The Weekly Top 3 - ED #32.2015

By Jon Phish, Fri 07 August 2015, in category News

microsoft, phishing, social engineering, vishing, weekly

The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Windows 10, the Pentagon and Vishing.

Windows 10 Phishing Scam Targets Early Users

The release of Windows 10 is big news for Microsoft. It is also great news for scammers and hackers, who have used the opportunity to start phishing campaign. One such of these phishing campaigns involved e-mails disguised as a free Windows 10 upgrade e-mails. These e-mails contained a fake disclaimer message stating that the e-mail originated from Microsoft. The e-mail also contained an additional note claiming that the e-mail's attachment was scanned by anti-virus software and was cleared as being safe. However, if the victim opened the file attachment, their computer would be infected by ransomware that encrypts their personal files. The victim would have to pay the hacker within a certain time period to decrypt the files. If the victim did not pay, the files were left encrypted. Click the link below to read more.

http://www.scmagazine.com/cisco-details-new-phony-microsoft-emails/article/430418/

Russia Hacks The Pentagon's Joint Chiefs Of Staff

Late this week, news broke that the Joint Chiefs of Staff had to shut down their e-mail systems for eleven days because they detected an intrusion into their systems in late July. News sources stated that the Pentagon believes that Russian hackers were responsible for the attack and they also believe that the attack may have been a Russian government funded operation. Reports on the incident continue to highlight that hackers were able infect computers via phishing e-mails and social media accounts were used to coordinate the hack. No other details were released, but it has been noted that phishing was used to by the hackers to exploit the unclassified network. Click the link below to read more.

http://www.dailymail.co.uk/news/article-3187344/Russia-hacked-Joint-Chiefs-Staff-shut-email-4-000-defence-department-employees-ELEVEN-DAYS.html

Scammers Con Thousands Using Vishing

A new social engineering scam has surfaced, robbing victims over thousands of euros over the telephone. Adequately named "vishing", this scam uses social engineering techniques over the phone to trick the victim's into transferring monies to the scammers, but with a catch. The scam begins with a person posing as a security manager at a high-end retail store claiming that someone was using the victim's card in the shop. The scammer then asks the victim to provide financial details. If the victim refuses to give the details, the fake security manager advises the victim to call the bank. However, unknown to the victim, the phone line does not disconnect after the call has ended because the scammers were using an exploit in the telephone system to keep the line alive after the victim hangs up. When the victim calls the bank, they automatically reconnect to the scammers, who now act as the banker and convinces them to move their money into another account. Click the link below to read more.

http://www.irishmirror.ie/news/irish-news/scammers-conning-thousands-euro-out-6207318