is targeting customers of every major UK bank , with cybercriminals posing asAttack.Phishingcustomer support staff on Twitter in an attempt to steal users ' online banking credentials . Easy to carry out but difficult to defend against , phishingAttack.Phishingis an increasingly popular weapon of choice for hackers . That 's because , with an authentic-looking fake website , they can just sit back and scoop upAttack.Databreachdata as victims unwittingly hand over their usernames and passwords . PhishingAttack.Phishingoften relies on cybercriminals sendingAttack.Phishingtailored emails to potential victims in an effort to lureAttack.Phishingthem into giving up credentials or installing malware . However , cybersecurity researchers at Proofpoint have uncovered an Angler phishing campaignAttack.Phishingwhich , rather than being tailoredAttack.Phishingto specific users , takes advantage of how they can often be careless on social media -- specifically Twitter . In this instance , cybercriminals monitor Twitter for users approaching genuine support accounts for banks , and attempt to hijack the conversation with a fake support page . This sort of phishing attackAttack.Phishingis unlikely to provide cybercriminals with the big score they 'd hit if they targeted a corporate network , but it does enable the easy theft of credentials and small amounts of money -- and repeated success could become lucrative , and also provide criminals with accessAttack.Databreachto other types of data which can be used to commit fraud . `` In many of the examples we 've seen , the hacker is not just collectingAttack.Databreachbanking credentials . They also look for information like ATM Pin , Credit/Debit card numbers , security questions and answers , and even social security numbers . With this information , they can circumvent some security measures , make purchases/withdrawals without online access , or create entirely new bogus accounts using the customer 's information , '' says Celeste Kinswood at Proofpoint . Fortunately , there are some simple things users can do to ensure they do n't become victims of this style of social media phishing attackAttack.Phishing. For starters , a real support account will be verified with a blue tick and wo n't directly ask for login credentials . A quick search for the real account should also demonstrate if the one contacting you is fake . Users may want to see their problems solved quickly , but taking ten seconds to verify who you 're talking to will pay off in the long run .
A phishing campaignAttack.Phishingis targeting customers of every major UK bank , with cybercriminals posing asAttack.Phishingcustomer support staff on Twitter in an attempt to steal users ' online banking credentials . Easy to carry out but difficult to defend against , phishingAttack.Phishingis an increasingly popular weapon of choice for hackers . That 's because , with an authentic-looking fake website , they can just sit back and scoop upAttack.Databreachdata as victims unwittingly hand over their usernames and passwords . PhishingAttack.Phishingoften relies on cybercriminals sendingAttack.Phishingtailored emails to potential victims in an effort to lureAttack.Phishingthem into giving up credentials or installing malware . However , cybersecurity researchers at Proofpoint have uncovered an Angler phishing campaignAttack.Phishingwhich , rather than being tailoredAttack.Phishingto specific users , takes advantage of how they can often be careless on social media -- specifically Twitter . In this instance , cybercriminals monitor Twitter for users approaching genuine support accounts for banks , and attempt to hijack the conversation with a fake support page . This sort of phishing attackAttack.Phishingis unlikely to provide cybercriminals with the big score they 'd hit if they targeted a corporate network , but it does enable the easy theft of credentials and small amounts of money -- and repeated success could become lucrative , and also provide criminals with accessAttack.Databreachto other types of data which can be used to commit fraud . `` In many of the examples we 've seen , the hacker is not just collectingAttack.Databreachbanking credentials . They also look for information like ATM Pin , Credit/Debit card numbers , security questions and answers , and even social security numbers . With this information , they can circumvent some security measures , make purchases/withdrawals without online access , or create entirely new bogus accounts using the customer 's information , '' says Celeste Kinswood at Proofpoint . Fortunately , there are some simple things users can do to ensure they do n't become victims of this style of social media phishing attackAttack.Phishing. For starters , a real support account will be verified with a blue tick and wo n't directly ask for login credentials . A quick search for the real account should also demonstrate if the one contacting you is fake . Users may want to see their problems solved quickly , but taking ten seconds to verify who you 're talking to will pay off in the long run .
It ’ s tax season , and that means con artists and scammers are out in full force trying to capitalize on people ’ s financial anxieties . The IRS puts out strong warnings each year—often republishing its “ ’ Dirty Dozen ’ list of tax scams ” several times between January and April . This year , phishing schemesAttack.Phishing—in which scammers sendAttack.Phishingemails pretending to beAttack.Phishingfrom the IRS in order to trickAttack.Phishingpeople into divulging sensitive information—topped the list . “ We urge taxpayers to watch out for these tricky and dangerous schemes , ” acting IRS Commissioner David Kautter said in a March 5 warning to consumers . “ PhishingAttack.Phishingand other scams on the ‘ Dirty Dozen ’ list can trapAttack.Phishingunsuspecting taxpayers . Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data. ” Threat researchers at Zscaler published a blog on March 15 outlining four new phishing schemesAttack.Phishingthey identified during this tax season , most of which used fake IRS websites to steal taxpayers ’ information . “ Cybercriminals have long used social engineering and phishing techniques to lureAttack.Phishingunsuspecting users into giving away private information , ” the researchers wrote . “ They track current trends and events to make their attacks more effective , and tax season offers a rich opportunity for attackers to disguise themselves asAttack.Phishingwell-known brands and even government agencies in an effort to exploit users. ” This tendency is on display with the “ chalbhai ” phishing attackAttack.Phishing, which uses a spoof of an outdated IRS form to trickAttack.Phishingusers into giving up their tax identification information , which can then be used to file false returns . While studying this campaign , researchers noticed the term “ chalbhai ” used in the source code . “ We have typically seen this tag associated with phishing pages that look likeAttack.PhishingMicrosoft Office 365 , Apple ID , Dropbox or DocuSign , ” Zscaler wrote . “ This is a good example of criminals adapting their phishing content to reflect current trends , ” i.e. , tax season . Another similar scheme directed users to a fake IRS page for unlocking expired passwords . Researchers noted this campaign was particularly tricky , as users were redirectedAttack.Phishingto a legitimate IRS page after giving up their information . “ With this page , ” they wrote , “ the attacker is attempting to prevent user suspicion by redirecting the user from this phishing page to a legitimate e-policy statement hosted on the actual IRS page… At this point , the victims believe they have completed the account unlock process and they proceed to log in on the legitimate page unaware that their information has been stolen. ” Researchers also found similar tactics used to get taxpayers ’ logins for tax preparer sites like TurboTax . In a fourth example , Zscaler researchers found an encrypted phishing page designed to mask their ill-intent from security measures . After a user downloads the page , it is decrypted within the browser , skirting some security checks . In all these examples , users could have avoided the scam by double-checking the URL in the browser , which all included additional characters before the .gov domain , indicating users were not actually at an official IRS site .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''
In a new blog post researchers from Proofpoint have tracked a phishing campaignAttack.Phishingleveraging the concept of “ Twitter Brand Verification ” . Because the actors in this case are relying on paid , targeted ads on Twitter , users don ’ t need to do anything to see the phishing link . Attackers are increasing the sophistication of social engineering approaches and extending them across social channels . Users and brands need to be increasingly savvy to avoid getting snared by ads , accounts , and messages that initially look legitimate . While this attack was observed on Twitter , such a scam could be implemented on any social media platform that implements some form of account verification . The full blog post can be found here , however key takeouts include : “ Verified accounts ” are a powerful tool on Twitter to help brands differentiate themselves from fraudulent , impersonation , and parody accounts on the social media site . When an account is officially verified , it displays a special badge intended to reassure Twitter users that they are interacting with a genuine brand and not an impostor . Recently , however , threat actors are using the promise of verified accounts to lureAttack.Phishingusers into a credit card phishing schemeAttack.Phishing. Account verification is a process that Twitter manages for “ accounts of public interest ” and requires brands to go through multiple verification steps . The promise , then , of a quick verification process is attractive , especially to smaller businesses that potentially lack the resources to meet Twitter ’ s requirements for account verification . In this phishing attackAttack.Phishing, discovered by Proofpoint researchers in December , attackers place legitimate ads targeting brand managers and influencers with a link to a phishing site purportingAttack.Phishingto offer account verification . The ads themselves come fromAttack.Phishingan account that mimicsAttack.Phishingthe official Twitter support account , @ support . The fraudulent account , @ SupportForAll6 , uses Twitter branding , logos , colors , etc. , to increase the sense of authenticity , despite a very low number of followers and a suspect name