The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Blue Cross, U-mail and SWIFT.
Health insurance scams are becoming more popular. This is due to the ease at which scammers are able to obtain personal information from their victims. The customers of Blue Cross Blue Shield are frequently targeted by scammers. The phishing scams usually began with the scammers claiming to be the health insurer, when they called or e-mailed the victim. They would use the opportunity to obtain the victim's date-of-birth, Social Security Number or bank account information. Once they obtain this information, the scammers used it to apply for credit cards and obtained loans from various banks in the victim's name. Click Here to read more.
The students of the University of California, Santa Barbara (UCSB) were the victims of a phishing scam originating from compromised U-mail accounts. These compromised accounts were used in the phishing scam to steal the usernames and passwords to other students' university accounts. These stolen credentials would be used by the hackers to access the respective e-mail accounts. The newly compromised accounts were used to send more phishing e-mails for the same purpose. Hackers used U-mail accounts to spread the phishing e-mail because these accounts were trusted by the students, which made the phishing scam harder to detect. Click Here to read more.
Earlier this week, Symantec reported that there was a campaign targeting financial organizations worldwide. This campaign involved the use of phishing e-mails to infiltrate banking, securities, trading and payroll departments of these organizations. The phishing e-mails would usually contain a malicious attachment that contained a Trojan malware called Odinaff. This malware was designed to target users of the SWIFT global financial messaging system. It would infect the users' computers and monitor the SWIFT customer logs. These logs contained International Bank Account Numbers (BAN) and account balances, which the hackers could use for other hacks on the SWIFT network. Click Here to read more.