The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to CS:GO, Google Apps and a possible phishing campaign.
Phishing scams are targeting gamers through popular digital distribution platforms like Steam. However, they usually target gamers who are enthusiastic about certain multiplayer titles because of its social aspect. A fake website, with the URL csgoloungcs[dot]com, has recently appeared with the purpose of stealing Steam user login information and tricking the victim into downloading malware. This fake website mimics the official CS:GO lounge website. Click on the link below to read more.
Security researchers earlier this week were able to exploit a flaw (recently patched) in Google Apps that gave them the ability to trick Google's Mail server into sending phishing emails. These e-mails appear to come from a legitimate corporate [dot]COM domain, which allows them to slip through the SPAM filters. The attack allowed the researchers to temporarily claim domains and send e-mails containing malicious links. Click on the link below to read more.
http://www.theregister.co.uk/2015/03/10/whitelisted_phish_slip_through_google_apps/
Nearly 40,000 patient medical records stored on two hard drives were stolen from the Indiana State Medical Association (ISMA). These hard drives contained the ISMA group health and life insurance databases, which contained persons' names, contact information, e-mail addresses, social security numbers and personal medical history. It was unclear if the data stored on the drives were encrypted, but if they were not encrypted then it is likely that the thieves could sell the information to cyber criminals for use in phishing and spear phishing campaigns. It is likely that insured persons will have to be on the lookout for identity theft, spear phishing and insurance fraud. Click the link below to read more.
http://www.infosecurity-magazine.com/news/almost-40000-medical-records/
APHC