two of the world 's biggest companies was arrested on fraud charges GOOGLE and Facebook have admitted they were conned outAttack.Phishingof an alleged $ 100million ( £77million ) in a phishing scamAttack.Phishing. The two world 's biggest companies fell victim after a Lithuanian man allegedly trickedAttack.Phishingemployees into wiring over the money to bank accounts that he controlled , Fortune reported on Thursday . Evaldas Rimasauskas , 48 , is accused of posing asAttack.Phishingan Asia-based manufacturer and deceivedAttack.Phishingthe internet giants from around 2013 until 2015 . He was arrested earlier this month in Lithuania at the request of US authorities The conman is said to have forgedAttack.Phishingemail addresses , invoices and corporate stamps to impersonateAttack.PhishingQuanta and trickAttack.Phishingthem into paying for computer supplies . Rimasauskas , who is awaiting extradition proceedings , has denied the allegations . The US Department of Justice ( DOJ ) said last month : `` Fraudulent phishing emails were sentAttack.Phishingto employees and agents of the victim companies , which regularly conducted multi-million-dollar transactions with [ the Asian ] company . '' Both Facebook and Google have confirmed the fraud and said that they had been able to recoup funds . But they did n't reveal how much money it had transferred and recouped . A Google spokeswoman said : `` We detected this fraud against our vendor management team and promptly alerted the authorities . '' `` We recouped the funds and we ’ re pleased this matter is resolved . '' A spokeswoman for Facebook added : `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation . '' Security experts said the recent cyber attack highlighted how sophisticated phishing scamsAttack.Phishingare being used to foolAttack.Phishingeven two of the biggest tech companies .
The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attackAttack.Phishing, in which someone pretending to beAttack.Phishinga bank sendsAttack.Phishingan email or text message , hoping to trickAttack.Phishingyou into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attackAttack.Phishing, in which scammers impersonateAttack.Phishinga client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several luresAttack.Phishing; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonatedAttack.Phishingas part of this attempt . The successful trickAttack.Phishingled to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paidAttack.Ransom$ 20,000 in what ’ s known as a ransomware attackAttack.Ransom, in which cyberattackers manage to lock or encrypt network data until the victim pays upAttack.Ransom. While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacksAttack.Phishing. With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attackAttack.Phishing, the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .
Prize scams are as old as the hills , but people keep falling for them — sending the fraudsters hundreds , sometimes thousands of dollars to claim their cash , luxury cars or other non-existent prizes . Sweepstakes , lottery and prize scams “ are among the most serious and pervasive frauds operating today , ” according to a new report from the Better Business Bureau . And along with phone calls , letters and email , the crooks are now using text messages , pop-ups and phony Facebook messages to lureAttack.Phishingtheir victims . In fact , social media is now involved in a third of the sweepstakes fraud complaints received by the FBI ’ s Internet Crime Complaint Center ( IC3 ) . “ Scammers are like viruses . They mutate and adapt and find things that work , ” said Steve Baker , former director of the Federal Trade Commission ’ s Midwest region and author of the BBB report . “ The crooks have discovered social media big time and since social media is free to use , they can easily do a whole lot of damage from other countries. ” The BBB study found that : Nearly 500,000 people reported a sweepstakes , lottery or other prize scam to law enforcement agencies in the U.S. and Canada in the last three years . Monetary losses totaled $ 117 million last year . Facebook Messenger Lottery Fraud Scammers are creatingAttack.Phishingbogus websites that look likeAttack.Phishinga legitimate lottery or sweepstakes site . Or they are reaching out to potential victims who don ’ t properly set their privacy settings on social media platforms such as Facebook . The BBB report says Facebook Messenger , the private messaging app , is a favorite way for fraudsters to find victims . They can use Messenger — with or without a Facebook profile — and contact people who are not Facebook friends . In many cases , the bogus message appears to beAttack.Phishingfrom Publishers Clearing House ( PCH ) congratulating you on winning a big prize . To claim that prize , it says , you need to send them money . “ That ’ s a red flag warning , ” said Chris Irving , a PCH assistant vice president . “ If anybody asks you to send money to collect a prize , you know it 's a scam and it 's not from the real Publishers Clearing House . At Publishers Clearing House or any legitimate sweepstakes , the winning is always free — no purchase , no payment , no taxes or customs to pay. ” The crooks also impersonateAttack.PhishingFacebook founder Mark Zuckerberg in some of their phony Messenger messages . “ They postAttack.Phishinga fake profile of Zuckerberg on Facebook , ” Baker said . “ Then they sendAttack.Phishingyou a message through the Facebook messenger system saying : ‘ Hi this is Mark Zuckerberg . I 'm delighted to be able to tell you that you have won the Facebook Lottery and here is the person you need to contact to get the money . ’ ” Take the baitAttack.Phishingand click the link , and you ’ ll be told to send money to claim your winnings . Of course , there is no Facebook Lottery and Zuckerberg is not sending prize notices to anyone . In a recent story on social media scams , the New York Times reported it found 208 accounts that impersonated Zuckerberg or Facebook COO Sheryl Sandberg on Facebook and Instagram . At least 51 of the impostor accounts , including 43 on Instagram , were lottery scams . ( In 2012 , Facebook purchased Instagram for $ 1 billion . ) Facebook says it ’ s working to stop the scammers who use its platform to trickAttack.Phishingpeople out of their money . In March , the company announced it was using new machine learning techniques that helped it detect more than a half-million accounts related to fraudulent activity . “ These ploys are not allowed on Facebook and we 're constantly working to better defend against them , ” said Product Manager Scott Dickens . “ While we block millions of fake accounts at registration every day , we still need to focus on the would-be scammers who manage to create accounts . Our new machine learning models are trained on previously confirmed scams to help detect new ones. ” The company has also posted a warning on how to avoid Facebook scams . The BBB report calls on Facebook and other social media platforms to make “ additional efforts ” to prevent fake profiles and to make it easier for users to contact them about fraud .
There ’ s a new LinkedIn scamAttack.Phishingdoing the rounds , involving phishing emails and a fake website designedAttack.Phishingto harvest the information you have in your CV . In the first stage of the scam , you receiveAttack.Phishinga phishing email disguised asAttack.Phishinga LinkedIn email . Here are just a few of the giveaways that this is a phishing email : Clicking either of the two links in the spam email will send you to https : //linkedinjobs ( dot ) jimdo ( dot ) com . We scanned the link with VirusTotal , and most of the security solutions found it to be clean , with the exception of a less well known scanner , AutoShun . Clicking on the website itself will take you to a simple page , where the main focus falls on a form for uploading your CV . Your CV contains a wealth of personal data which a cybercriminal uses to make a profit at your expense . Phone numbers can be sold for companies doing promotional cold calling . Or , the cybercriminal might call you himself in a vishing attackAttack.Phishing. Sometimes however , the attacker targets a company you worked at ( or a future company you want to work for ) . Using the information found within your CV , the attacker might impersonateAttack.Phishingyou in order to launch spear phishing emails against people in those companies , such as the CEO or the accounting department , in order to illegally obtain funds or money transfers . In 2016 for instance , the CEO of an Austrian airplane component manufacturer was fired after he got trickedAttack.Phishingby a spear phishing attackAttack.Phishingthat led him to transfer around 40 million euros to the scammer ’ s account . This isn ’ t the first time LinkedIn has been used a cover for a phishing campaignAttack.Phishing. Another similar situation was encountered in 2016 , which we also covered . It ’ s difficult ( if not impossible ) for companies alone to prevent these scams from taking place . In these cases , users too should contribute to keeping the Internet safe . In cases involving LinkedIn , the best course of action is to report these to the company : LinkedIn itself also offers a thorough set of tips and advice on how to recognize various scams over the network , such as inheritance or dating scams . When you ’ re actively searching for a job , being offered one in such a compelling tone might seem appealing . Because you expect to receive such messages ( indeed , you welcome them ) you ’ re tempted to let your guard down , and that ’ s exactly when a scammer strikes .
Google has stopped Wednesday ’ s clever email phishing schemeAttack.Phishing, but the attack may very well make a comeback . One security researcher has already managed to replicate it , even as Google is trying to protect users from such attacks . “ It looks exactly likeAttack.Phishingthe original spoofAttack.Phishing, ” said Matt Austin , director of security research at Contrast Security . The phishing schemeAttack.Phishing-- which may have circulatedAttack.Phishingto 1 million Gmail users -- is particularly effective because it fooledAttack.Phishingusers with a dummy app that looked likeAttack.PhishingGoogle Docs . Recipients who receivedAttack.Phishingthe email were invited to click a blue box that said “ Open in Docs. ” Those who did were brought to an actual Google account page that asks them to handover Gmail access to the dummy app . While foolingAttack.Phishingusers with spoofed emails is nothing new , Wednesday ’ s attack involved an actual third-party app made with real Google processes . The company ’ s developer platform can enable anyone to create web-based apps . In this case , the culprit chose to name the app “ Google Docs ” in an effort to trickAttack.Phishingusers . The search company has shut down the attack by removing the app . It ’ s also barred other developers from using “ Google ” in naming their third-party apps . More traditional phishing email schemesAttack.Phishingcan strike by trickingAttack.Phishingusers into giving up their login credentials . However , Wednesday ’ s attack takes a different approach and abuses what ’ s known as the OAuth protocol , a convenient way for internet accounts to link with third-party applications . Through OAuth , users don ’ t have to hand over any password information . They instead grant permission so that one third-party app can connect to their internet account , at say , Google , Facebook or Twitter . But like any technology , OAuth can be exploited . Back in 2011 , one developer even warned that the protocol could be used in a phishing attackAttack.Phishingwith apps that impersonateAttack.PhishingGoogle services . Nevertheless , OAuth has become a popular standard used across IT . CloudLock has found that over 276,000 apps use the protocol through services like Google , Facebook and Microsoft Office 365 . For instance , the dummy Google Docs app was registered to a developer at eugene.pupov @ gmail.com -- a red flag that the product wasn ’ t real . However , the dummy app still managed to foolAttack.Phishingusers because Google ’ s own account permission page never plainly listed the developer ’ s information , unless the user clicks the page to find out , Parecki said . “ I was surprised Google didn ’ t show much identifying information with these apps , ” he said . “ It ’ s a great example of what can go wrong. ” Rather than hide those details , all of it should be shown to users , Parecki said . Austin agreed , and said apps that ask for permission to Gmail should include a more blatant warning over what the user is handing over . “ I ’ m not on the OAuth hate bandwagon yet . I do see it as valuable , ” Austin said . “ But there are some risks with it. ” Fortunately , Google was able to quickly foil Wednesday ’ s attack , and is introducing “ anti-abuse systems ” to prevent it from happening again . Users who might have been affected can do a Google security checkup to review what apps are connected to their accounts . The company ’ s Gmail Android app is also introducing a new security feature to warn users about possible phishing attemptsAttack.Phishing. It 's temptingAttack.Phishingto install apps and assume they 're safe . But users and businesses need to be careful when linking accounts to third-party apps , which might be asking for more access than they need , Cloudlock 's Kaya said . `` Hackers have a headstart exploiting this attack , '' she said . `` All companies need to be thinking about this . ''
As one victim discovered this Christmas , figuring out how to clean such an infection can be quite difficult . Ransomware for Android phones has already been around for several years and security experts have warned in the past that it 's only a matter of time until such malicious programs start affecting smart TVs , especially since some of them also run Android . In November 2015 , a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat . While that infection was just a demonstration , this Christmas , the owner of an LG Electronics TV experienced the real deal . Kansas-based software developer Darren Cauthon reported on Twitter on Dec. 25 that a family member accidentally infected his Android-based TV with ransomware after downloading a movie-watching app . The picture shared by Cauthon showed the TV screen with an FBI-themed ransom message . On Android the majority of ransomware applications are so-called screen lockers . They work by displaying persistent messages on the phone 's screen and preventing users from performing any other actions on their devices . The messages usually impersonateAttack.Phishingsome law enforcement authority and askAttack.Ransomvictims to payAttack.Ransomfictitious fines to regain control . Cauthon , who was the previous owner of the three-year-old TV , tried to help the new owner restore the device to its default factory settings , but did n't succeed even after receiving many suggestions and advice from other Twitter users . According to the software developer , when he first contacted LG 's tech support , he was told that a technician would have to come over and take a look for a fee of around $ 340 . The ransom amount itself was $ 500 although even payingAttack.Ransomthat would have been difficult because there was no way to click on the payment section to find the instructions on how to do so . The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote . Eventually LG provided Cauthon with a solution that involved pressing and releasing two physical buttons on the TV in a particular order . This booted the TV , which runs the now defunct Android-based Google TV platform , into a recovery mode . The Android recovery mode allows wiping the data partition , which deletes all user settings , apps and data and is the equivalent of a factory reset . While this sounds straightforward , Cauthon 's experience suggests that many users would have difficulty figuring it out on their own and would probably be forced to pay for technical assistance . If recovering from smart TV ransomware infections can be hard , imagine what users would have to deal with if these programs start infecting other internet-of-things devices , as some security experts predict . In this case , the victim was lucky because the ransomware app was only a screen locker and not a program that encrypts files . Smart TVs have USB ports and allow connecting external hard disk drives in order to watch personal videos or photo collections -- the type of files that are valuable to users , especially if they 're not backed up
GreatHorn analyzed more than 56 million emails from 91,500 corporate mailboxes from March to November 2016 . The data found that display name spoofs are the clear phishing weapon of choice for cybercriminals . Attackers are increasingly relying on highly targeted , non-payload attacks that exploit trust and leverage pressure tactics to trickAttack.Phishingusers into taking action that will put their organizations at risk . Of the more than 537,000 phishing threatsAttack.PhishingGreatHorn detected in its research , 91 percent ( 490,557 ) contained characteristics of display name spoofs . Display name spoofs impersonateAttack.Phishinga person familiar to a business user in order to foolAttack.Phishingthe recipient into thinking that the message came fromAttack.Phishinga trusted source . It ’ s an extremely effective tactic against a workforce deluged with incoming communications all day , every day . Direct spoofs were the second most popular attack type ( 8 percent ) , and domain lookalikes made up less than 1 percent of phishing attacksAttack.Phishing. “ Stopping spear phishing attacksAttack.Phishingisn ’ t as simple as pushing a button ; the sheer volume of these attacks , coupled with the size of the attacks surface and security resource constraints , makes it impossible to mitigate risk solely via human intervention , no matter how much you try to train your end users , ” said GreatHorn CEO Kevin O ’ Brien
You may have heard of the CEO scam : that ’ s where spear-phishers impersonateAttack.Phishinga CEO to hit up a company for sensitive information . That ’ s what happened to Snapchat , when an email came inAttack.Phishingto its payroll department , masked asAttack.Phishingan email from CEO Evan Spiegel and asking for employee payroll information . Here ’ s a turn of that same type of screw : the Internal Revenue Service ( IRS ) last week sent out an urgent warning about a new tax season scam that wraps the CEO fraud in with a W-2 scam , then adds a dollop of wire fraud on top . A W-2 is a US federal tax form , issued by employers , that has a wealth of personal financial information , including taxpayer ID and how much an employee was paid in a year . This new and nasty dual-phishing scamAttack.Phishinghas moved beyond the corporate world to target nonprofits such as school districts , healthcare organizations , chain restaurants , temporary staffing agencies and tribal organizations . As with earlier CEO spoofing scamsAttack.Phishing, the crooks are doctoring emails to make the messages look likeAttack.Phishingthey ’ re coming fromAttack.Phishingan organization ’ s executive . SendingAttack.Phishingthe phishing messages to employees in payroll or human resources departments , the criminals request a list of all employees and their W-2 forms . The scam , sometimes referred to as business email compromise (BEC)Attack.Phishingor business email spoofing (BES)Attack.Phishing, first appeared last year . This year , it ’ s not only being sent to a broader set of intended victims ; it ’ s also being sent out earlier in the tax season than last year . In a new twist , this year ’ s spam scamwich also features a followup email from that “ executive ” , sent toAttack.Phishingpayroll or the comptroller , asking for a wire transfer to a certain account . Some companies have been swindled twice : they ’ ve lost both employees ’ W-2s and thousands of dollars sent out via the wire transfers .