The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to hotel bookings, Akorn Inc and a major US magazine publisher.
A US senator recently brought to the attention of the Federal Trade Commission, a online hotel-booking scam used to trick travelers into revealing their personal information and payment details. In the letter, the senator noted that these third party sites look like legitimate sites in order to get travelers to pay for a reservation. However, in some cases the victim doesn't get a room at the hotel or the hotel does not provide the paid amenities that was advertised. In some instances, this scam involved phishing e-mails that contain great deals on hotel rooms, but contain links that lead to fake online hotel-booking sites. These sites are then used to obtain the credit card and personal information of the victim. Click the link below to read more.
http://www.latimes.com/travel/deals/la-tr-spot-20150614-story.html
Akorn Inc. is a pharmaceutical company that held a customer database of over 500,000 records. However, a hacker has recently offered to sell a copy of this database to the highest bidder or back to the company. This offer was done via a post on a popular dark web forum. The database contains names, business related information and DEA numbers, which are used to track controlled substances. The compromised data is likely to increase spear phishing attacks on the company's customers, which include medical practitioners. These phishing attacks could give hackers further access to patient records and other sensitive information. Click the link below to read more.
Bonnier Publications may have lost close to $1.5 million in a spear phishing attack. This publisher is responsible for publishing magazines such as Popular Science and Saveur. According to a report, hackers gained access to the CEO's e-mail account and used it to send fraudulent e-mails to the Accounting Department. The e-mails instructed the employees to wire transfer $3 million into a Chinese Bank. However, only $1.5 million was transferred by the employee who was tricked by the e-mails. The other half of the transaction was not transferred because the CEO was called to confirm the request, but denied giving authorization. Click the link below to read more.