The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to LastPass, Hong Kong City and Trojans.
Earlier this week, the Chief Technological Officer (CTO) of Praesidio and a security researcher named Sean Cassidy revealed a proof-of-concept phishing attack using LastPass. The phishing attack relied on LastPass' browser extension, which allows users to auto-fill forms and create passwords. To implement this attack, a hacker would trick the user into believing that they were logged out of LastPass' service. Afterwards, the hacker would present the user with a fake LastPass login screen, which looked exactly like the one used by LastPass. Once the user entered their login credentials, the hacker would steal the master password to the user's LastPass password vault. Click the link below to read more.
http://mashable.com/2016/01/20/lastpass-hack-phish/#Kj1qOYm2Osq6
Information Security experts in Hong Kong have recorded an increase in phishing attacks on companies and internet users alike. They stated that over 5000 incidents relating to phishing attacks have been responded to by the Hong Kong Computer Emergency Response Team in 2015. They stated that most of these phishing scams involved bogus websites from overseas and the Chinese mainland. These scams focused on stealing their victim's personal information and credit card information. Click the link below to read more.
http://www.shanghaidaily.com/article/article_xinhua.aspx?id=317085
Symantec recently published in a blog post that SMBs in the US and UK are under the threat of remote access Trojan malware. They have identified two particular remote access Trojans which have been found throughout a range of businesses. The hackers behind these attacks used phishing e-mails with compressed file attachments containing the malware. Once the victim opened the attachment, the malware would infect the computer. This infected computer gave the hacker remote access to the network of the business, where they would search for a way of stealing money. Click the link below to read more.