Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attempts Attack.Phishing between July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacks Attack.Phishing are currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaign Attack.Phishing does not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sent Attack.Phishing during the phishing attempts Attack.Phishing . Attackers did n't deliver malware but lured Attack.Phishing victims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims received Attack.Phishing emails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims received Attack.Phishing another email made to look like Attack.Phishing it was coming from Attack.Phishing the same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimed Attack.Phishing at work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leading Attack.Phishing victims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishes Attack.Phishing were not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trick Attack.Phishing users into giving away LinkedIn creds . ⬭ Emails disguised to look like Attack.Phishing they were coming from Attack.Phishing family members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted on Attack.Phishing the target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked like Attack.Phishing a friend was sharing Attack.Phishing interesting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered back Attack.Phishing with a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtain Attack.Databreach their password .

People are still falling for fake sites pretending to be Attack.Phishing Facebook , research from Kaspersky Labs suggests . In 2018 thus far , the Russian security company blocked “ 3.7 million attempts to visit fraudulent social network pages ” . Notably , 58.7 % of these attacks were attempting to direct users to fake FB pages . That ’ s a pretty substantial slice of the pie , considering that VKontakte — Russia ’ s version of Facebook — was responsible for 20.8 % , and LinkedIn 12.9 % . “ At the beginning of the year , Facebook was the most popular social networking brand for fraudsters to abuse , and Facebook pages were frequently faked Attack.Phishing by cybercriminals to try and steal Attack.Databreach personal data via phishing attacks , ” the company states in a press release . The main targets for these attacks include “ global internet portals and the financial sector , including banks , payment services and online stores , ” Kaspersky adds . The firm also suggests that this is nothing new . “ Last year Facebook was one of the top three most exploited company names . The schemes are numerous , but fairly standard : the user is asked to ‘ verify ’ an account or lured Attack.Phishing into signing into a phishing site on the promise of interesting content , ” it reveals . The company also noted that South America suffered the most phishing attacks Attack.Phishing in 2018 thus far . “ Brazil was the country with the largest share of users attacked Attack.Phishing by phishers in the first quarter of 2018 ( 19 % ) , ” it revealed . It was followed by Argentina , Venezuela , and Albania — all at 13 % .

A Ukrainian cybercrime operation has made an estimated $ 50 million by using Google AdWords to lure Attack.Phishing users on Bitcoin phishing sites . The operation has been temporarily disrupted this month when Ukrainian cyber police shut down servers hosting some of the phishing sites , acting on information they received from Cisco 's Talos security division . No arrests were made , and it 's very likely that the group will make a comeback in the future . The group —which Cisco tracked internally under the codename of Coinhoarder— has been operating for years , but appears to have used the same scheme since February 2017 , possibly earlier . Crooks purchase so-called typosquatted domains that imitate Attack.Phishing the real Blockchain.info Bitcoin wallet management service . Coinhoarder operators then set up Attack.Phishing phishing pages on these domains that log users credentials , which they later use to steal funds from users ' accounts . According to Cisco , instead of using malvertising or spam campaigns , crooks buy legitimate ads via the Google AdWords platform and place links Attack.Phishing to their phishing sites at the top of Bitcoin-related Google search results . This trick is not only simple to execute but very effective . Cisco reported that based on DNS query data , ads for one domain roped in over 200,000 users . It is believed the group lured Attack.Phishing tens of millions of users to its phishing sites . It is unclear how many users tried to log in on the fake sites , but after tracking down various thefts reported on social media and involving some of the Coinhoarder groups typosquatted domains , Cisco says the group made around $ 50 million worth of Bitcoin in the past three years . For example , in one campaign that took place from September 2017 to December 2017 , the group made around $ 10 million , while in another campaign that lasted 3.5 weeks , the group made another $ 2 million . Researchers also point out that crooks used geo-targeting filters for their ads , targeting mostly Bitcoin owners in Africa . `` This threat actor appears to be Attack.Phishing standing up phishing pages to target potential victims African countries and other developing nations where banking can be more difficult , and local currencies much more unstable compared to the digital asset , '' researchers said in a report published yesterday . `` Additionally , attackers have taken notice that targeting users in countries whose first language is not English make for potentially easier targets . '' Cisco says it tracked down the phishing sites hosted on the servers of a bulletproof hosting provider located in Ukraine —Highload Systems . This is where Ukraine 's cyber police department intervened and took down servers . According to Cisco , the Coinhoarder group is by far the largest phishing operation Attack.Phishing that has targeted Blockchain.info , the biggest Bitcoin wallet service online . Bleeping Computer , too , has spotted increases in phishing campaigns Attack.Phishing targeting Blockchain.info in December 2016 and December 2017 . Among the new tricks detected by Cisco since our previous reports , crooks have started using Let 's Encrypt certificates to make their phishing sites load via HTTPS , and have also incorporated homograph attacks .

Banks in Russia today were the target of a massive phishing campaign Attack.Phishing that aimed to deliver a tool used by the Silence group of hackers . The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector . The fraudulent emails purported to come Attack.Phishing from the Central Bank of Russia ( CBR ) and contained a malicious attachment . The message body lured Attack.Phishing the recipients to open the attachment in order to check the latest details on the `` standardization of the format of CBR 's electronic communications . '' Email authentication mechanism saves the day International cybersecurity company Group-IB investigated the attack and noticed that the style and format of the fake communication were very similar to the official CBR correspondence . This supports the theory that the attackers had access Attack.Databreach to legitimate emails from CBR . If Silence hackers have any ties with the legal side of reverse engineering and penetration testing , it is very likely that they are familiar with the documentation used by financial institutions and with how banking systems work . In a report published today , Group-IB says that the attackers spoofed Attack.Phishing the sender 's email address but the messages did not pass the DKIM ( DomainKeys Identified Mail ) validation . DKIM is a solution specifically designed to prevent forged email addresses by adding to the message a signature that confirms its authenticity . Banks see more spear-phishing Attack.Phishing from a different group The Silence hackers are not the only ones trying their spear-phishing Attack.Phishing game on Russian banks . On October 23 , another notorious group , MoneyTaker , ran a similar campaign against the same type of targets . Their message spoofed Attack.Phishing an email address from the Financial Sector Computer Emergency Response Team ( FinCERT ) and contained five attachments disguised as Attack.Phishing documents from CBR . `` Three out of five files were empty decoy documents , but two contained a download for the Meterpreter Stager . To carry out the attack , hackers used self-signed SSL certificates , '' says Rustam Mirkasymov , Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert . These clues , along with server infrastructure associated with the MoneyTaker group , allowed the security experts to identify the perpetrator . As in the case of Silence , this attacker is also thought to have had access Attack.Databreach to CBR documents , most likely from compromised inboxes of Russian banks employees . This allowed them to craft Attack.Phishing messages that would pass even eyes trained in spotting fraudulent emails . Silence and MoneyTaker are the most dangerous threats to banks According to Group-IB , multiple groups use the Central Bank of Russia in spear-phishing Attack.Phishing operations , and for good reason , since the organization dictates regulations to financial institutions in the country and maintains a constant communication flow with them . Mirkasymov says that Silence and MoneyTaker are the most dangerous of all groups that threaten financial organizations . Referring to the latter , the expert says that its repertoire also includes drive-by attacks and testing the network for vulnerabilities . The goal is to access the internal nodes that enable them to withdraw money from ATMs , process cards or interbank transfers . Although Silence uses mainly phishing Attack.Phishing , they are more careful about crafting Attack.Phishing the message , paying attention to both content and design , adds Group-IB 's threat intelligence expert .