The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams reported in the media, security blogs and security magazines on the internet. This week, we look at phishing scams related to NatWest, St. Vincent Medical and compensation from the Middle East.
A new phishing campaign was recently launched by hackers with the purpose of stealing the login credentials of NatWest Bank customers. Security experts stated that the phishing e-mail asserted to the customer that the bank was processing an incoming payment. It continued to state that the payment was being delayed because of unforseen circumstances related the customer's account details. The e-mail contained a malicious link to a webpage that required the victim to fill up numerous forms, which included name, card number, card verification value and card expiry date. Click the link below to read more.
Another medical institution has been compromised because of a phishing e-mail. The St. Vincent medical group issued a statement recently that Personal Healthcare Information (PHI) was compromised after an employee became a victim of a phishing e-mail. As a result, the employee's username and password were compromised. The information included patient names, demographic information, Social Security Numbers and limited information as to the services received at the institution's clinics. The Group has provided free identity theft monitoring and protection services, but will be training their employees on how to avoid phishing scams. Click the link below to read more.
http://healthitsecurity.com/2015/04/23/phi-compromised-in-email-phishing-scam/
Overseas workers in Abu Dhabi were warned of a new phishing scam, which was aimed at stealing money. The scam was circulated around professional social media websites that these overseas workers used regularly. Phishing messages were sent to these workers with the subject, "Middle East Compensation Package". The message asserted that a bank was holding money on their behalf and would only release the funds upon them contacting the bank. A contact number and e-mail address were given in the message. Once contacted, the scammer would trick the victim into paying an undisclosed sum of money for the release of the "compensation". Click the link below to read more.