The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Apple, Olympia School and "Lets Play a Game....."
Apple users are being targeted for their Apple ID credentials yet again. The new phishing scam involves messages being sent to the victims from AppleInc. The phishing message indicated that the victim's Apple ID was expiring and requested that they click a link in the message to prevent it. When the victim clicked on the link, they were forwarded to a fake website that imitated an Apple ID login page. Once they entered their login credentials into the fake website, the website would notify the victim that their Apple ID was "locked for security reasons". The webpage would then prompt the victim to give their personal and credit card information so that their account could be "verified". Click the link below to read more.
Another organization has fallen victim to a phishing attack. An employee with the Olympia School District in Washington fell victim to a phishing e-mail and released over 2,100 employees personal information to a scammer. The spear phishing e-mail was sent to the employee using a spoofed e-mail address of the District's Superintendent. The e-mail requested the personal information of all employees during 2015. As a result, the victim sent the information to the fake Superintendent. The affected employees have been informed by the District and were given free credit reports so as to avoid identity theft. Click the link below to read more.
Ransomware is becoming an increasing problem for computer users. A new ransomware called Jigsaw, was released earlier this week. It was named after the Saw horror films. Like other ransomware, it encrypts the victim's files using cryptography techniques and holds them ransom till the victim pays the hacker in bitcoins. However, this type of ransomware actually deletes the victim's files every hour that they delay payment. This malware was spread through malicious attachments in SPAM e-mails. Once opened the malware pretended to be the Mozilla Firefox web browser or Dropbox file storage client service, which it used to infect the computer and encrypt the victim's files. Click the link below to read more.