Hacker group “ Charming Kitten ” used false identities to ferret out information , says Israel-based cybersecurity firm ClearSky An Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers , human rights activists , media outlets and political advisors focusing on Iran , according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security . The group has also set up Attack.Phishing a news outlet called The British News Agency to lure Attack.Phishing targets in . Most of the group 's targets are in Iran , the U.S. , Israel and the U.K. , the report said , but some come from countries including France , Germany , Switzerland , Denmark , India , Turkey and the United Arab Emirates . The report detailed the various methods used to gain access Attack.Databreach to computers and private social accounts . Those include false identities , the impersonation Attack.Phishing of real companies , the insertion of malicious code into a breached website , also known as `` watering hole attacks , '' and spear phishing Attack.Phishing , the process of pretending to be Attack.Phishing service providers like Gmail or Facebook to trick Attack.Phishing people into giving out personal information . A significant mainstay of the group 's activity was the establishment of a media outlet called The British News Agency . Much effort went into creating Attack.Phishing a seemingly legitimate website , including details about the agency and a contact list of the management team . The purpose of the site was to attract Attack.Phishing the targets and infect them with malware . According to the report , multiple Israeli researchers of Iran and the Middle East were sent Attack.Phishing emails and Twitter direct messages from accounts registered with seemingly Jewish Israeli names . Messages coming from Attack.Phishing one such account were presented as if coming from Attack.Phishing a journalist and political researcher at KNBC News . Other messages were presented as if coming from Attack.Phishing an Israeli political researcher raised in California who needed help with an article and also wanted to apply for a position at an Israeli university . Another message was described as coming from Attack.Phishing a Jewish girl living in Iran . These messages often linked to phishing pages . ClearSky can not estimate how many accounts were successfully infiltrated , but the success rate for such attacks is usually around 10 % , said Mr. Dolev .

If you sell items online , beware scammers who are hacking into websites and taking over real users ' accounts . Casundra Venable told FOX59 she has sold on eBay for five years with no problems , but recently she fell victim to a scam . Venable was selling a Samsung phone with accessories on the website . Her sale closed , she received a $ 227 payment , and then a message that she thought was from the buyer . `` Thanks so much for ( an ) interesting auction . It was hard to choose the present for my friend . I think my friend will love this , '' Venable said , reading the message . The writer sent her supposed friend 's address , and Venable sent the package to that address . A few days later , she received a message from eBay saying the buyer had not received the package . It was then that she realized the message had been a fake . `` I thought , you know , 'How stupid ( was I ) for doing it ? '' Venable said . Venable said she was on the lookout for scams , but only those that come from people outside the eBay website . She assumed that because the message came through a real account , it was legitimate . It turns out , the scammer hacked into a real user 's account and used it to find a closing sale , then pretended to be Attack.Phishing the buyer . `` If they ask you to send it somewhere besides their registered address , say no , '' Venable said . FOX59 spoke with the Better Business Bureau 's Tim Maniscalo , who said that while he had not heard of this specific type of eBay scam , it did n't surprise him . `` Well over 50 percent of the scams ( we see ) now are perpetrated in some way , shape , or form through the internet , '' Maniscalo said . Venable tried to get her package back , but she could not get it from the warehouse in Brooklyn , New York where it ended up . `` ( A man on the phone ) said it ’ s off to the country of Georgia , '' Venable said . An eBay spokesperson confirmed this scam to FOX59 , saying a hacker was involved . The company also sent an alert to Venable , but it was too late . The spokesperson sent this statement : `` This incident was a scam and was the result of an unauthorized takeover of another user ’ s account . Unfortunately , scam artists will gain access Attack.Databreach to eBay member accounts through phishing emails in order to defraud other members . Criminals often exploit well-known , trusted brand names like eBay to attract Attack.Phishing consumers and then lure Attack.Phishing them into fraudulent transactions . We always encourage all our shoppers to be cautious and vigilant when executing a transaction on eBay . Members can prevent account takeovers from occurring by having frequent virus and spyware scans done on their account , regularly updating their passwords , and confirming a message was sent by eBay by checking their “ My Messages ” within their eBay account . ''

A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaign Attack.Phishing designed to trick Attack.Phishing victims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuade Attack.Phishing the victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacks Attack.Phishing involves attackers sending Attack.Phishing status updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacks Attack.Phishing to look authentic and crucially , from someone the target might trust . In one example of this attack Attack.Phishing , the target receives Attack.Phishing an email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to be Attack.Phishing someone the recipient knows . Mimicking Attack.Phishing someone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to contain Attack.Phishing information from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouraged Attack.Phishing to click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attract Attack.Phishing victims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .