The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing scams related to Apple Safari, Windows ID and CareFirst.
A security researcher recently found that the latest version of Apple's Safari web browser was vulnerable to a new URL spoofing method. The flaw demoed by the researcher shows that another web page can be loaded into the browser, while the address displayed is one from a trusted web site. This flaw can be exploited in OS X and iOS devices. It allows hackers the opportunity to direct their victims to a malicious website while the address bar shows a legitimate web address. This flaw can be used in phishing attacks on Apple users for the purpose of stealing login credentials or personal information. Click the link below to read more.
Security researchers at Kaspersky Labs reported that their users are being targeted for their Windows Live ID. The new phishing scam comes in the form of an e-mail that baits the victim into thinking that their Windows Live accounts will be suspended, if they do not update their details. The link embedded in the phishing e-mail takes the victim to a Windows Live page. However, after the victim logs into their account, a prompt requesting access to their personal information and their contact address book appears. Once clicked a malicious program steals the necessary information including login credentials and calendar appointments. Click the link below to read more.
The latest medical insurer to be compromised in the ongoing attacks on medical insurers is CareFirst Blue Cross Blue Shield. The company recently issued a statement that disclosed the details of a data breach of a database in June 2014. This breach affected 1.1 million members of the insurer and follows on the heels of the Anthem, Premera and TRICARE data breaches. The attackers gained unauthorized access to the database, which contained user names, identification numbers, birth dates and e-mail addresses. No Social Security Numbers and medical claims information were exposed during the hack and passwords were encrypted. However, the medical insurer has stated that spear-phishing attacks will be a result of this breach and have highlighted that some their customers have reported incidents of receiving phishing e-mails. Click the link below to read more.