Facebook users have noticed and reported a new scam making rounds on the popular network . [ 1 ] This time , it is the same old Facebook Messenger virus that compromises user accounts and acts on behalf of the victim to distribute the malicious link further . The scam uses a basic social engineering technique that lures Attack.Phishing the potential target into clicking on the provided URL . In addition , the victim feels safe since the link comes from Attack.Phishing one of his Facebook friends . The message usually includes a short line that looks similar to “ its you ? [ name ] : |. ” The emoji at the end of the message differs , and the provided link is shortened ; therefore the user can not figure out where it leads . However , the shortcut indicates that the link leads to a mysterious video and triggers victim ’ s curiosity to check it out . Typical strategy : Install something to watch the video Cybersecurity experts are already familiar with the technique used to trick Attack.Phishing questioning users into installing the Facebook Message Video virus . As soon as the victim clicks the compromised link and enters the phishing website ( which apparently is designed to look like Attack.Phishing YouTube or another popular video sharing platform ) , a misleading pop-up appears Attack.Phishing , asking the victim to install an update or an application ( it could be a fake Adobe Flash Player or a plug-in ) . The file suggested to the user contains no software related to video streaming and simply carries the malicious payload that later compromises Attack.Databreach victim ’ s account and sends out Attack.Phishing the deceptive messages to all victim ’ s contacts . Speaking of fake Adobe Flash Players , we want to inform you that these are one of the most dangerous threats to your security . One of the latest cyber attacks Attack.Phishing was based on fake pop-ups appearing on compromised sites , urging Attack.Phishing people to install an updated Flash Player . Unfortunately , launching the install_flash_player.exe file only infected the computer with Bad Rabbit ransomware .

The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attack Attack.Phishing , in which someone pretending to be Attack.Phishing a bank sends Attack.Phishing an email or text message , hoping to trick Attack.Phishing you into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attack Attack.Phishing , in which scammers impersonate Attack.Phishing a client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several lures Attack.Phishing ; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonated Attack.Phishing as part of this attempt . The successful trick Attack.Phishing led to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paid Attack.Ransom $ 20,000 in what ’ s known as a ransomware attack Attack.Ransom , in which cyberattackers manage to lock or encrypt network data until the victim pays up Attack.Ransom . While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacks Attack.Phishing . With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attack Attack.Phishing , the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .

There ’ s a new scam on the block and over 200 people have already been hit . Here ’ s what you need to know about the TV Licence con . Action Fraud is warning that criminals are sending out Attack.Phishing emails pretending to be Attack.Phishing from TV Licensing . The watchdog says it has already received over 200 reports about the phishing scam Attack.Phishing . The email lures Attack.Phishing you in by saying you are owed a refund on your TV Licence payments . But , it ’ s a con and all the senders are really after is your bank details . What does the email say ? So far all the emails have been the same . They say : “ This is an official notification from TV Licensing ! “ We would like to notify you that , after the last annual calculation we have determined that you are eligible to receive a TV Licensing refund of 85.07 GBP . “ Due to invalid account details records , we were unable to credit your account . Please fill in the TV Licensing refund request and allow us 5-6 working days to the amount to be credited to your account. ” All this is untrue . If you receive this email the best thing to do is report it to Action Fraud and then delete it . Do not click on any links within the email . “ A small number of our customers have received Attack.Phishing scam email messages saying they are due a refund , ” a spokesperson for TV Licensing has said . “ A link directs Attack.Phishing customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details . “ If you receive a similar email message please delete it . If you have already clicked the link , do not enter or submit any information . TV Licensing never sends refund information by email and is investigating the source of the fraud. ” While these emails are a scam they carry an element of truth – you might be due a refund from TV Licensing . There are a number of ways you can avoid paying the full licence fee . If you are a student you are entitled to a £37 discount on the £147.50 colour TV licence . You can also apply for a refund if you ’ ve paid for a TV Licence beyond your 75th birthday . Anyone over the age of 75 is entitled to watch TV for free . TV Licences apply to households not individuals so if anyone if your household is a student , or over 75 then you all get the benefit of their discount . Similarly , if someone in your house is severely visually impaired they are entitled to a half-price TV licence . You can apply for a refund via the official TV Licensing Website .

Phishing Attack.Phishing is one of the most devious scams for filching your personal information , but experts say it is possible to avoid them if you know what you 're looking for . At its essence , phishing Attack.Phishing is the act of pretending to be Attack.Phishing someone or something you trust in order to trick Attack.Phishing you into entering sensitive data like your user name and password . The goal -- of course -- is to take your money . Some of the most common phishing scams Attack.Phishing are bogus emails purportedly from trustworthy institutions like the U.S.Internal Revenue Service or major banks . The more sophisticated scams are crafted to look very much like Attack.Phishing a legitimate message from a site you do business with . “ Many popular phishing scams Attack.Phishing purport to be Attack.Phishing from shipping companies , e-commerce companies , social networking websites , financial institutions , tax-preparation companies and some of the world ’ s most notable companies , ” said Norton by Symantec senior security response manager Satnam Narang via email . One of the worst cases on record was an aircraft parts CEO who was tricked Attack.Phishing into handing over more than $ 55 million – which shows that phishing scams Attack.Phishing can dupe Attack.Phishing even smart people . Fox News asked Symantec about the top phishing scams Attack.Phishing and how to avoid them . 1 . Your account has been or will be locked , disabled or suspended . `` Scare tactics are a common theme when it comes to phishing scams Attack.Phishing , '' said Narang . `` Claiming a users ’ account has been or will be locked or disabled is a call to action to the user to entice Attack.Phishing them to provide their login credentials . '' 2 . Irregular/fraudulent activity detected or your account requires a `` security '' update . `` Extending off of # 1 , scammers will also claim irregular or fraudulent activity has been detected on your account or that your account has been subjected to a compulsory 'security update ' and you need to login to enable this security update , '' Narang said . 3 . You ’ ve received a secure or important message . `` This type of phishing scam Attack.Phishing is often associated with financial institutions , but we have also seen some claiming to be Attack.Phishing from a popular e-commerce website , '' said Narang . `` Because financial institutions don ’ t send customer details in emails , the premise is that users will be more inclined to click on a link or open an attachment if it claims to be Attack.Phishing a secure or important message . '' 4 . Tax-themed phishing scams Attack.Phishing . `` Each year , tax-themed phishing scams Attack.Phishing crop up before tax-time in the U.S. and other countries , '' Narang added . `` These tax-related themes can vary from updating your filing information , your eligibility to receive a tax refund or warnings that you owe money . One thing that ’ s for sure is that the IRS doesn ’ t communicate via email or text message , they still send snail mail . '' 5 . Attachment-based phishing Attack.Phishing with a variety of themes . `` Another trend we have observed in recent years is that scammers are using the lures Attack.Phishing mentioned above , but instead of providing a link to an external website , they are attaching an HTML page and asking users to open this 'secure page ' that requests login credentials and financial information , '' according to Narang . Avast , which also develop antivirus software and internet security services , offered advice on what to look for . Ransomware , which encrypts data ( i.e. , makes it inaccessible to the user ) , tries to tap into the same fears that phishing Attack.Phishing does . The hope that the “ attacked person will panic , and pay the ransom Attack.Ransom , ” Jonathan Penn , Director of Strategy at Avast , told Fox News .

For all the sophisticated tactics , techniques , and procedures employed by threat actors these days , phishing Attack.Phishing continued to be the top attack vector in 2016 , as it has been for some time . The big difference was that instead of targeting financial services companies , phishers increasingly targeted cloud storage service providers like Google and DropBox , security vendor PhishLabs said in a voluminous report on phishing trends released this week . Compared to 2013 , when barely 10 % of phishing attacks Attack.Phishing targeted cloud storage services , about 22.5 % of phishing attacks Attack.Phishing last year involved such companies . That was just barely below the 23 % of phishing scams Attack.Phishing involving financial brands , the company noted . What that means is that users are likely going to get more phishing emails this year trying to get them to part with credentials to their cloud storage credentials . `` Over the last four years , the number of phishing attacks Attack.Phishing targeting cloud storage services has skyrocketed , '' says Crane Hassold , senior security threat researcher at PhishLabs . `` Based on recent trends , it is likely that phishing attacks Attack.Phishing targeting cloud storage services will overtake financial institutions as the top target for phishers in 2017 . '' So far at least , almost all phishing attacks Attack.Phishing impacting this industry have involved only Google and DropBox . Many of the phishing campaigns Attack.Phishing targeting cloud storage providers contain lures Attack.Phishing saying that a document or picture has been shared with the victim and encourage them to sign in to their account in order to view it . A majority of the phishing pages involved in such campaigns Attack.Phishing have really been poor duplicates of the pages used by Google , DropBox , and other legitimate sites . Even so , `` based on the growing popularity of these types of attacks Attack.Phishing , phishers must still be having success compromising victim even with this lack of authenticity , '' Hassold says . The PhishLabs report is based on an analysis of some one million confirmed phishing sites spread across more than 170,000 unique domains , and also from the company ’ s handling of more than 7,800 phishing attacks Attack.Phishing per month in 2016 . The analysis showed an alarming increase across the board in phishing-related activities Attack.Phishing . The number of phishing sites in 2016 , for instance , was 23 % higher than the year before , while the volume of phishing emails grew by an average of 33 % across financial services , cloud storage/file hosting , webmail/online , payment services , and ecommerce sites . PhishLabs identified a total of 976 brands belonging to 568 organizations that cybercriminal used in phishing campaigns Attack.Phishing last year . The kind of data that phishers went after also broadened considerably last year . In addition to account credentials and personal data , phishers also used their phishing lures Attack.Phishing to try and snag financial , employment , and account security data like answers to challenge/response questions and mother ’ s maiden name . Ransomware 's Best Friend In 2016 , phishing Attack.Phishing also continued to be by far the most prevalent method for delivering ransomware on everything from end user systems to systems belonging to businesses , government agencies , schools , and critical infrastructure targets . The use of email as an authentication measure made it easier for phishers to mass harvest Attack.Databreach credentials for all email services on a single phishing site , instead of having to target email providers individually , Hassold says . `` Additionally , because a growing number of Web services are using email as a primary credential , phishers are able to multiply their profits by conducting password reuse attacks against these unsuspecting targets , '' he says . The easy availability of phish kits , or ready-to-use templates for creating working phishing sites , contributed to the problem . Many of these kits included sophisticated anti-detection mechanisms . Mechanisms included access control measures based on IP address , HTTP referrer , and hostname , whitelists , and blocklists . `` The big takeaway is that we ’ ve created ideal conditions for the mass harvesting Attack.Databreach of credentials via phishing attacks Attack.Phishing , '' Hassold notes . Unlike in the past where phishers were focused on immediate gains—by going after and selling access to financial accounts for instance—they are now trying to maximize the information they can compromise with the least effort .