The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, TalkTalk and an Angler of Executives.
Security researchers at Malwarebytes recently reported in a blog post that a new phishing scam was discovered to be targeting Facebook users. The scam involved a phishing e-mail that appeared to be a Facebook notification e-mail. This e-mail informed the user that their account was reported for abuse. It continued to state that the user's account would be disabled, if they did not click on the link in the e-mail. Once the user clicked the malicious link in the e-mail, they were forwarded to a fake Facebook page, which was used to steal their login credentials, personal information and credit card information. Click the link below to read more.
http://www.infosecurity-magazine.com/news/phishers-target-facebook-users/
TalkTalk was recently a victim of a data breach in October 2015, where customers' data was stolen in the cyber attack. However, recently TalkTalk found a connection between a vishing (phishing-over-the-phone) scam and certain employees of a third party call center company. Upon further investigation, TalkTalk was able to determine that these employees were leaking customer data to the vishing scammers. The employees were arrested by the local authorities and TalkTalk is currently reviewing their relationship with the call center company. Click the link below to read more.
http://www.engadget.com/2016/01/28/talktalk-call-centre-leak/
The very popular Angler exploit kit has recently resurfaced in a new phishing attack. This exploit used a vulnerability found in Adobe Flash and Firefox that allowed hackers to infect computers with malware. This kit was being used by hackers in a campaign called Dark-Hotel. In this campaign, the Wifi routers of hotel networks were hacked and the exploit kit was placed on these routers so as to compromise the computers of executives staying at the hotel. If successful, the exploit kit drops a Trojan virus onto the computer and infects it with more malware or key logging software. Click the link below to read more.
http://www.theregister.co.uk/2016/01/28/angler_exploit_kit_now_hooking_execs_with_xmas_flash_hole/
APHC