The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to PageFair, online gaming and hijacked scientific journals.
Earlier this week, PageFair disclosed that their systems were breached by hackers who used their service to distribute malware. The popular analytics service stated that they were a victim of a spear phishing attack that gave hackers access to a key e-mail account. This e-mail account was used to reset the password on PageFair's Content Delivery Network (CDN) system, which contained the JavaScript code used to deliver PageFair's service to their customers. The hackers replaced the code with their own malicious version, which was used to trick users, who accessed websites using PageFair analytics, into downloading malware that appeared to be an Adobe Flash update. Click the link below to read more.
A new public advisory has been issued by the Federal Trade Commission (FTC) warning online gamers to be aware of phishing scams targeting them. The FTC stated that the online gaming micro-transaction market has been successful and scammers are seeing this success as an opportunity to benefit. The FTC stated that these scams would come in the form of a phishing e-mail appearing to be a notification from a popular online gaming service. However, this e-mail would accuse the gamer of some sort of wrongdoing, such as unlawful trades of gaming assets, and threaten them with legal action. The e-mail would then instruct them to click on a malicious link, which would forward the gamer to a fake website used to steal their online gaming login credentials or even financial information. Click the link below to read more.
http://www.spamfighter.com/News-19923-FTC-Warns-Gamers-of-Online-Phishing-Scams.htm
A new type of scam has recently emerged and it concerns scientific journals. Researchers in Poland and Iran had stated that hijacked scientific journals were having an effect on science, its progress and its authors. The scam starts with fraudsters stealing the names and numbers of reputable and lesser known journals. They used this information to create a phishing e-mail to send an author. This e-mail proposed an opportunity for the author to publish his/her article in the hijacked journal. If the author accepted the proposal, the fraudster charged the author a standard publication charge. Once the author paid, the fraudster took the money and never published the author's work. Click the link below to read more.
http://phys.org/news/2015-11-scientists-defrauded-hijacked-journals.html
APHC