The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Yahoo and Dropbox, Microsoft and the old 'new' Nigerian scam.
Security experts warned of two phishing campaigns that targeted Yahoo Mail and Dropbox users, earlier this week. The purpose of the Yahoo user-targeted phishing campaign was to steal the login credentials and use users' identities to scam their contacts. The phishing e-mail was an 'expired account' type e-mail that contained a link that leads to a fake Yahoo login page. Once the victim enters their login credentials, an alternate account with the same username was created on Outlook.com. A rule was then created on the compromised Yahoo account, to forward all incoming mail to the alternate account and delete these messages right after. The scammers would then use the alternate account to send e-mails to the victim's address contacts claiming that an emergency occurred and they required money.
The Dropbox user-targeted campaign was similar to the other campaign described above. The phishing e-mails used in this attack requested that the victim click on an e-mail icon to view 'urgent and highly confidential' files. This linked the victim to a fake Dropbox login page, which would steal the victim's login credentials. Click the link below to read more.
http://www.infosecurity-magazine.com/news/phishers-out-in-force-con-yahoo/
FireEye recently stated that a Chinese Hacker group called APT17 was using Microsoft's TechNet website as part of its attack infrastructure. As a result, Microsoft has taken measures to remove all traces of the hacker's malicious activities from their website. APT17 created accounts on TechNet and left comments on certain pages that contained the name of an encoded domain, which infected computers were instructed to contact. The hacker group is known for sending phishing e-mails with malicious attachments containing malware that would infect computers and force them to contact command-and-control (C&C) servers for further instructions. In this case the hacker group's malware used the TechNet website as an intermediary for storing the location of the C&C server's address. Click the link below to read more.
Researchers at Panda Labs recently discovered a phishing campaign that was used to slip malicious programs past antivirus software used by Oil companies. The campaign used a spear-phishing e-mail with a fake PDF attachment. When this attachment was opened, a new folder was created and a batch file was executed. This batch file would steal files and user credentials from the victim's computer. The security firm stated that it was a new spin on the 'Nigerian' scam. For this scam, the scammer contacts an oil broker and offers them a quantity of oil. The scammer then tells the broker that the PDF attachment is proof of this purchase. When the oil broker opens the attachment, the computer is infected and eventually the users' credentials, as well as files are sent to an external FTP server. Click the link below to read more.
APHC