The Weekly Top 3 are the three most relevant news stories for the week that are related to phishing scams and activities reported in the media, security blogs and security magazines on the Internet. This week, we look at phishing activities related to Facebook, Wick Hill and ICA.
Security researchers at NetCraft have recently discovered another Facebook phishing scam. According to the researchers, the scammers were using Facebook's own Transport Layer Security (TLS) certificates to create fake Facebook Verification pages. The phishing scam involved sending a message to Facebook user requesting their credentials for security reasons. Once the victim clicked the link in the message, they were forwarded to the fake Facebook Verification page. Once the victim entered their credentials, they received an e-mail stating that their credentials were being verified and they must wait for a response. In the meanwhile, the scammers would sell the stolen credentials or use them for their other scamming activities. Click the link below to read more.
The popular distribution company, Wick Hill sent a warning to their employees about a phishing scam involving a court summons. This phishing scam was detected by an employee, who received an e-mail from an unknown party stating they must give evidence involving the company. The e-mail also contained an attachment that the sender claimed contained a list of documents to bring to the trial. The employee who received the e-mail was able to determine that the e-mail was a phishing e-mail and the company was able to warn the other employees of the scam. Click the link below to read more.
The Immigration and Checkpoints Authority (ICA) of Singapore recently warned the public of a phishing scam involving a fake ICA website. The phishing scam involved sending unsuspecting visa applicants to this fake ICA website using phishing e-mails. Once the applicants were sent to the fake website, they were requested to enter their visa application numbers and/or passport numbers, which were stolen by the scammer through the website's form. Click the link below to read more.