to the public this morning , fixesVulnerability-related.PatchVulnerabilitya bug that allowed scammers to attempt to extort moneyAttack.Ransomfrom iOS users through a JavaScript pop-up in Safari . As explained by mobile security firm Lookout ( via Ars Technica ) , the scammers targeted iOS users viewing pornographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user did n't know how to bypass it . Using `` scareware '' messages and posing asAttack.Phishinglaw enforcement , the scammers used the pop-ups to extort moneyAttack.Ransomin the form of iTunes gift cards from the victim , promising to unlock the browser for a sum of money . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be `` locked '' out from using Safari unless they paid a feeAttack.Ransomor knew they could simply clear Safari 's cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The endless pop-up issue could be fixed by clearing the Safari cache , but many users likely did not know they did n't need to shell out money to regain access to their browsers . Pop-up scams are no longer possible with iOS 10.3 , as Apple has changed the way pop-up dialogs work . Pop-ups are now per-tab and no longer take over the entire Safari app .
Staff Reports - INDIANAPOLIS ( WISH ) -- A scammer has received all 4,000 Scotty 's Brewhouse employee 's 2016 W-2 forms after posing asAttack.Phishingthe CEO through email . Director of Human Resources Christopher Martin said that his payroll account 's manager receivedAttack.Phishingan email from someone who claimed to beAttack.PhishingScott Wise , the company 's CEO . The person then requested all 4,000 employee 's 2016 W-2 forms in a PDF format . After discovering that Wise did not send the email , Martin contacted the Internal Revenue Service about the breach . Reports have also been filed with the Federal Bureau of Investigation and Indiana State Police . Martin plans on contacting all employees affected about what they can do to protect themselves from unauthorized use of their personal information . No suspect information has been released at this time . CEO Scott Wise released a statement saying : `` Unfortunately , Scotty 's was the target of and fell victim to scammers , as so many other companies have . Scotty 's employees and customers are of tremendous importance to the company and Scotty 's regrets any inconvenience to its employees that may result from this scamming incident . Scotty 's will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice . ''
INDIANAPOLIS — Officials at Scotty ’ s Brewhouse are scrambling to deal with a data breachAttack.Databreachthat leakedAttack.Databreachthousands of employee W-2 forms to an unknown scammer . That 's according to our news reporting partners at CBS4 Indy . Company officials called police about the leak Monday afternoon . Somebody posing asAttack.PhishingCEO Scott Wise emailedAttack.Phishinga payroll employee , asking her to send all 4,000 W-2 forms to him . The e-mail wasn ’ t really from Wise , but the employee did send all the forms , giving the scammer personal finance information for all those employees . Scotty ’ s Brewhouse executives contacted the IRS and Indianapolis Metropolitan Police Department about the breach . They ’ re now working to notify all their employees and give them steps to protect their financial information . IMPD and other agencies are involved in the investigation into who sentAttack.Phishingthe bogus email . This email scamAttack.Phishingmatches a phishing schemeAttack.Phishingthat prompted a warning from the IRS last year during tax season . At that time , the agency recorded a 400 percent increase in this kind of scam . The IRS has a website to use if your W-2 or other information has been leakedAttack.Databreach. Tuesday evening , Scotty 's Brewhouse issued a statement on the situation : Yesterday Scotty ’ s Holdings , LLC and its subsidiary , affiliate and managed entities were the victims of an email phishing scamAttack.Phishingthat resulted in the disclosure of 2016 W-2 information . Scotty ’ s has confirmed that no customer information was obtainedAttack.Databreachby the scammers in yesterday ’ s phishing scamAttack.Phishing. Scotty ’ s is working closely with federal and local law enforcement and the credit bureaus to limit any potential misuse of the information that was obtainedAttack.Databreachand to identify and apprehend the scammers . “ Unfortunately , Scotty ’ s was the target of and fell victim to scammers , as so many other companies have , ” said Scott Wise , CEO of Scotty ’ s Holdings , LLC . “ Scotty ’ s employees and customers are of tremendous importance to the company and Scotty ’ s regrets any inconvenience to its employees that may result from this scamming incident . Scotty ’ s will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice. ” Scotty ’ s alerted authorities immediately after it learned of the scam . A toll-free number was set up by the company to answer employee questions . The company will also make available to affected employees one year of credit monitoring at no cost to employees , in addition to providing information regarding available resources for its employees to monitor their credit .
Evaldas Rimasauskas , 49 who allegedly connedAttack.Phishingtwo of the world 's biggest companies was arrested on fraud charges GOOGLE and Facebook have admitted they were conned outAttack.Phishingof an alleged $ 100million ( £77million ) in a phishing scamAttack.Phishing. The two world 's biggest companies fell victim after a Lithuanian man allegedly trickedAttack.Phishingemployees into wiring over the money to bank accounts that he controlled , Fortune reported on Thursday . Evaldas Rimasauskas , 48 , is accused of posing asAttack.Phishingan Asia-based manufacturer and deceivedAttack.Phishingthe internet giants from around 2013 until 2015 . He was arrested earlier this month in Lithuania at the request of US authorities The conman is said to have forgedAttack.Phishingemail addresses , invoices and corporate stamps to impersonateAttack.PhishingQuanta and trickAttack.Phishingthem into paying for computer supplies . Rimasauskas , who is awaiting extradition proceedings , has denied the allegations . The US Department of Justice ( DOJ ) said last month : `` Fraudulent phishing emails were sentAttack.Phishingto employees and agents of the victim companies , which regularly conducted multi-million-dollar transactions with [ the Asian ] company . '' Both Facebook and Google have confirmed the fraud and said that they had been able to recoup funds . But they did n't reveal how much money it had transferred and recouped . A Google spokeswoman said : `` We detected this fraud against our vendor management team and promptly alerted the authorities . '' `` We recouped the funds and we ’ re pleased this matter is resolved . '' A spokeswoman for Facebook added : `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation . '' Security experts said the recent cyber attack highlighted how sophisticated phishing scamsAttack.Phishingare being used to foolAttack.Phishingeven two of the biggest tech companies .
US prosecutors have charged a Lithuanian man with engaging in an email fraud scheme in which he bilkedAttack.Phishingtwo US-based companies out of more than US $ 100 million by posing asAttack.Phishingan Asian hardware vendor . Evaldas Rimasauskas , 48 , was arrested late last week by Lithuanian authorities , Manhattan federal prosecutors said on Tuesday . Rimasauskas does not yet have legal counsel , a spokesman for the prosecutors said . The alleged scheme is an example of a growing type of fraud called “ business email compromiseAttack.Phishing” , in which fraudsters ask for money using emails targeted at companies that work with foreign suppliers or regularly make wire transfers . It is a variation on the common “phishing” scamAttack.Phishing, but on a massive scale . The FBI said last June that since October 2013 , US and foreign victims have made 22,143 complaints about business email compromise scamsAttack.Phishinginvolving requests for almost US $ 3.1 billion in transfers . In an indictment unsealed on Tuesday , prosecutors said that to carry out his scheme , which they said began around 2013 or earlier , Rimasauskas registered a company in Latvia with the same name as an Asian computer hardware manufacturer . He then sentAttack.Phishingemails to employees of the two unnamed victim companies , described asAttack.Phishingmultinational internet firms , asking them to wire money that they actually owed to the Asian company to the sham Latvian company ’ s accounts , prosecutors said . The victim companies are described asAttack.Phishinga multinational technology company and a multinational social media company . After they wired money to Rimasauskas ’ s Latvian company , Rimasauskas quickly transferred the funds to different accounts around the world , including in Latvia , Cyprus , Slovakia , Lithuania , Hungary and Hong Kong , prosecutors said . In order to conceal his fraud from banks that handled the transfers , Rimasauskas forgedAttack.Phishinginvoices , contracts and letters purportedly signed by executives at the two victim companies , according to prosecutors . Rimasauskas is charged with wire fraud and money laundering , which each carry a maximum prison sentence of 20 years , and identify theft , which carries a mandatory minimum sentence of two years . Acting US Attorney Joon H. Kim said : “ From half a world away , Evaldas Rimasauskas allegedly targeted multinational internet companies and trickedAttack.Phishingtheir agents and employees into wiring over US $ 100 million to overseas bank accounts under his control . “ This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacksAttack.Phishingby cyber criminals . ”
Biggest case involved woman who lost HK $ 119,000 in 24 hours after being conned into buying more than 50 points cards for online games . A woman who lost HK $ 119,000 in 24 hours was among almost 250 people duped outAttack.Phishingof about HK $ 1.9 million ( US $ 242,000 ) in a WhatsApp scamAttack.Phishingin Hong Kong this year , police said on Wednesday . According to police , swindlers pretended to beAttack.Phishingfriends of WhatsApp users and invented different excuses to lureAttack.Phishingthem into revealing their account verification codes . The con men then accessed the accounts with the codes and , posing asAttack.Phishingthe users , sentAttack.Phishingtext messages to deceiveAttack.Phishingthe account holders ’ contacts . Mohammed said genuine account holders were unable to use WhatsApp at least 12 hours after their accounts were hijacked . “ All the scam victims were asked to buy MyCard points cards for online games , ” he said . MyCard is a digital payment platform . Users can buy credit to spend on the platform from convenience stores across the city , Mohammed said . After getting passwords for the cards , scammers sold them online . Police said the age range of the victims was between 17 and 72 and losses went from a few hundred dollars to thousands . No arrests had been made . The Post reported in February that officers believed fraudsters from Taiwan were behind the scam because the points cards they requested were used for the Taiwanese versions of online games . Police advised residents to safeguard their personal data and verify the identity of those who contact them . If in doubt , people should call the Anti-Scam Helpline at 18222 . In the first three months of this year , there were 270 reports of deception through instant messaging platforms , accounting for HK $ 2.6 million in losses . That exceeds the figure for the whole of last year , when there were 266 cases , in which scammers bagged HK $ 2.1 million .
The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scamsAttack.Phishingthat could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
A phishing campaignAttack.Phishingis targeting customers of every major UK bank , with cybercriminals posing asAttack.Phishingcustomer support staff on Twitter in an attempt to steal users ' online banking credentials . Easy to carry out but difficult to defend against , phishingAttack.Phishingis an increasingly popular weapon of choice for hackers . That 's because , with an authentic-looking fake website , they can just sit back and scoop upAttack.Databreachdata as victims unwittingly hand over their usernames and passwords . PhishingAttack.Phishingoften relies on cybercriminals sendingAttack.Phishingtailored emails to potential victims in an effort to lureAttack.Phishingthem into giving up credentials or installing malware . However , cybersecurity researchers at Proofpoint have uncovered an Angler phishing campaignAttack.Phishingwhich , rather than being tailoredAttack.Phishingto specific users , takes advantage of how they can often be careless on social media -- specifically Twitter . In this instance , cybercriminals monitor Twitter for users approaching genuine support accounts for banks , and attempt to hijack the conversation with a fake support page . This sort of phishing attackAttack.Phishingis unlikely to provide cybercriminals with the big score they 'd hit if they targeted a corporate network , but it does enable the easy theft of credentials and small amounts of money -- and repeated success could become lucrative , and also provide criminals with accessAttack.Databreachto other types of data which can be used to commit fraud . `` In many of the examples we 've seen , the hacker is not just collectingAttack.Databreachbanking credentials . They also look for information like ATM Pin , Credit/Debit card numbers , security questions and answers , and even social security numbers . With this information , they can circumvent some security measures , make purchases/withdrawals without online access , or create entirely new bogus accounts using the customer 's information , '' says Celeste Kinswood at Proofpoint . Fortunately , there are some simple things users can do to ensure they do n't become victims of this style of social media phishing attackAttack.Phishing. For starters , a real support account will be verified with a blue tick and wo n't directly ask for login credentials . A quick search for the real account should also demonstrate if the one contacting you is fake . Users may want to see their problems solved quickly , but taking ten seconds to verify who you 're talking to will pay off in the long run .
Staff are still falling for phishing scamsAttack.Phishing, with social media friend requests and emails pretending to come fromAttack.Phishingthe HR department among the ones most likely to foolAttack.Phishingworkers into handing over usernames and passwords . Phishing scamsAttack.Phishingaim to trickAttack.Phishingstaff into handing over data -- normally usernames and passwords -- by posing asAttack.Phishinglegitimate email . It 's a technique used by the lowliest criminals as part of ransomware campaigns , right up to state-backed hackers because it continues to be such an effective method . In a review of 100 simulated attack campaigns for 48 of its clients , accounting for almost a million individual users , security company MWR Infosecurity found that sendingAttack.Phishinga bogus friend request was the best way to get someone to click on a link -- even when the email was being sentAttack.Phishingto a work email address . Almost a quarter of users clicked the link to be taken through to a fake login screen , with more than half going on to provide a username and password , and four out of five then going on to download a file . A spoof email claiming to beAttack.Phishingfrom the HR department referring to the appraisal system was also very effective : nearly one in five clicked the link , and three-quarters provided more credentials , with a similar percentage going on to download a file . Some might argue that gaining accessAttack.Databreachto a staff email account is of limited use , but the security company argues that this is a handy for an assault . A hacker could dumpAttack.Databreachentire mailboxes , accessAttack.Databreachfile shares , run programs on the compromised user 's device , and access multiple systems , warned MWR InfoSecurity . Even basic security controls , such as two-factor authentication or disabling file and SharePoint remote access , could reduce the risk . The company also reported bad news about the passwords that users handed over : while over 60 percent of passwords were found to have a length of 8 to 10 characters -- the mandatory minimum for many organizations -- the company argued that this illustrates how users stick to minimum security requirements . A third of the passwords consisted of an upper-case first letter , a series of lower-case letters , and then numbers with no symbols . It also found that 13.6 percent of passwords ended with four numbers in the range of 1940 to 2040 . Of those , nearly half ended in 2016 , which means one-in-twenty of all passwords end with the year in which they were created .
Malware posing asAttack.Phishinglegitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years . The cyber-nasty is packaged asAttack.Phishingsoftware to be installed on Siemens programmable logic controllers ( PLC ) , we 're told . At least 10 industrial plants – seven in the US – were found running the infected software , a study by industrial cybersecurity firm Dragos claims . According to the Maryland-based biz , this particular malware was specifically thrown at industrial control equipment . Exactly what it does , or did , is not explained , although it is described as `` crimeware '' . Dragos CEO Robert Lee writes : Starting in 2013 , there were submissions from an ICS environment in the US for Siemens programmable logic controller control software . The various anti-virus vendors were flagging it as a false positive initially , and then eventually a basic piece of malware . In short , there has been an active infection for the last four years of an adversary attempting to compromise industrial environments by theming their malware to look likeAttack.PhishingSiemens control software . However , each new IP address punches another hole in the metaphorical wall that separates Information Technology ( IT ) and Operational Technology ( OT ) . Having established IT connectivity , it 's difficult to put the genie back in the bottle and each of these avenues is a potential point of weakness that can be compromised – by hackers burrowing in or malware ( such as ransomware ) detonating internally and then radiating out . '' Andrew Cooke , head of cyber consulting at Airbus Defence and Space CyberSecurity , added : `` Malware is prevalent in a wide range of industrial systems , often spread by an infected USB stick or by unauthorized remote access . But while the majority of malware found in these systems is low level , it can still pose a serious risk for the organizations concerned .
LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trickAttack.Phishingjob seekers into sharing their personal details . Scammers have spammed out email messages posing asAttack.Phishingcommunications from LinkedIn , claiming that a company is “ urgently seeking ” workers matching your qualifications in “ your region ” . It would be nice to think that recipients of the bogus message would spot a number of warning signals as soon as they open the communication in their email inbox . But there ’ s always a chance that someone eager to find new employment might – in their haste – not notice that the messages As HelpNetSecurity describes , if anyone was careless enough to followAttack.Phishingthe email ’ s advice and click on the link contained within the message – they would be takenAttack.Phishingto a third-party website where they are instructed to upload their CVs , making it child ’ s play for scammers to harvest the information . Just think of some of the personal information that you include in your CV or resume . Before you know it , a scammer might have your full name , date of birth , work and home email addresses , work and home telephone numbers , and all manner of other personal information that could be abused by scammers . At the simplest level such data breachesAttack.Databreachcould lead to a rise in targeted spam attacks , or scam phone calls . But it could also be a stepping stone to more damaging business email compromiseAttack.Phishing( also often known as “ CEO fraud ” ) which has resulted , in some cases , in companies losing tens of millions of dollars . Anything which gives online criminals inside information about you and your position within a company could give them the head start they need to launch a targeted attack that could lead to a significant data breachAttack.Databreachor a substantial financial loss . In short , being careless with your personal information – such as your CV – might not just put your career in jeopardy , it could also ultimately endanger the company you work for . And that ’ s certainly not going to ever look good on your CV .
The Australian Securities and Investments Commission has issued a warning after scammers posing asAttack.Phishingthe regulator emailed Australian businesses on Wednesday morning with malware-laden notices . The emails reportedly asked customers to renew their business details via provided links , which , when clicked , would activate a Javascript dropper and infect computers with malware . Email security vendor MailGuard issued an alert suggesting a stolen ID may have been used to help set up the scam . The originating domain , austgov.com , was registered in China , where strict regulations around domain registration require an authentic ID to be scanned . MailGuard also said the domain was backed by a legitimate email infrastructure , which helped the emails bypass email server spam detection . The emails come withAttack.PhishingASIC and Australian Government branding and puts anyone who follows their instructions at risk . ASIC recommends users keep antivirus software up to date , be wary of emails that do not address recipients by name or that spell recipients ’ names incorrectly and be suspicious of emails with unknown attachments .
Check your security with our instant risk assessment , Security Preview Get insight into the most topical issues around the threat landscape , cloud security , and business transformation . See how Zscaler enables the secure transformation to the cloud . Zscaler is the preferred choice of leading organizations . Watch how Jabil achieved security at scale with Zscaler . Nintendo recently released Super Mario Run for the iOS platform . In no time , the game became a sensational hit on the iTunes store . However , there is not yet an Android version and there has been no official news on such a release . Attackers are taking advantage of the game 's popularity , spreading malware posing asAttack.Phishingan Android version of Super Mario Run . The ThreatLabZ team wrote about a similar scam that occurred during the release of another wildly popular Niantic game , Pokemon GO . Like that scam , the new Android Marcher Trojan is disguised asAttack.Phishingthe Super Mario Run app and attempts to trickAttack.Phishingusers with fake finance apps and a credit card page in an effort to capture banking details . Once the user 's mobile device has been infected , the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details . Unsuspecting victims will provide the details that will be harvested and sent out to to the malware 's command and control ( C & C ) server . We have seen this malware evolve and take advantage of recent trends in order to target a large number of users . We have covered similar campaigns in the past related to Marcher malware here and here . Technical details In this new strain , the Marcher malware is disguised asAttack.Phishingthe Super Mario Run app for Android . Knowing that Android users are eagerly awaiting this game , the malware will attemptAttack.Phishingto present a fake web page promoting its release . In previous variants of Marcher , we observed this malware family targeting well-known Australian , UK , and French banks . The current version is targeting account management apps as well as well-known banks . Like previous Marcher variants , the current version also presentsAttack.Phishingfake credit card pages once an infected victim opens the Google Play store .
Netskope Threat Research Labs has observed phishing attacksAttack.Phishingusing decoy PDF files , URL redirection , and Cloud Storage services to infect users and propagate malware . Because many organizations have default “ allow ” security policies for popular Cloud Storage services and PDF readers to let users take advantage of these useful services , these attacks pass through the corporate network to end users ’ machines undetected . Moreover , as users collaborate and share through cloud services , these malicious files posing asAttack.PhishingPDFs “ fan out ” to shared users , creating a secondary propagation vector . We are calling this the “ CloudPhishing Fan-out EffectAttack.Phishing” . In this blog , we will detail the insidious nature of CloudPhishingAttack.Phishingand the secondary fan-out using two recently detected cases . We will also illustrate how an attack – even if unsuccessful – may leave the target vulnerable to future attacks . Additionally , we will outline the Netskope protection stance , and general best practices to handle this attack . The CloudPhishing fan-out effectAttack.Phishingoccurs when a victim inadvertently shares the phishing document with colleagues , whether internal or external , via a cloud service . This is particularly insidious in the cloud , as shared users lose the context of the document ’ s external origin and may trust the internally shared document as if it were created internally . Other than having the file shared in OneDrive , the SaaS application is unrelated to the attack . This threat , seen in one of our customer environments , is detected by Netskope Active Threat Protection as Backdoor.Phishing.FW . The decoy PDF is usually deliveredAttack.Phishingas an email attachment named , “ invoice ” in an attempt to lureAttack.Phishingthe victim into executing the file . This , in effect , weakens the security posture of the endpoint against future attacks . The decoy PDF connects to the TinyURL link , http : //TinyURL [ . The attacker used the TinyURL link as an evasive tactic to hide the original link . At the time of analysis , the web page was down and not serving any content . This might be because the web page was removed or renamed . Our analysis showed that the Adobe Acrobat Reader prompts a security warning to the user when the document connects to a link . This feature allows any URL related to the domain that is on the allowed list . Based on the behavior seen in the latest version of the Adobe Acrobat Reader , we recommend users un-check the “ Remember this action… ” option while allowing the PDF to connect to an external link . We also advise users to hover their mouse over the hyperlink to confirm the link and also regularly monitor managed Internet access settings in the PDF reader ’ s Trust Manager . The phishing PDF decoys showcase the use of URL redirectors and cloud services , and also a secondary propagation vector within the shared users leading to the CloudPhishing fan-outAttack.Phishing. By taking advantage of the “ default allow ” action in popular PDF readers , the attacker can easily deploy multiple attacks without getting the security warning after the first alert . This makes the attacker effectively a host for phishing pages or malicious payloads using URL redirection services and Cloud Storage services
INDIANAPOLIS , Ind.– Officials at Scotty ’ s Brewhouse are working to inform thousands of employees across the company about an email data breachAttack.Databreach, leakingAttack.Databreachemployees ’ W-2 forms to an unknown suspect . Company officials called IMPD Monday afternoon to report the breachAttack.Databreach, which apparently resulted from an email phishing scamAttack.Phishing. According to the police report , an individual posing asAttack.Phishingcompany CEO Scott Wise sentAttack.Phishingan email to a payroll account employee . The email requested the employee to send all 4,000 employees W-2 forms in PDF form . Chris Martin , director of HR/Payroll for the company , told police the email did not really come from Wise . However , the payroll account employee did email all 4,000 W-2 forms to the unknown individual . The report says Martin contacted the IRS to inform the agency of the breach . The IRS recommended Martin also file a report with IMPD . Scotty ’ s Brewhouse officials are now in the process of informing all employees , and providing them with precautionary measures to take in order to protect their financial and personal information . The company says it will offer one year of credit monitoring at no cost to employees , in addition to providing information regarding available resources for its employees to monitor their credit . Scotty ’ s says no customer information was obtainedAttack.Databreachduring the phishing scamAttack.Phishing. The company is working with law enforcement and the credit bureaus to limit any potential misuse of the information that was obtainedAttack.Databreachand to identify and apprehend the scammers . Scott Wise , CEO of Scotty ’ s Holdings , LLC , issued the following statement : “ Unfortunately , Scotty ’ s was the target of and fell victim to scammers , as so many other companies have , ” said Wise . “ Scotty ’ s employees and customers are of tremendous importance to the company and Scotty ’ s regrets any inconvenience to its employees that may result from this scamming incident . Scotty ’ s will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice ” . The incident appears to match the description of an email phishingAttack.Phishingscheme the IRS issued warnings about last year . This scheme involves scammers posing asAttack.Phishingcompany executives to request financial and personal information on employees . The IRS has online tutorials on the proper steps to take if you have become the victim of identity theft or your personal information has been leakedAttack.Databreach
INDIANAPOLIS , Ind.– Officials at Scotty ’ s Brewhouse are working to inform thousands of employees across the company about an email data breachAttack.Databreach, leakingAttack.Databreachemployees ’ W-2 forms to an unknown suspect . Company officials called IMPD Monday afternoon to report the breachAttack.Databreach, which apparently resulted from an email phishing scamAttack.Phishing. According to the police report , an individual posing asAttack.Phishingcompany CEO Scott Wise sentAttack.Phishingan email to a payroll account employee . The email requested the employee to send all 4,000 employees W-2 forms in PDF form . Chris Martin , director of HR/Payroll for the company , told police the email did not really come from Wise . However , the payroll account employee did email all 4,000 W-2 forms to the unknown individual . The report says Martin contacted the IRS to inform the agency of the breach . The IRS recommended Martin also file a report with IMPD . Scotty ’ s Brewhouse officials are now in the process of informing all employees , and providing them with precautionary measures to take in order to protect their financial and personal information . The company says it will offer one year of credit monitoring at no cost to employees , in addition to providing information regarding available resources for its employees to monitor their credit . Scotty ’ s says no customer information was obtainedAttack.Databreachduring the phishing scamAttack.Phishing. The company is working with law enforcement and the credit bureaus to limit any potential misuse of the information that was obtainedAttack.Databreachand to identify and apprehend the scammers . Scott Wise , CEO of Scotty ’ s Holdings , LLC , issued the following statement : “ Unfortunately , Scotty ’ s was the target of and fell victim to scammers , as so many other companies have , ” said Wise . “ Scotty ’ s employees and customers are of tremendous importance to the company and Scotty ’ s regrets any inconvenience to its employees that may result from this scamming incident . Scotty ’ s will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice ” . The incident appears to match the description of an email phishingAttack.Phishingscheme the IRS issued warnings about last year . This scheme involves scammers posing asAttack.Phishingcompany executives to request financial and personal information on employees . The IRS has online tutorials on the proper steps to take if you have become the victim of identity theft or your personal information has been leakedAttack.Databreach
Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacksAttack.Phishing- are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive dataAttack.Databreachthat criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scamsAttack.Phishing, exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breachesAttack.Databreachpublicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromisedAttack.Databreachon January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofedAttack.Phishingan email and pretended to beAttack.Phishingone of the company 's owners . W-2 records for all companies and all employees were compromisedAttack.Databreach. Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attackAttack.Databreachon January 30 , which affected employee W-2 records . The school did n't say the incidentAttack.Databreachwas the result of a BEC attackAttack.Phishing, but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing asAttack.Phishinga manager requested them . In 2016 , the criminals behind the BEC attacksAttack.Phishingmostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacksAttack.Phishingare essentially Phishing scamsAttack.Phishing, or Spear PhishingAttack.Phishingsince the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forgedAttack.Phishingan email and pretended to beAttack.Phishingthe victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .
Social media phishing attacksAttack.Phishingjumped by a massive 500 % in Q4 , driven by a huge increase in fraudulent accounts including many posing asAttack.Phishingcustomer support for big name brands , according to Proofpoint . The security vendor revealed the findings in its Q4 2016 Threat Summary and Year in Review report . It claimedAttack.Phishingfraudulent accounts across sites like Twitter and Facebook increased 100 % from the third to fourth quarter . Such accounts are used for phishingAttack.Phishing, malware distribution , spam and other ends . In fact , Proofpoint observed a 20 % increase in Facebook and Twitter spam from Q3 to Q4 , with the quarter recording the second highest spam volume in the year . Yet it was a particular variety of phishing that caught the eye . So-called “ angler phishingAttack.Phishing” is a relatively new tactic in which the black hats register fake Twitter accounts that masquerade asAttack.Phishingcustomer support accounts . They monitor the real support accounts for irate customer messages and then quickly jump in to send messages back to those users loaded with malicious links . The tactic was particularly common among financial services and entertainment accounts , according to the report . Elsewhere , the number of new ransomware variants grew 30-fold over Q4 , and malicious email campaigns grew significantly , with Q4 's largest campaign 6.7 times the size of Q3 's . Some of the biggest campaigns apparently involved hundreds of millions of messages dropping Locky ransomware . However , there was some good news , with scams involving the spoofing of CEO emails sent toAttack.PhishingCFOs falling 28 % in the final quarter . This is partly because CFOs are more cautious about the veracity of such messages , but can also be linked to a 33 % surge in DMARC implementation which helped to block attempts to spoofAttack.Phishingthe CEO ’ s email address . In addition , exploit kits remained at low levels of activity after some high profile Angler EK arrests in Q2 , although large scale malvertising campaigns persisted , Proofpoint claimed .
This week researchers found a piece of malware in the wild , built to stealAttack.Databreachpasswords from the macOS keychain . Named `` MacDownloader '' and posing asAttack.Phishing, what else , a fake Flash Player update , the new malware was found on the Mac of a human rights advocate and believed to originate from Iran . The malware 's code is very sloppy and appears to have been made by an amateur who took pieces of other 's code and repurposed them . The threat report mentions the following : MacDownloader seems to be poorly developed and created towards the end of 2016 , potentially a first attempt from an amateur developer . In multiple cases , the code used has been copied from elsewhere . The simple activity of downloading the remote file appears to have been sourced from a cheat sheet . The main purpose of MacDownloader seems to be to perform an initial profiling of the infected system and collectionAttack.Databreachof credentials from macOS ’ s Keychain password manager – which mirrors the focus of Windows malware developed by the same actors . At this time , it appears the malware is not a threat and the Command & Control server has been taken down . Intego VirusBarrier offers protection from this malware , detected as OSX/MacDownloader . Security researchers found that this malware was originally designed asAttack.Phishinga fake Bitdefender antivirus , but was later repackaged asAttack.Phishinga fake Flash Player update . Once installed , the malware attempts to achieve persistence by use of a poorly implemented shell script , which at the time of writing did not function due to the C & C server being offline . MacDownloader displaysAttack.Phishinga fake Flash Player update that offers an `` Update Flash-Player '' button and a `` Close '' button . Unlike other malware of its kind , clicking the Close button actually exists the installer and nothing malicious is placed on the system . If the Update button is clicked though , a malware dialog will pop-up , which is , of course , fake as well . These dialogues are also rife with basic typos and grammatical errors , indicating that the developer paid little attention to quality control . After a user clicks on OK , the software mimics the System Preferences to request the admin password in order to grab more info on the system . If the user enters their password and clicks OK , the software grabs the info , and then it tries to open a remote connection to : MacDownloader collectsAttack.Databreachuser keychain information and uploads it to said C & C server , including documents the running processes , installed applications and the username and password , which are acquired through a fake System Preferences dialog . The name and password , which in almost all cases are Administrator credentials , give the malware everything it needs to access the keychain information . With accessAttack.Databreachto the keychain the sky is the limit , because email account passwords , social network account details , and much more , are all stored in the keychain .