The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to NatWest, Phishing-as-a-Service and Pokemon Go.
Fake banking support Twitter accounts are still being used by scammers to steal bank login credentials. The customers of NatWest Bank were targeted earlier this week by this type of phishing scam. The phishing scam began with customers attempting to contact NatWest via their Twitter account. However, while searching for the Twitter account, some customers ended up contacting scammers through the fake NatWest Twitter page. Once the scammer had made contact with the customer, they tricked them into click on malicious links in tweets forwarded to the customer. These links forwareded the customers to a fake login page setup by the scammers to steal their login credentials to their bank accounts. Click Here to Read More.
Scammers use fake login websites to steal login credentials. This method is the most popular method to trick users into giving up their account logins. These pages look and feel like the legitmate websites that they emulate. However, security researchers have now found a Russian underground webiste that offers these fake login pages for free. THe service is known as "Fake-Game" and it allows anyone to create an athentic looking phishing page. The user does not need to have any training or technical knowlodge to use it. However, even though the service is free, there is also a paid plan that allows users to access all the stolen login credentials collected by the free users. Additionally, paid users can block other paid users from using stolen accounts they are accessing. Click Here to Read More.
Scammers and hackers are using social media to spread fake apps and phishing messages that target Pokemon Go users. Security researchers have found that several social media pages related to Pokemon Go, were actually serving malicious links to unsuspecting gamers. The social media accounts offered gamers downloads to game guides and apps to assist them with their gaming experience. However, these downloads actually contained adware and/or malware that was used to infect players' smartphones. Once installed, these apps recorded user's actions on their smartphones or redirected gamers to fake dating websites. Click Here to Read More.