The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to DHL, World Bank and the terrorist attacks in Paris.
The holiday season is upon us and online shoppers are on the prowl for deals. As a result, they are also expecting many packages and scammers are on the prowl for these online shoppers as well. This is the reason why the latest phishing scam reported by Comodo is targeting users of the DHL shipping service. The phishing e-mails appear to come from DHL Worldwide with the subject 'DHL Shipping Delivery Tracking Number'. The e-mail asked the recipients to click on a link in the e-mail to obtain their tracking number for a delivery that they were supposed to receive. However, the link forwarded the recipient to a fake DHL website that was used to steal their DHL ID and password. Click the link below to read more.
Earlier this week, hackers were able to gain access to a website operated by the World Bank Group and installed a convincing Paypal phishing site. The phishing site page looked and felt like an official Paypal login page. However, when the user entered their login credentials, hackers would steal these credentials. The other interesting development from this scam, was that the hackers were able to benefit from the official Extended Validation SSL certificate for the website. This gave the phishing webpage a certain level of validity because any visitor to the phishing page would have seen the padlock icon in the browser's address bar indicating that the content can be trusted. Click the link below to read more.
With the terrorist attacks in Paris, fresh in everyone's mind and the holiday season fast approaching, people are very likely to give money towards relief funds and charities setup to assist victims. However, scammers are also using this opportunity to target charity givers with phishing scams. Some of these scams involve using known or trusted companies in phishing e-mails to trick their recipients into giving up their personal and financial information. Click the link below to read more.