The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to APEGA, Facebook and the exploitation of innocent apps on the iCloud.
The Assoication of Professional Engineers and Geoscientists of Alberta (APEGA) announced earlier this week that they were the victims of a data breach. A database containing the information of approximately 75,000 members of their association was compromised by a phishing incident. No further details were given as to how the incident occurred, but the association has stated that no passwords and financial information were leaked. The association had sent an advisory to its members cautioning them to not to respond to any phishing e-mails requesting personal and financial information. Click the link below to read more.
A proposed feature was announced by Facebook's CEO during an interview last week. The feature was a "Dislike" button, which has been discussed among users of Facebook for some time. During the interview, Mark Zuckerberg confirmed that their would be a public launch of this feature very soon. However, this hype had given scammers the opportunity to exploit anxious Facebook users who were awaiting this new feature. The phishing scam involved a link share via Facebook post that was titled 'Get newly introduced Facebook dislike button on your profile'. When the victim clicked on the link, they were forwarded to a malicious website that prompted them to complete a phishing survey. Upon completion of the survey, scammers obtained the personal and financial information of the victim. Click the link below to read more.
https://thestack.com/security/2015/09/21/facebook-dislike-hype-exploited-in-phishing-campaign/
Apple users were once again threatened by hackers who were able to infect legitimate apps on Apple's App Store. Over 39 iOS apps have been identified as being compiled using a malicious version of Xcode app framework that cyber criminals released on file-sharing forums. This malicious Xcode framework allowed hackers to launch phishing attacks on unsuspecting users for the purpose of obtaining iCloud credentials. The phishing attack involved unsuspecting dialogue prompts, which tricked the victims into reentering their iCloud credentials. Other reports also showed that this malicious framework was also used to eavesdrop on iOS devices and record users activities. Click the link below to read more.
APHC