The Weekly Top 3 - ED #30.2015

By Jon Phish, Fri 24 July 2015, in category News

malware, password, phishing, weekly

The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Nigerian scammers, USAJobs and Ashley Madison.

Nigerian Scammers Target Asian Businesses With Bought Exploit Kits

The security firm, FireEye has stated in a report that Nigerian scammers are using more sophisticated methods to defraud business. Their primary target appears to be the Asian market, where these scammers perform reconnaissance of their victims and divert funds from their financial transactions. To carry out the scam, these scammers use malicious Microsoft Word documents sent as attachments in spear phishing e-mails. Once the attachment is opened, the victim's computer is infected with keylogger and remote access malware. This malware is used to collect login credentials and monitor e-mail correspondence between the business and supplier. Click the link below to read more.

http://www.pcadvisor.co.uk/news/security/nigerian-scammers-buy-exploit-kits-to-defraud-asian-businesses-3620657/

USAJobs Scam Targets Federal Job Seekers

The Office of Personnel Management (OPM) had recently issued an alert to job seekers that there was a phishing campaign targeting them for their personal information. The advisory advised that persons who receive an e-mail requesting them to validate their account information should delete it immediately. This phishing e-mail is the result of the hack involving personal data stolen from the OPM. There has been no indication that USAJobs site has been compromised because of the hack. Click the link below to read more.

http://www.nextgov.com/cybersecurity/2015/07/dont-fall-usajobs-phishing-scam/118350/

Ashley Madison Site Hacked: Phishing Inbound

Earlier this week, the popular extra-marital affair website, Ashley Madison was hacked by an unknown hacking group calling themselves The Impact Team. The group claims to have obtained user databases containing the financial records and personal information of all persons who have signed up on the website. The hackers have also demanded that the website be taken offline or they will release all of the customers' information, which includes their sexual fantasies. The parent company has asked their users to immediately change their passwords and it is expected that phishing attacks against their customers will increase as a result of this data breach. Click the link below to read more.

http://www.theregister.co.uk/2015/07/20/ashley_madison_hacked/