for further instructions. In this case the hacker group's malware used the TechNet website as an intermediary for storing the location of the C&C server's address. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.computerworld.com/article/2922503/malware-vulnerabilities/china-based-hackers-used-microsofts-technet-for-attacks.html">http://www.computerworld.com/article/2922503/malware-vulnerabilities/china-based-hackers-used-microsofts-technet-for-attacks.html</a></p>
</div>
<div class="section" id="oil-and-gas-firms-hit-by-cyberattacks-that-avoid-using-malware">
<h2>Oil And Gas Firms Hit By Cyberattacks That Avoid Using Malware</h2>
<p>Researchers at <a class="reference external" href="http://www.pandasecurity.com/">Panda Labs</a> recently discovered a phishing campaign that was used to slip malicious programs past antivirus software used by Oil companies. The campaign used a spear-phishing e-mail with a fake PDF attachment. When this attachment was opened, a new folder was created and a batch file was executed. This batch file would steal files and user credentials from the victim's computer. The security firm stated that it was a new spin on the 'Nigerian' scam. For this scam, the scammer contacts an oil broker and offers them a quantity of oil. The scammer then tells the broker that the PDF attachment is proof of this purchase. When the oil broker opens the attachment, the computer is infected and eventually the users' credentials, as well as files are sent to an external FTP server. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.darkreading.com/attacks-breaches/oil-and-gas-firms-hit-by-cyberattacks-that-forgo-malware/d/d-id/1320417">http://www.darkreading.com/attacks-breaches/oil-and-gas-firms-hit-by-cyberattacks-that-forgo-malware/d/d-id/1320417</a></p>
</div>
Weekly Top 3 - ED #19.20152015-05-08T00:31:00-04:002015-05-08T00:31:00-04:00Jon Phishtag:antiphishing.club,2015-05-08:/weekly-top-3-ed-19-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Nepal, Macro Malware and Mother's Day.</p>
<div class="section" id="nepal-earthquake-phishing-scams-on-the-rise">
<h2>Nepal Earthquake Phishing …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Nepal, Macro Malware and Mother's Day.</p>
<div class="section" id="nepal-earthquake-phishing-scams-on-the-rise">
<h2>Nepal Earthquake Phishing Scams On The Rise</h2>
<p>The United States Computer Emergency Readiness Team (<a class="reference external" href="https://www.us-cert.gov/">US-CERT</a>) stated that phsihing e-mails related to the earthquake in Nepal, were being circulated with the intent of installing malware on computers. These e-mails were asking for monetary donations via bogus charitable organizations, which appear online following devastating natural disasters. The e-mails either ask the victim to open a malicious attachment or click on a malicious link to a fake webpage. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19608-Cyber-Criminals-take-Advantage-of-Nepals-Recent-Earthquake.htm">http://www.spamfighter.com/News-19608-Cyber-Criminals-take-Advantage-of-Nepals-Recent-Earthquake.htm</a></p>
</div>
<div class="section" id="macro-malware-used-in-phishing-attacks">
<h2>Macro Malware Used In Phishing Attacks</h2>
<p>Security researchers of <a class="reference external" href="https://www.trendmicro.com">Trend Micro</a> stated recently that there has been an upsurge in macro malware, which is being used to attack financial institutions. The attack uses VBA macros within Microsoft Office documents to activate various forms of malware including Bartalex and Dyre. These malicious documents are delivered as attachments in phishing e-mails to the employees of financial institutions. In some cases these documents are hosted on trusted cloud storage services like <a class="reference external" href="https://www.dropbox.com">Dropbox</a>. In instances like these, the hacker would send in the phishing e-mail, the link to the Dropbox folder. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19602-Fresh-Attacks-Launched-Using-Macro-Malware-Trend-Micro.htm">http://www.spamfighter.com/News-19602-Fresh-Attacks-Launched-Using-Macro-Malware-Trend-Micro.htm</a></p>
</div>
<div class="section" id="beware-of-mother-s-day-scams">
<h2>Beware Of Mother's Day Scams</h2>
<p>Mother's Day is around the corner. As a result, scams related to this celebration are on the rise. <a class="reference external" href="http://www.consumerreports.org">Consumer Reports</a> stated the need for all persons to beware of phishing e-mails related to coupons and vouchers for floral arrangements. They also alerted to be on the look out for bogus jewelry, restaurant deals and fake sites that would be used to steal credit card information. Furthermore, they stated that all customers should ensure that they receive billing information for all their purchases online and that they should ensure that the shopping site is secure before making purchases. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.nbc-2.com/story/29008855/beware-of-mothers-day-scams">http://www.nbc-2.com/story/29008855/beware-of-mothers-day-scams</a></p>
</div>
Weekly Top 3 - ED #18.20152015-05-03T18:17:00-04:002015-05-03T18:17:00-04:00Jon Phishtag:antiphishing.club,2015-05-03:/weekly-top-3-ed-18-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Partners Healthcare, CareerBuilder and an online colouring book.</p>
<div class="section" id="answered-phishing-email-puts-partners-healthcare-data-at-risk">
<h2>Answered …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Partners Healthcare, CareerBuilder and an online colouring book.</p>
<div class="section" id="answered-phishing-email-puts-partners-healthcare-data-at-risk">
<h2>Answered Phishing Email Puts Partners Healthcare Data At Risk</h2>
<p>Partner Healthcare System released a statement late last week that personal healthcare data belonging to its patients were potentially exposed because of unauthorized access to their systems. This data breach occurred when an employee responded to a phishing email that may have allowed hackers to access the "workforce members'" email accounts within their network. These accounts would have likely contained patient names, addresses, date of birth and phone numbers. In some cases, clinical information on these patients were also accessible to the hackers. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/partners-healthcare-group-patient-information-may-be-at-risk/article/412552/">http://www.scmagazine.com/partners-healthcare-group-patient-information-may-be-at-risk/article/412552/</a></p>
</div>
<div class="section" id="job-seekers-are-targets-on-careerbuilder">
<h2>Job Seekers Are Targets on CareerBuilder</h2>
<p>Security researchers highlighted recently that job seekers who use <a class="reference external" href="http://www.careerbuilder.com/">CareerBuilder</a> to find jobs, have been the target of a phishing scam. The phishing attack had been described as one that uses CareerBulder's e-mail notification system. When a job hunter submitted a resume, an e-mail notification was sent to the job poster, which also attached the resume document. This Microsoft Word document contained a malicious VBA macro that is used to deliver malware onto the victim's computer. Since job posters' are expecting the e-mail attachments from CareerBuilder, the probability of them opening the documents were very high. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.cio-today.com/article/index.php?story_id=0030003H7A5O">http://www.cio-today.com/article/index.php?story_id=0030003H7A5O</a></p>
</div>
<div class="section" id="ads-on-colouring-pages-website-lead-to-malware-installs">
<h2>Ads on Colouring Pages Website Lead to Malware Installs</h2>
<p>Earlier this week, <a class="reference external" href="https://www.malwarebytes.org">MalwareBytes</a> illustrated a phishing scam involving websites that offered colouring pages. These pages were available on the website so that parents could download and print these pages for their children. These sites featured popular characters from My Little Pony, Looney Tunes, Despicable Me and others. The phishing attack used a transparent full-window advertisement that appeared when a person visited the website. If they clicked anywhere on the page with the exception of the "x", another window in the web browser opened. This new window would take them to another site with unrelated content. This included pornography and click-bait type content. Click the link below to read more.</p>
<p><a class="reference external" href="https://blog.malwarebytes.org/privacy-2/2015/04/ads-on-colouring-pages-website-lead-to-installs-explicit-content/">https://blog.malwarebytes.org/privacy-2/2015/04/ads-on-colouring-pages-website-lead-to-installs-explicit-content/</a></p>
</div>
Event: Black Hat USA 2015 - Briefings2015-04-30T02:53:00-04:002015-04-30T02:53:00-04:00Jon Phishtag:antiphishing.club,2015-04-30:/event-black-hat-usa-2015-briefings.html<div class="section" id="event-period-august-1-6-2015">
<h2>Event Period: August 1 - 6, 2015</h2>
</div>
<div class="section" id="briefings-to-be-held-on-5th-and-6th-august-2015">
<h2>Briefings to be held on 5th and 6th August, 2015</h2>
<p>The featured briefings for Black Hat USA 2015 have been released. The main themes include vehicles, <a class="reference external" href="http://windows.microsoft.com/en-us/windows-10/about">Windows 10</a> and the <a class="reference external" href="http://en.wikipedia.org/wiki/Internet_of_Things">Internet of Things</a>. Some of these briefings will demonstrate weaknesses that can be exploited …</p></div><div class="section" id="event-period-august-1-6-2015">
<h2>Event Period: August 1 - 6, 2015</h2>
</div>
<div class="section" id="briefings-to-be-held-on-5th-and-6th-august-2015">
<h2>Briefings to be held on 5th and 6th August, 2015</h2>
<p>The featured briefings for Black Hat USA 2015 have been released. The main themes include vehicles, <a class="reference external" href="http://windows.microsoft.com/en-us/windows-10/about">Windows 10</a> and the <a class="reference external" href="http://en.wikipedia.org/wiki/Internet_of_Things">Internet of Things</a>. Some of these briefings will demonstrate weaknesses that can be exploited in these new technologies and the resulting hazards, after they are hacked. While, the other briefings will speak to new security methods developed to protect these technologies. Below is a summary list of the titles for these briefings:</p>
<ul class="simple">
<li>Adventures in Femtoland: 350 Yuan for Invaluable Fun</li>
<li>Accessing and Exploiting BigNum Vulnerabilities</li>
<li>Attacking EMCAScript Engines with Redefinition</li>
<li>Attacking Interoperability - An OLE Edition</li>
<li>Attacking Your Trusted Core: Exploiting Trustzone on Android</li>
<li>Automated Human Vulnerability Scanning with Ava</li>
<li>Back Doors and Front Doors: Breaking The Unbreakable System</li>
<li>Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture</li>
<li>Big Game Hunting: The Peculiarities of Nation-State Malware Research</li>
<li>Breaking Access Controls with Blekey</li>
<li>Breaking Payloads with Runtime Code Stripping and Image Freezing</li>
<li>Broadcasting Your Attack: Security Testing DAB Radio in Cars</li>
<li>Bypass Control Flow Guard Comprehensively</li>
<li>Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF), FLASH, and DNS</li>
<li>Certifi-Gate: Front-Door Access To Pwning Millions of Androids</li>
<li>Commercial Mobile Spyware - Detecting The Undetectable</li>
<li>Data-Driven Threat Intelligence: Metrics On Indicator Dissemination And Sharing</li>
<li>Deep Learning on Disassembly</li>
<li>Defeating Machine Learning: What your Security Vendor is not telling you</li>
<li>Defeating Pass-The-Hash: Separation of Powers</li>
<li>DOM Flow - Untangling The DOM For More Easy-Juicy Bugs</li>
<li>Emanate Like A Boss: Generalized Convert Data Exfiltration With Funtenna</li>
<li>Exploiting the DRAM RowHammer Bug to Gain Kernel Privileges</li>
<li>Exploiting XXE Vulnerabilities In File Parsing Funictionality</li>
<li>Faux Disk Encryption: Realities of Secure Storage On Mobile Devices</li>
<li>Fingerprints on Mobile Devices: Abusing and Leaking</li>
<li>Fuzzing Android System Services By Binder Call To Escalate Privilege</li>
<li>GameOver Zeus: Badguys and Backends</li>
<li>Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware</li>
<li>Hacking into Smart phones and Cars with a SIM Card</li>
<li>How to Hack Government: Technologists as Policy Makers</li>
<li>How to Implement IT Security After a Cyber Meltdown</li>
<li>How Vulnerable are We to Scams?</li>
<li>Internet Plumbing For Security Professionals: The State of BGP Security</li>
<li>Most Ransomware isn't as Complex as You Might Think</li>
<li>Pen Testing a City</li>
<li>Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection</li>
<li>Remote Exploitation of an Unaltered Passenger Vehicle</li>
<li>Re-purposing OnionDuke: A Single Case Study around reusing Nation State Malware</li>
<li>Return to Where? You can't Exploit What You Can't Find</li>
<li>Server-Side Template Injection: RCE For the Modern Web App</li>
<li>Social Engineering The Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities</li>
<li>Spread Spectrum SATCOM Hacking: Attacking the GlobalStar Simplex Data Service</li>
<li>StageFright: Scary Code in the Heart of Android</li>
<li>Staying Persistent in Software Defined Networks</li>
<li>Stranger Danger! What is the Risk from 3rd Party Libraries</li>
<li>Switches get Stitches</li>
<li>The Battle for Free Speech on the Internet</li>
<li>The Memory Sinkhole - Unleashing An X86 Design Flaw allowing Universal Privilege Escalation</li>
<li>The Node.js Highway: Attacks are at Full Throttle</li>
<li>The NSA Playset: A Year of Toys and Tools</li>
<li>Thunderstrike 2: Sith Strike</li>
<li>TrustKit: Code Injection on IOS 8 for the Greater Good</li>
<li>Understanding and Managing Entropy Usage</li>
<li>Understanding the Attack Surface And Attack Resilience of Project Spartan's New EDGEHTML Rendering Engine</li>
<li>When IOT Attacks: Hacking A Linux-Powered Rifle</li>
<li>Why Security Data Science Matters and How It's Different: Pitfalls and Promises of Data Science Based Breach Detection And Threat Intelligence</li>
<li>Winning the Online Banking War</li>
</ul>
<p>Click on the link below to read more about the Black Hat USA 2015 featured briefings.</p>
<p><a class="reference external" href="https://www.blackhat.com/us-15/briefings.html">https://www.blackhat.com/us-15/briefings.html</a></p>
</div>
Video: Social Engineering - How to Scam Your Way Into Anything2015-04-24T00:27:00-04:002015-04-24T00:27:00-04:00Jon Phishtag:antiphishing.club,2015-04-24:/video-social-engineering-how-to-scam-your-way-into-anything.html<p>Social Engineering is the age old technique of getting anyone to perform to an activity that was not something they would normally do. Scammers use this technique to trick their victims into giving them money or being an intermediary party in a scam. Brain Brushwood gave a speech at <a class="reference external" href="https://www.ted.com/watch/tedx-talks">TEDx …</a></p><p>Social Engineering is the age old technique of getting anyone to perform to an activity that was not something they would normally do. Scammers use this technique to trick their victims into giving them money or being an intermediary party in a scam. Brain Brushwood gave a speech at <a class="reference external" href="https://www.ted.com/watch/tedx-talks">TEDx</a> in San Antonio about social engineering and the psychology behind the technique. In the speech, he highlighted three psychological back doors that scammers use. They were:</p>
<ol class="arabic simple">
<li>Liking</li>
<li>Reciprocation</li>
<li>Authority</li>
</ol>
<p>In the video below, he also highlights research done on human behavior that gives further in site into social engineering and why victims choose to fall for these scams.</p>
<div class="docutils container">
<iframe src="https://www.youtube.com/embed/yY-lMkeZVuY" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div>
Weekly Top 3 - ED #17.20152015-04-23T23:05:00-04:002015-04-23T23:05:00-04:00Jon Phishtag:antiphishing.club,2015-04-23:/weekly-top-3-ed-17-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to NatWest, St. Vincent Medical and compensation from the Middle …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to NatWest, St. Vincent Medical and compensation from the Middle East.</p>
<div class="section" id="natwest-bank-customers-become-the-target-in-phishing-scam">
<h2>NatWest Bank Customers Become The Target In Phishing Scam</h2>
<p>A new phishing campaign was recently launched by hackers with the purpose of stealing the login credentials of <a class="reference external" href="https://www.natwest.com">NatWest</a> Bank customers. Security experts stated that the phishing e-mail asserted to the customer that the bank was processing an incoming payment. It continued to state that the payment was being delayed because of unforseen circumstances related the customer's account details. The e-mail contained a malicious link to a webpage that required the victim to fill up numerous forms, which included name, card number, card verification value and card expiry date. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19583-Cybercriminals-Targeting-NatWest-Bank-in-Latest-Phishing-Campaign-Experts.htm">http://www.spamfighter.com/News-19583-Cybercriminals-Targeting-NatWest-Bank-in-Latest-Phishing-Campaign-Experts.htm</a></p>
</div>
<div class="section" id="personal-healthcare-information-compromised-at-st-vincent-medical">
<h2>Personal Healthcare Information Compromised at St. Vincent Medical</h2>
<p><a class="reference external" href="http://antiphishing.club/weekly-top-3-ed-15-2015/">Another medical institution</a> has been compromised because of a phishing e-mail. The St. Vincent medical group <a class="reference external" href="http://www.stvincent.org/uploadedFiles/SV_Health/St.Vincent_Medical_Group/HRKHL-1731388-v2-SVMG_Substitute_Notice_Email_Phishing_Hacking_Attack.pdf">issued a statement</a> recently that Personal Healthcare Information (PHI) was compromised after an employee became a victim of a phishing e-mail. As a result, the employee's username and password were compromised. The information included patient names, demographic information, Social Security Numbers and limited information as to the services received at the institution's clinics. The Group has provided free identity theft monitoring and protection services, but will be training their employees on <a class="reference external" href="http://antiphishing.club/indicators-of-a-phishing-email/">how to avoid phishing scams</a>. Click the link below to read more.</p>
<p><a class="reference external" href="http://healthitsecurity.com/2015/04/23/phi-compromised-in-email-phishing-scam/">http://healthitsecurity.com/2015/04/23/phi-compromised-in-email-phishing-scam/</a></p>
</div>
<div class="section" id="middle-east-compensation-package-scam-targets-overseas-workers">
<h2>"Middle East Compensation Package" Scam Targets Overseas Workers</h2>
<p>Overseas workers in Abu Dhabi were warned of a new phishing scam, which was aimed at stealing money. The scam was circulated around professional social media websites that these overseas workers used regularly. Phishing messages were sent to these workers with the subject, "<em>Middle East Compensation Package</em>". The message asserted that a bank was holding money on their behalf and would only release the funds upon them contacting the bank. A contact number and e-mail address were given in the message. Once contacted, the scammer would trick the victim into paying an undisclosed sum of money for the release of the "<em>compensation</em>". Click the link below to read more.</p>
<p><a class="reference external" href="http://www.abs-cbnnews.com/global-filipino/04/23/15/ofws-told-beware-middle-east-compensation-package-scam">http://www.abs-cbnnews.com/global-filipino/04/23/15/ofws-told-beware-middle-east-compensation-package-scam</a></p>
</div>
Video: Top 10 Most Popular Passwords2015-04-20T03:21:00-04:002015-04-20T03:21:00-04:00Jon Phishtag:antiphishing.club,2015-04-20:/video-top-10-most-popular-passwords.html<p>It is a very difficult task to create and remember a password. There are <a class="reference external" href="http://antiphishing.club/tips-and-tricks-for-creating-passwords/">tips and tricks for creating passwords</a>, but sometimes people choose to avoid using strong passwords. This allows hackers to use their victim's social media, web e-mail and online retailer accounts. It is important that the passwords …</p><p>It is a very difficult task to create and remember a password. There are <a class="reference external" href="http://antiphishing.club/tips-and-tricks-for-creating-passwords/">tips and tricks for creating passwords</a>, but sometimes people choose to avoid using strong passwords. This allows hackers to use their victim's social media, web e-mail and online retailer accounts. It is important that the passwords chosen for your online accounts are easy for you to remember, but harder for someone else to figure out.</p>
<p><a class="reference external" href="https://www.youtube.com/user/Top10Media">Top10Media</a> released a <a class="reference external" href="http://www.youtube.com">YouTube</a> video detailing the ten most popular passwords used by people to secure their online accounts. These passwords are badly constructed because they are to easy to crack by an experienced hacker and not complicated enough for a person to figure out. These passwords must not be used under any circumstances, but serve as an example of passwords that should not be used. The following is a list of these badly constructed passwords shown in the video below, ordered by popularity:</p>
<ol class="arabic simple">
<li>123456</li>
<li>Password</li>
<li>12345</li>
<li>12345678</li>
<li>qwerty</li>
<li>123456789</li>
<li>1234</li>
<li>Baseball</li>
<li>Dragon</li>
<li>Football</li>
</ol>
<p>From the list above, the most common password involves the numbers one through nine, in a sequential order. Avoiding sequences like these will ensure that your passwords are harder for hackers to determine. The video below highlights other tips to avoid when creating passwords:</p>
<div class="docutils container">
<iframe src="https://www.youtube.com/embed/BltvLgoBF-o" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div>
Weekly Top 3 - ED #16.20152015-04-17T01:08:00-04:002015-04-17T01:08:00-04:00Jon Phishtag:antiphishing.club,2015-04-17:/weekly-top-3-ed-16-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Chase Bank, Operation Pawn Storm and 82 Seconds.</p>
<div class="section" id="chase-bank-warns-customers-of-phishing-scams">
<h2>Chase …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Chase Bank, Operation Pawn Storm and 82 Seconds.</p>
<div class="section" id="chase-bank-warns-customers-of-phishing-scams">
<h2>Chase Bank Warns Customers Of Phishing Scams</h2>
<p><a class="reference external" href="http://www.chase.com">Chase Bank</a> reported that they received complaints from customers about e-mails concerning online payments. Further investigations proved that these e-mails were part of a phishing campaign targeting the bank's customers. The subject reads: '<em>Thank you for scheduling your online payments</em>' and so far two versions of the e-mail have been identified. These phishing e-mails also contained attachments with the file names, '<em>payment.exe</em>' and '<em>payment.zip</em>', which are very likely to be malicious. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19565-Chase-Bank-Warns-Customers-of-Phishing-Email-Campaign.htm">http://www.spamfighter.com/News-19565-Chase-Bank-Warns-Customers-of-Phishing-Email-Campaign.htm</a></p>
</div>
<div class="section" id="researchers-identify-new-targets-in-operation-pawn-storm">
<h2>Researchers Identify New Targets In 'Operation Pawn Storm'</h2>
<p>Operation Pawn Storm was a campaign discovered by <a class="reference external" href="http://www.trendmicro.com">Trend Micro</a> last year in 2014. It was believed to be conceived in 2007 for the purpose of gathering information. Since then, it has been revealed that this campaign targeted government, military and media institutions around the world with SEDNIT malware. However, recently three <a class="reference external" href="http://www.youtube.com">Youtube</a> personalities have been targeted in GMail phishing attacks after they interviewed President Barrack Obama. Furthermore, European NATO members have also been targeted by this campaign. The phishing e-mails contained a malicious link that tricked the victim into downloading a HTML5 plugin, which was actually malware. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/white-house-nato-in-crosshairs-of-operation-pawn-storm-campaign/article/409556/">http://www.scmagazine.com/white-house-nato-in-crosshairs-of-operation-pawn-storm-campaign/article/409556/</a></p>
</div>
<div class="section" id="cyber-thieves-take-82-seconds">
<h2>Cyber Thieves Take 82 Seconds</h2>
<p>They are not the <a class="reference external" href="http://en.wikipedia.org/wiki/Minutemen">Minute Men</a>, but hackers are able to ensnare their victims in under two minutes. <a class="reference external" href="http://www.verizon.com">Verizon</a> recently completed a study of 80,000 incidents that hit thousands of companies in 2014. They had concluded that there was 25% chance of companies opening a phishing e-mail. Further analysis proved that more than half of the victims clicked the link in a phishing e-mail within the first hour of it being sent. The report also highlights the importance of educating people on spotting a <a class="reference external" href="http://antiphishing.club/indicators-of-a-phishing-email/">phishing e-mail</a> because it would reduce the number of these attacks. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.mytechbits.com/cyber-thieves-take-just-82-seconds-to-ensnare-victims/981570/">http://www.mytechbits.com/cyber-thieves-take-just-82-seconds-to-ensnare-victims/981570/</a></p>
</div>
Weekly Top 3 - ED #15.20152015-04-10T03:48:00-04:002015-04-10T03:48:00-04:00Jon Phishtag:antiphishing.club,2015-04-10:/weekly-top-3-ed-15-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Steam, PCDA and Coinbase.</p>
<div class="section" id="fake-steam-pages-hide-malware">
<h2>Fake Steam Pages Hide Malware …</h2></div><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Steam, PCDA and Coinbase.</p>
<div class="section" id="fake-steam-pages-hide-malware">
<h2>Fake Steam Pages Hide Malware</h2>
<p><a class="reference external" href="https://steamcommunity.com/greenlight">Steam Greenlight</a> is a community developed by Valve to give indie developers a platform for promoting their games on <a class="reference external" href="http://store.steampowered.com/">Steam</a>. Earlier this week, one indie developer was surprised to find that there was a copy of their Steam page in the 'Concepts' section. Unfortunately, the page provided a malicious link that would direct the user to a download site containing malware. There has been other reports of fake Steam pages as well. Valve has removed these fake pages and are taking steps to deal with anyone involved with this phishing campaign. Click the link below to read more.</p>
<p><a class="reference external" href="http://steamed.kotaku.com/warning-scammers-are-hiding-malware-behind-fake-steam-1696247784">http://steamed.kotaku.com/warning-scammers-are-hiding-malware-behind-fake-steam-1696247784</a></p>
</div>
<div class="section" id="pcda-website-hacked-veterans-threatened">
<h2>PCDA Website Hacked, Veterans Threatened</h2>
<p>The Principal Controller of Defense Accounts (PCDA) website had been hacked last month. The organization believes that the personal information and login credentials of US Army officers were compromised. The personal information included officer's name, badge numbers, bank account numbers, date of birth and commission date. Furthermore, the organization advised that it is highly likely that phishing campaigns will directed at these officers because of the breach. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.igovernment.in/news/1002941/pcda-website-hacked">http://www.igovernment.in/news/1002941/pcda-website-hacked</a></p>
</div>
<div class="section" id="sendgrid-email-breach-used-to-attack-coinbase-customers">
<h2>SendGrid Email Breach Used to Attack Coinbase Customers</h2>
<p><a class="reference external" href="http://www.sendgrid.com">SendGrid</a> is a mass e-mail service used by companies for the purpose of alerting customers to company updates and their account updates. Earlier this week, SendGrid confirmed that one of their <a class="reference external" href="http://bitcoin.org">Bitcoin</a> clients was compromised. <a class="reference external" href="http://www.coinbase.com">Coinbase</a> later confirmed that their account with SendMail was hacked. As a result, hackers were using this e-mail service to craft phishing e-mails with malicious links for the purpose of stealing Bitcoin users' login credentials. Accessing these accounts allows hackers to potentially steal millions of dollars worth of bitcoins. Click the link below to read more.</p>
<p><a class="reference external" href="http://bits.blogs.nytimes.com/2015/04/09/sendgrid-email-breach-was-used-to-attack-coinbase-a-bitcoin-exchange/?_r=0">http://bits.blogs.nytimes.com/2015/04/09/sendgrid-email-breach-was-used-to-attack-coinbase-a-bitcoin-exchange/?_r=0</a></p>
</div>
Weekly Top 3 - ED #14.20152015-04-04T03:40:00-04:002015-04-04T03:40:00-04:00Jon Phishtag:antiphishing.club,2015-04-04:/weekly-top-3-ed-14-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to TRICARE, Apple and a Dyre Wolf.</p>
<div class="section" id="tricare-warns-military-veterans-and-public-about-phone-scams">
<h2>TRICARE Warns Military Veterans …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to TRICARE, Apple and a Dyre Wolf.</p>
<div class="section" id="tricare-warns-military-veterans-and-public-about-phone-scams">
<h2>TRICARE Warns Military Veterans And Public About Phone Scams</h2>
<p>Another medical insurer received reports that military personnel and their families had fallen victim to a phishing phone scam. The victims were called by persons appearing to be TRICARE employees. The scammers were using the victim's personal information to trick them into handing over their Social Security numbers. The scam required the fake TRICARE representative to confirm the victim's personal information and offer them new coverage for their existing plan. However, this would only be provided if the victim gave them the Social Security number. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.abcactionnews.com/money/consumer/taking-action-for-you/phishing-phone-calls-target-military-members-and-their-families">http://www.abcactionnews.com/money/consumer/taking-action-for-you/phishing-phone-calls-target-military-members-and-their-families</a></p>
</div>
<div class="section" id="apple-users-become-victim-to-phishing-e-mails">
<h2>Apple Users Become Victim To Phishing E-mails</h2>
<p>The security firm <a class="reference external" href="http://www.bitdefender.com/">BitDefender</a> stated that <a class="reference external" href="http://www.apple.com">Apple</a> users were being targeted though phishing e-mails for access to their online accounts with Apple. The phishing e-mail does not directly address the recipient, but claims that the user must perform a verification on their billing information. The e-mail contained a "Reset Page" link that forwarded the user to a webpage that requested the user to enter their My Apple login credentials, payment card information and address. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19547-Bitdefender-Users-of-Apple-Become-Victims-of-Phishing-Emails-Again.htm">http://www.spamfighter.com/News-19547-Bitdefender-Users-of-Apple-Become-Victims-of-Phishing-Emails-Again.htm</a></p>
</div>
<div class="section" id="ibm-spots-a-dyre-wolf">
<h2>IBM Spots A Dyre Wolf</h2>
<p>Earlier this week, <a class="reference external" href="http://www.ibm.com/security/">IBM Security</a> uncovered and had been following a malware by the name of Dyre. However, a recent variant of Dyre called Dyre Wolf had managed to take between half a million and $1.5 million from organizations in recent incidents. What made this malware dangerous was the fact that it exploited a vulnerability in two-factor authentication with the use of <a class="reference external" href="http://antiphishing.club/phishing-and-social-engineering/">social engineering</a>. Dyre monitored banking websites visited on infected computers. When it detected a user attempting to login, it would replace the webpage with one informing the user of technical difficulties and provide a number to get help. Once the victim called the number, the scammer would trick the victim into divulging their login credentials for the purpose of stealing money through wire transfer. Click the link below to read more.</p>
<p><a class="reference external" href="http://paymentweek.com/2015-4-3-ibm-spots-new-malware-attack-the-dyre-wolf-6962/">http://paymentweek.com/2015-4-3-ibm-spots-new-malware-attack-the-dyre-wolf-6962/</a></p>
</div>
Weekly Top 3 - ED #13.20152015-03-28T05:12:00-04:002015-03-28T05:12:00-04:00Jon Phishtag:antiphishing.club,2015-03-28:/weekly-top-3-ed-13-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing activities related to Google, Virlock and a Woolen Goldfish.</p>
<div class="section" id="european-firms-targeted-by-operation-woolen-goldfish">
<h2>European Firms targeted by …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing activities related to Google, Virlock and a Woolen Goldfish.</p>
<div class="section" id="european-firms-targeted-by-operation-woolen-goldfish">
<h2>European Firms targeted by Operation Woolen Goldfish</h2>
<p>A <a class="reference external" href="http://antiphishing.club/phishing-and-social-engineering/">spear phishing</a> campaign named Operation Woolen Goldfish, was used by hackers earlier this week to distribute malware. The e-mails tricked victims into opening malicious Microsoft Office files. Once the infected file was opened, a keylogger malware would infect the victim's computer. This enabled the hacker to steal the victim's personal information and any login credentials. The report further highlighted that the hackers who were responsible for the Rotten Kitten campaign, may also be responsible for this campaign as well. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.v3.co.uk/v3-uk/news/2400523/operation-woolen-goldfish-hackers-spear-phishing-european-firms">http://www.v3.co.uk/v3-uk/news/2400523/operation-woolen-goldfish-hackers-spear-phishing-european-firms</a></p>
</div>
<div class="section" id="google-announces-safe-browsing-api">
<h2>Google announces Safe Browsing API</h2>
<p>Google announced that their company's malware-blocking data is now freely available. This will allow developers to incorporate additional security features into their web and mobile applications. The API allows developers to check URLs and verify whether they are potential phishing sites or websites that contain malware. This ultimately prevents users from accessing malicious sites that have been blacklisted by Google. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.programmableweb.com/news/google-announces-safe-browsing-api/brief/2015/03/26">http://www.programmableweb.com/news/google-announces-safe-browsing-api/brief/2015/03/26</a></p>
</div>
<div class="section" id="hackers-breaking-ground-with-virlock-ransomware">
<h2>Hackers breaking ground with Virlock Ransomware</h2>
<p>Its not a phishing campaign, but opening malicious attachments have very far reaching consequences. Ransomware is malicious software that encrypts your files. The victim is then forced to pay the hacker a sum of money to decrypt these files. If payment is not received in a specified time, the hacker deletes the crypto-key. However, a ransomware named Virlock has been reported to go beyond just encrypting files. It has been able to infect other Microsoft Office files. The purpose of this action is to ensure that this ransomware is unwittingly distributed to other people's computers by the victim. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.darkreading.com/hackers-breaking-new-ground-with-ransomware/d/d-id/1319475">http://www.darkreading.com/hackers-breaking-new-ground-with-ransomware/d/d-id/1319475</a></p>
</div>
Weekly Top 3 - ED #12.20152015-03-21T00:49:00-04:002015-03-21T00:49:00-04:00Jon Phishtag:antiphishing.club,2015-03-21:/weekly-top-3-ed-12-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Premera, a FREAK and a children's hospital.</p>
<div class="section" id="over-11m-premera-customer-s-information-compromised">
<h2>Over 11M Premera …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Premera, a FREAK and a children's hospital.</p>
<div class="section" id="over-11m-premera-customer-s-information-compromised">
<h2>Over 11M Premera customer's information compromised</h2>
<p>Another insurance company has issued a statement to their customers. Premera had reported that there was a breach in their IT systems and cyber criminals have likely taken the personal information of their customers and employees. The information included name, address, Social Security numbers, plan numbers and e-mail addresses. The company has offered their customers free credit monitoring and identity theft protection for two years. However, the company is requesting all their customers to be aware of any suspicious e-mails requesting personal information. Click the link below to read more.</p>
<p><a class="reference external" href="http://premeraupdate.com/">http://premeraupdate.com/</a></p>
</div>
<div class="section" id="freak-leaves-android-and-ios-phones-open-to-attack">
<h2>FREAK leaves Android and iOS phones open to attack</h2>
<p>Superfish has now been overshadowed by FREAK; the HTTPS-crippling vulnerability that attacks browsers. Its purpose was to allow cyber criminals to decrypt passwords and view sensitive transaction details, like credit card numbers. Most browsers have been updated and patched against this vulnerability, but Android and iOS phones are still vulnerable. Security researchers from <a class="reference external" href="http://www.fireeye.com">FireEye</a> have revealed that these App stores contain several apps that could be exploited. This would allow a cyber criminal the opportunity to pose as an official website or service for the purpose of stealing a user's login credentials. Click the link below to read more.</p>
<p><a class="reference external" href="http://arstechnica.com/security/2015/03/https-crippling-freak-exploit-hits-thousands-of-android-and-ios-apps/">http://arstechnica.com/security/2015/03/https-crippling-freak-exploit-hits-thousands-of-android-and-ios-apps/</a></p>
</div>
<div class="section" id="phishing-scam-leads-to-potential-personal-health-information-exposure">
<h2>Phishing scam leads to potential Personal Health Information exposure</h2>
<p>The Children's National Hospital gave a statement indicating that cyber criminals had gained access to personal health information (PHI) via phishing scam. They stated that a successful phishing scam targeting employees of the hospital allowed unauthorized access to their systems and revealed names, addresses, e-mail addresses, diagnosis and other medical treatments. The company has taken measures to ensure that employees report suspicious e-mails. They are also warning their patients of potential phishing campaigns that may be a result of this exposure. Click the link below to read more.</p>
<p><a class="reference external" href="http://healthitsecurity.com/2015/03/18/phishing-scam-leads-to-potential-phi-exposure/">http://healthitsecurity.com/2015/03/18/phishing-scam-leads-to-potential-phi-exposure/</a></p>
</div>
Weekly Top 3 - ED #11.20152015-03-12T23:36:00-04:002015-03-12T23:36:00-04:00Jon Phishtag:antiphishing.club,2015-03-12:/weekly-top-3-ed-11-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to CS:GO, Google Apps and a possible phishing campaign …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to CS:GO, Google Apps and a possible phishing campaign.</p>
<div class="section" id="counter-strike-global-offensive-phishing-site-found">
<h2>Counter Strike: Global Offensive Phishing site found</h2>
<p>Phishing scams are <a class="reference external" href="http://antiphishing.club/weekly-top-3-ed-08-2015/">targeting gamers</a> through popular digital distribution platforms like <a class="reference external" href="http://www.steampowered.com">Steam</a>. However, they usually target gamers who are enthusiastic about certain multiplayer titles because of its social aspect. A fake website, with the URL csgoloungcs[dot]com, has recently appeared with the purpose of stealing Steam user login information and tricking the victim into downloading malware. This fake website mimics the official CS:GO lounge website. Click on the link below to read more.</p>
<p><a class="reference external" href="http://wccftech.com/csgo-phishing-site-spotted/">http://wccftech.com/csgo-phishing-site-spotted/</a></p>
</div>
<div class="section" id="white-listed-phishing-e-mails-slip-through-google-apps">
<h2>White-listed phishing e-mails slip through Google Apps</h2>
<p>Security researchers earlier this week were able to exploit a flaw (<em>recently patched</em>) in Google Apps that gave them the ability to trick Google's Mail server into sending phishing emails. These e-mails appear to come from a legitimate corporate [dot]COM domain, which allows them to slip through the SPAM filters. The attack allowed the researchers to temporarily claim domains and send e-mails containing malicious links. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/03/10/whitelisted_phish_slip_through_google_apps/">http://www.theregister.co.uk/2015/03/10/whitelisted_phish_slip_through_google_apps/</a></p>
</div>
<div class="section" id="stolen-hard-drive-of-40-000-medical-records">
<h2>Stolen Hard Drive of 40,000 Medical Records</h2>
<p>Nearly 40,000 patient medical records stored on two hard drives were stolen from the Indiana State Medical Association (ISMA). These hard drives contained the ISMA group health and life insurance databases, which contained persons' names, contact information, e-mail addresses, social security numbers and personal medical history. It was unclear if the data stored on the drives were encrypted, but if they were not encrypted then it is likely that the thieves could sell the information to cyber criminals for use in <a class="reference external" href="http://antiphishing.club/phishing-and-social-engineering/">phishing and spear phishing</a> campaigns. It is likely that insured persons will have to be on the lookout for identity theft, spear phishing and insurance fraud. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.infosecurity-magazine.com/news/almost-40000-medical-records/">http://www.infosecurity-magazine.com/news/almost-40000-medical-records/</a></p>
</div>
Weekly Top 3 - ED #10.20152015-03-08T20:26:00-04:002015-03-08T20:26:00-04:00Jon Phishtag:antiphishing.club,2015-03-08:/weekly-top-3-ed-10-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Tollway, WhatsApp and a mind-reading DNS service called NLPRank.</p>
<div class="section" id="phishing-scam-targets-tollway-riders">
<h2>Phishing …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Tollway, WhatsApp and a mind-reading DNS service called NLPRank.</p>
<div class="section" id="phishing-scam-targets-tollway-riders">
<h2>Phishing scam targets Tollway riders</h2>
<p>Tollway I-PASS users were warned that a phishing e-mail was sent to them asking them to repay the company for erroneous missed tolls. The company has stated that no personal customer information has been stolen thus far, but they have highlighted that someone is using a general e-mailing list to distribute these phishing e-mails. Furthermore, the e-mail has a link that directs the customer to a fake Tollway E-ZPass site that allows the hackers to obtain the victims personal information. Click on the link below to learn more.</p>
<p><a class="reference external" href="http://chicago.suntimes.com/news/7/71/419939/tollway-warns-phishing-scam-seeking-erroneous-missed-tolls">http://chicago.suntimes.com/news/7/71/419939/tollway-warns-phishing-scam-seeking-erroneous-missed-tolls</a></p>
</div>
<div class="section" id="whatsapp-voice-calling-scam">
<h2>WhatsApp Voice Calling Scam</h2>
<p>The popular instant messaging service, WhatsApp is currently in the process of adding a new voice calling feature that lets you make voice call over the Internet to your contacts that already have the feature enabled on their phones. Scammers are now sending messages via WhatsApp taking advantage of people who wish to adopt this new feature. The phishing message asks the victim to click on a link, which directs them to a website and tricks them into downloading an unwanted app that exposes the victim's contact list to scammers. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.crazyengineers.com/threads/whatsapp-voice-calling-beware-of-the-scam.79324/">http://www.crazyengineers.com/threads/whatsapp-voice-calling-beware-of-the-scam.79324/</a></p>
</div>
<div class="section" id="mind-reading-dns-security-service-nlprank">
<h2>Mind-reading DNS security service: NLPRank</h2>
<p>Natural Language Processing (NLP) is primarily used by search engines to give user's better results. OpenDNS has decided to use this technique to identify potentially malicious typo-squatting/targeted phishing domains, which are used by scammers to set up fake websites for their phishing schemes and C&C servers. The name given to this pre-cognitive service was NLPRank. This service makes use of the fact that domains associated with these schemes are constructed in similar lexical fashion and therefore spoofing legitimate domains (e.g. adobe.com). Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/03/06/precog_dns_security/">http://www.theregister.co.uk/2015/03/06/precog_dns_security/</a></p>
</div>
Weekly Top 3 - ED #09.20152015-02-27T01:22:00-04:002015-02-27T01:22:00-04:00Jon Phishtag:antiphishing.club,2015-02-27:/weekly-top-3-ed-09-2015.html<p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to hackers impersonating IT staff, Amazon and a botnet named …</p><p>The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to hackers impersonating IT staff, Amazon and a botnet named RAMNIT.</p>
<div class="section" id="amazon-customers-tricked-with-phishing-scam">
<h2>Amazon Customers tricked with Phishing Scam</h2>
<p>Earlier this week Security experts were informed that there was a phishing campaign targeting users of the popular online retailer, Amazon. This scam was aiming to harvest customer's login information for the online shopping service. The phishing e-mail would state that it came from the customer service department and it would ask the victim to verify a ticket number. The link within this malicious e-mail would then direct the victims to a fake login page for Amazon, which would used to obtain the login credentials. The cyber criminals would then use these credentials to make purchases or obtain further information on the victim. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.spamfighter.com/News-19475-Customers-of-Amazon-Tricked-With-Phishing-Email-Campaign-Experts.htm">http://www.spamfighter.com/News-19475-Customers-of-Amazon-Tricked-With-Phishing-Email-Campaign-Experts.htm</a></p>
</div>
<div class="section" id="hackers-impersonating-it-staff-becoming-a-popular-tactic">
<h2>Hackers impersonating IT staff becoming a popular tactic</h2>
<p>Researchers at <a class="reference external" href="https://www.fireeye.com/">FireEye</a> have suggested that hackers are starting to use a common <a class="reference external" href="http://antiphishing.club/phishing-and-social-engineering/">social engineering</a> tactic, which involves impersonating IT staff with the purpose of exploiting a company's greatest asset and greatest weakness, its employees. Fire Eye has observed that hackers are impersonating IT staff in 78 percent of these phishing schemes, which in comparison is an increase to last year's observation of 44 percent. Additionally, the increase in outsourcing services and lack of two-factor authentication on internal systems also increases the success of a data breach. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.zdnet.com/article/hackers-impersonating-it-departments-becomes-popular-tactic-in-data-breaches-fireeye-finds/">http://www.zdnet.com/article/hackers-impersonating-it-departments-becomes-popular-tactic-in-data-breaches-fireeye-finds/</a></p>
</div>
<div class="section" id="ramnit-botnet-shuts-down">
<h2>RAMNIT BotNet Shuts Down</h2>
<p>European Cybercrime police have successfully taken down the RAMNIT botnet, which was responsible for infecting 3.2 million computers worldwide. This malware had spread through links embedded in phishing e-mails and in posts on social networking sites like Facebook and Twitter. The malware allowed hackers to access computers for the purpose of stealing passwords, personal data and/or launch illegal attacks on websites. Click on the link below to read more.</p>
<p><a class="reference external" href="http://www.theregister.co.uk/2015/02/25/europol_shuts_down_ramnit_botnet_hampshire/">http://www.theregister.co.uk/2015/02/25/europol_shuts_down_ramnit_botnet_hampshire/</a></p>
</div>
Weekly Top 3 - ED #08.20152015-02-19T22:00:00-04:002015-02-19T22:00:00-04:00Jon Phishtag:antiphishing.club,2015-02-19:/weekly-top-3-ed-08-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Games, Israeli sites and a particular Superfish.</p>
<div class="section" id="lenovo-accused-of-compromising-user-security-by-installing-adware-on-new-pcs">
<h2>Lenovo accused of …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Games, Israeli sites and a particular Superfish.</p>
<div class="section" id="lenovo-accused-of-compromising-user-security-by-installing-adware-on-new-pcs">
<h2>Lenovo accused of compromising user security by installing adware on new PCs</h2>
<p>Superfish is being described as a software that offers users a "<em>visual search</em>" experience. However, this software distributed by Lenovo, one of the largest PC manufacturers in the world, is being accused of compromising user security by installing an adware application on all its computers. However, the most troubling feature of Superfish is its ability to allow hackers to eavesdrop on encrypted connections and view user's web browsing activities. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish">http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish</a></p>
</div>
<div class="section" id="phishing-for-gamers">
<h2>Phishing for Gamers</h2>
<p>There is a rise in phishing campaigns to attack gamers because of the popularity of digital game distribution platforms like <a class="reference external" href="http://store.steampowered.com/">Steam</a>, <a class="reference external" href="http://www.gog.com">GOG</a> and <a class="reference external" href="https://www.humblebundle.com/">Humble Bundle</a>. These companies now hold information such as name, address and in some cases, credit card numbers. This is the reason for cyber criminals to set up fake websites for the purpose of stealing login credentials from unsuspecting gamers. Click on the link below to learn more.</p>
<p><a class="reference external" href="http://wccftech.com/phishing-gamers/">http://wccftech.com/phishing-gamers/</a></p>
</div>
<div class="section" id="report-finds-gaza-hackers-attacked-israeli-sites">
<h2>Report finds Gaza Hackers Attacked Israeli Sites</h2>
<p>It's called Operation Avid Viper. The <a class="reference external" href="http://antiphishing.club/phishing-and-social-engineering/">spear phishing</a> campaign organized by Gaza hackers to target Israeli government offices, military, academic organizations and average citizens. The e-mails targeted people who regularly received pornographic material and would hesitate to report the incident. The e-mail would contain a file infected with malware that would steal documents from infected systems. Click on the link below to learn more.</p>
<p><a class="reference external" href="http://blogs.wsj.com/digits/2015/02/17/report-finds-gaza-hackers-attacked-israeli-sites/">http://blogs.wsj.com/digits/2015/02/17/report-finds-gaza-hackers-attacked-israeli-sites/</a></p>
</div>
Weekly Top 3 - ED #07.20152015-02-13T22:51:00-04:002015-02-13T22:51:00-04:00Jon Phishtag:antiphishing.club,2015-02-13:/weekly-top-3-ed-07-2015.html<p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to the Anthem security breach, Paypal and Microsoft.</p>
<div class="section" id="phishing-emails-targeting-anthem-hacking-victims">
<h2>Phishing Emails Targeting …</h2></div><p>The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to the Anthem security breach, Paypal and Microsoft.</p>
<div class="section" id="phishing-emails-targeting-anthem-hacking-victims">
<h2>Phishing Emails Targeting Anthem Hacking Victims</h2>
<p>Earlier this week the health insurer Anthem warned their customers of a breach in its network and systems that exposed the personal information of approximately 80 million people. Scammers are now using this information to distribute <a class="reference external" href="http://antiphishing.club/indicators-of-a-phishing-email/">spear phishing</a> e-mails in the hopes of tricking unlucky individuals into sharing more of their personal information, or to make a profit. Click the link below to read more.</p>
<p><a class="reference external" href="http://arstechnica.com/security/2015/02/let-the-phishing-begin-scammers-now-targeting-anthem-hack-victims/">http://arstechnica.com/security/2015/02/let-the-phishing-begin-scammers-now-targeting-anthem-hack-victims/</a></p>
</div>
<div class="section" id="paypal-phishing-campaigns-become-more-sophisticated">
<h2>PayPal Phishing Campaigns become more sophisticated</h2>
<p><a class="reference external" href="http://www.opendns.com">OpenDNS</a> had detected multiple domains created to impersonate the Paypal website. These sites were used as part of a phishing campaign to steal personal information. The level of sophistication used to create these fake sites has grown in recent years and OpenDNS Security Labs has advised that persons be aware of e-mails addressed to them from these fake 'Paypal' sites. Click the link below to read more.</p>
<p><a class="reference external" href="https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/">https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/</a></p>
</div>
<div class="section" id="microsoft-phishing-campaign-target-corporate-customers">
<h2>Microsoft Phishing campaign target corporate customers</h2>
<p>Corporate entities are being targeted with phishing e-mails containing a download link that is used to deliver malware. These e-mails are disguised as e-mails from the Microsoft Volume Licensing Service Center (VLSC), which ask the user to login and download their VLSC registration details. Click the link below to read more.</p>
<p><a class="reference external" href="http://www.scmagazine.com/microsoft-phishing-emails-target-corporate-users-deliver-malware-that-evades-sandboxes/article/397995/">http://www.scmagazine.com/microsoft-phishing-emails-target-corporate-users-deliver-malware-that-evades-sandboxes/article/397995/</a></p>
</div>
Tips and Tricks for creating passwords2015-01-31T18:46:00-04:002015-01-31T18:46:00-04:00Jon Phishtag:antiphishing.club,2015-01-31:/tips-and-tricks-for-creating-passwords.html<p>Everyone in the world who has access to the internet or works within a corporate intranet knows all too well about having to manage multiple passwords to access their various accounts. Problems always arise with remembering passwords because you have not used an account for a long period of time …</p><p>Everyone in the world who has access to the internet or works within a corporate intranet knows all too well about having to manage multiple passwords to access their various accounts. Problems always arise with remembering passwords because you have not used an account for a long period of time, forgot your recently changed password or cannot remember which password is for which account. All of the above bring a certain level of complexity to the management of passwords and what makes it even worse is that passwords themselves require a certain level of complexity in order to avoid hackers from accessing your personal data and devices.</p>
<p>In this feature, we will give you a couple of tips and tricks for creating passwords. Some of these ideas are not novel, but will give you some assistance when creating passwords.</p>
<div class="section" id="always-use-numbers-and-capital-letters-in-a-sequence">
<h2>Always use numbers and capital letters in a sequence</h2>
<p>Yes, we know what you are thinking. "I already do this" or "I am accustom using both numbers and letters", but there is more strategy to this method than you probably think. Most people always use a word followed buy a sequence of numbers like <em>runningboy1234</em> or <em>runningman5678</em>. This is a good method for formulating your passwords, but there is more that can be done. Placing numbers between words and using capital letters in non-English standard places within your password gives it a more complex structure and makes it harder to figure out. So if we applied this new strategy to the passwords above, then <em>runningboy1234</em> would be <em>ruN1niN2gbO3oy4</em>. As you can probably observe, every third letter is capitalized in '<em>runningboy</em>' and a number is placed after the capitalized letter. Your strategy does not have to be the same. You can choose whatever sequence you are comfortable with remembering. We want to impress upon you that using a capital letter / number sequence in your password would give you a better password.</p>
<div class="docutils container">
<p class="rubric" id="use-your-everyday-non-english-words">Use your everyday non-English words</p>
<p>There several non-English words used by English speakers on a daily basis. Many of the places, food, animals and other cultural everyday items have non-English names in most English-speaking countries throughout the world. The same can be said with any other country where names are derived from the misspelling or mispronunciation of words from other languages. These names are familiar to you, but not always to anyone else and therefore are perfect candidates for a password. Food, animals and local items in conjunction with an adjective and some numbers can be a perfect strategy for creating and remembering your password. For example, <em>quiEt3Paca</em> (i.e. quiet Paca) is a good example of this strategy. However, it should be noted that you should not use the names of towns, cities or boroughs because they are public knowledge.</p>
<p class="rubric" id="use-partial-leetspeak">Use Partial Leetspeak</p>
<p>Now for those who do not know or understand <a class="reference external" href="http://www.urbandictionary.com/define.php?term=leet+speak">leetspeak</a>, do not be afraid. We are going to avoid the confusion of learning an entire new method of spelling words using symbols on your keyboard. However, we are going to take elements of leetspeak and further simplify the process. To begin, there are certain numbers and symbols on your keyboard that look like letters. These symbols can be used to replace letters in your passwords. For example, the letter 'a' and the '@' symbol look the same. Therefore, using this strategy on the password '<em>rottenapple12</em>' would yield the new password '<em>rotten@pple12</em>'. This substitution adds complexity to the password, but does not take away its meaning, which makes the password easily memorable. Here are some other symbols and numbers that can be used in place of letters:</p>
</div>
<div class="docutils container">
<p>e = 3</p>
<p>s = 5 or $</p>
<p>o = 0 (zero)</p>
<p>i = !</p>
<p class="rubric" id="use-pattern-typing">Use Pattern Typing</p>
<p>This strategy is very difficult to master, but with practice it becomes easier over time. If you have an <a class="reference external" href="http://www.android.com/">Android</a> phone, then you probably know about the pattern lock system where you are given nine dots and must connect these dots in a predetermined pattern to unlock your device. Pattern typing follows the same idea as the pattern locking system. Firstly, you must choose an area of your keyboard containing both numbers and letters. Draw a pattern by connecting the numbers and letters in no particular order and presto there is your password. The main advantage of this strategy is that no definitive word is created in the process and only you know the pattern. However, it can be difficult to master because the keys on a keyboard are not perfectly aligned and can cause confusion if you don't know where to begin.</p>
<p>These four (4) strategies are great for both creating and remembering passwords. However, if you still have problems with remembering your passwords, may we suggest a password manager such as <a class="reference external" href="https://lastpass.com/">LastPass</a> or <a class="reference external" href="http://keepass.info/">KeePass</a>. Both managers are really good and keep your passwords safe.</p>
</div>
</div>