The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to ANZ, SIM swapping and stolen Netflix accounts.
The customers of the Australian and New Zealand Banking Group (ANZ) have become the recent target of cyber criminals. It was reported that a short messaging system (SMS) phishing scam has been luring victims to fake ANZ online banking pages for the purpose of stealing their online banking login credentials. The scam started with an SMS message sent to the cell phone of the victim. This SMS contained a malicious link that forwarded the victim to the mobile version of a genuine-looking banking login webpage. This fake mobile webpage was used to steal the victim's login credentials. Click on the link below to read more.
A new type of scam has recently found its way into the mobile banking arena. This new phishing scam is called SIM swap and its purpose is to circumvent bank security. This scam begins with the use of an individual's banking details, which were obtained through phishing techniques. These details and other personal details obtained from social media, were used by the fraudster to create a false identity. The fraudster would use this identity to pose as the victim to the cell phone operator. They would use social engineering techniques to get the operator to cancel the existing victim's mobile number and reactivating it on another SIM which was in the fraudster possession. This allowed the fraudster to receive all calls and texts from the victim's cell number, which included one-time pin or password from a bank. This allowed the fraudster to potentially access the customer's bank account for the purpose of stealing funds. Click on the link below to read more.
The demand for cheaper Netflix accounts have lead to hackers selling stolen Netflix accounts on the black market. A report released by Symantec earlier this week revealed that hackers are obtaining these stolen accounts through phishing techniques and malware. The phishing scam involved an e-mail that appeared to come from Netflix. This e-mail instructed the victim to update their account information by clicking on a link in the e-mail. However, this link forwarded the victim to a fake Netflix login webpage, which was used to steal their login credentials. The other method of stealing these credentials was the use of malware, which was disguised as Netflix software. Click on the link below to read more.