The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to BitPay, Amazon and a cat made out of metal.
Last year in December 2014, BitPay lost over one million dollars worth of bitcoins (approx. 5000 BTC) in an undisclosed theft. In an effort to recover some of the money lost in the theft, BitPay filed a lawsuit against the insurer and disclosed via court documents the details of the attack that lead to the theft. According to documents the CFO of BitPay received an e-mail from someone posing as an employee of a digital currency publication. However, the sender's e-mail account had been compromised and the hacker sent a phishing e-mail with a malicious link. This link directed the CFO to a fake website that was used to steal the credentials to his corporate e-mail account. The hacker then used the CFO's email account to fraudulently transfer the bitcoins. Click here the link below to read more.
Earlier this week, Amazon UK customers were the target of a phishing scam. Security researchers from Malwarebytes obtained the phishing e-mail, which purported to come from Amazon's customer service. The phishing e-mails stated that a small number of accounts with the online retailer were breached last month and requested that the victim complete a verification process or have their account restricted. The malicious link contained in the e-mail forwarded the victim to a fake Amazon UK site that was used to steal the victim's login credentials, name, address and credit card information. Click here the link below to read more.
Security researchers at Trend Micro recently discovered an attack campaign from a China-based hacker group that targeted hi-tech US government contractors. The campaign called Iron Tiger focused on spying on these companies for the purpose of stealing intellectual property and financial-related content. This phishing campaign involved spear phishing e-mails aimed at executives, government officials, engineers and PR officers, of which contained subject matters deigned to pique the interest of the victim. These e-mails also included malicious attachments and links, which would assist the hackers in infecting the computers of their victims. Security researchers stated that this campaign has been able to steal almost terabytes of information including credentials, strategic planning documents and financial budgets. Click here the link below to read more.