Weekly Top 3 - ED #12.2015

By Jon Phish, Sat 21 March 2015, in category News

anthem, FREAK, ios, medical, premera, weekly

The Weekly Top 3 are the three most relevant news for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to Premera, a FREAK and a children's hospital.

Over 11M Premera customer's information compromised

Another insurance company has issued a statement to their customers. Premera had reported that there was a breach in their IT systems and cyber criminals have likely taken the personal information of their customers and employees. The information included name, address, Social Security numbers, plan numbers and e-mail addresses. The company has offered their customers free credit monitoring and identity theft protection for two years. However, the company is requesting all their customers to be aware of any suspicious e-mails requesting personal information. Click the link below to read more.


FREAK leaves Android and iOS phones open to attack

Superfish has now been overshadowed by FREAK; the HTTPS-crippling vulnerability that attacks browsers. Its purpose was to allow cyber criminals to decrypt passwords and view sensitive transaction details, like credit card numbers. Most browsers have been updated and patched against this vulnerability, but Android and iOS phones are still vulnerable. Security researchers from FireEye have revealed that these App stores contain several apps that could be exploited. This would allow a cyber criminal the opportunity to pose as an official website or service for the purpose of stealing a user's login credentials. Click the link below to read more.


Phishing scam leads to potential Personal Health Information exposure

The Children's National Hospital gave a statement indicating that cyber criminals had gained access to personal health information (PHI) via phishing scam. They stated that a successful phishing scam targeting employees of the hospital allowed unauthorized access to their systems and revealed names, addresses, e-mail addresses, diagnosis and other medical treatments. The company has taken measures to ensure that employees report suspicious e-mails. They are also warning their patients of potential phishing campaigns that may be a result of this exposure. Click the link below to read more.