a news outlet called The British News Agency to lureAttack.Phishingtargets in . Most of the group 's targets are in Iran , the U.S. , Israel and the U.K. , the report said , but some come from countries including France , Germany , Switzerland , Denmark , India , Turkey and the United Arab Emirates . The report detailed the various methods used to gain accessAttack.Databreachto computers and private social accounts . Those include false identities , the impersonationAttack.Phishingof real companies , the insertion of malicious code into a breached website , also known as `` watering hole attacks , '' and spear phishingAttack.Phishing, the process of pretending to beAttack.Phishingservice providers like Gmail or Facebook to trickAttack.Phishingpeople into giving out personal information . A significant mainstay of the group 's activity was the establishment of a media outlet called The British News Agency . Much effort went into creatingAttack.Phishinga seemingly legitimate website , including details about the agency and a contact list of the management team . The purpose of the site was to attractAttack.Phishingthe targets and infect them with malware . According to the report , multiple Israeli researchers of Iran and the Middle East were sentAttack.Phishingemails and Twitter direct messages from accounts registered with seemingly Jewish Israeli names . Messages coming fromAttack.Phishingone such account were presented as if coming fromAttack.Phishinga journalist and political researcher at KNBC News . Other messages were presented as if coming fromAttack.Phishingan Israeli political researcher raised in California who needed help with an article and also wanted to apply for a position at an Israeli university . Another message was described as coming fromAttack.Phishinga Jewish girl living in Iran . These messages often linked to phishing pages . ClearSky can not estimate how many accounts were successfully infiltrated , but the success rate for such attacks is usually around 10 % , said Mr. Dolev .
Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region . The Saudi government ’ s National Cyber Security Center ( NCSC ) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “ MuddyWater ” by U.S. cyber firm Palo Alto Networks . Palo Alto ’ s Unit 42 threat research unit published a report last Friday showing how a string of connected attacksAttack.Phishingthis year used decoy documents with official-looking government logos to lureAttack.Phishingunsuspecting users from targeted organizations to download infected documents and compromise their computer networks . Documents pretending to beAttack.Phishingfrom the U.S.National Security Agency , Iraqi intelligence , Russian security firm Kaspersky and the Kurdistan regional government were among those used to trickAttack.Phishingvictims , Unit 42 said in a blog post ( goo.gl/SvwrXv ) . The Unit 42 researchers said the attacksAttack.Phishinghad targeted organizations in Saudi Arabia , Iraq , the United Arab Emirates , Turkey and Israel , as well as entities outside the Middle East in Georgia , India , Pakistan and the United States . The Saudi security agency said in its own statement that the attacksAttack.Databreachsought to stealAttack.Databreachdata from computers using email phishing techniques targeting the credentials of specific users . The NCSC said they also comprised so-called “ watering hole ” attacks , which seek to trickAttack.Phishingusers to click on infected web links to seize control of their machines . The technical indicators supplied by Unit 42 are the same as those described by the NCSC as being involved in attacks against Saudi Arabia . The NCSC said the attacks appeared to be by an “ advanced persistent threat ” ( APT ) group - cyber jargon typically used to describe state-backed espionage . Saudi Arabia has been the target of frequent cyber attacks , including the “ Shamoon ” virus , which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms . Saudi Aramco , the world ’ s largest oil company , was hit by an early version of the “ Shamoon ” virus in 2012 , in the country ’ s worst cyber attack to date . The NCSC declined further comment on the source of the attack or on which organizations or agencies were targeted . Unit 42 said it was unable to identify the attack group or its aims and did not have enough data to conclude that the MuddyWater group was behind the Saudi attacks as outlined by NCSC . “ We can not confirm that the NCSC posting and our MuddyWater research are in fact related , ” Christopher Budd , a Unit 42 manager told Reuters . “ There ’ s just not enough information to make that connection with an appropriate level of certainty. ” Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised asAttack.PhishingMicrosoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report .
ESET Ireland warns of an authentic looking phishing scam email , pretending to comeAttack.Phishingfrom Vodafone . The cybercriminals are up to their old tricks even in the new year . An email , pretending to beAttack.Phishingfrom Vodafone has been spamming Irish mailboxes with a phishing attemptAttack.Phishing. The email reads : Dear Valued Customer , Just a quick reminder that you need to pay for your Vodafone service . Pay now to avoid service restriction or suspension . Your monthly bill for NETVIGATOR service has been issued . We have proceeded autopay payment according to your credit card information . However , such autopay payment is not successful . Your account is now overdue , so unless you ’ ve already paid in the last few days here ’ s what you need to do next . To check the total amount owing , please visit MyAccount To avoid suspension of service , please settle the above amount before 04 Jan 2017 . Log In To MyAccount https : //www.vodafone.ie/myv/services/Process For details regarding the payment rejection , please contact your bank directly . It ’ s important that you make full payment of the outstanding amount to avoid restriction or suspension of your service . Please remember that if we suspend your service you ’ ll need to pay a reconnection fee . We ’ ll also apply all regular service charges until your service is cancelled . To help you manage your services , a number of online tools are available . You can pay your bill and track your usage through MyAccount and our 24×7 App . While the email is made to look very convincingAttack.Phishing, with all the Vodafone logos and overall appearance , all the links in the email lead to a fake website , registered in Mexico , which tries to trickAttack.Phishingthe user into submitting their account info and payment details . If you have received such an email , flag it as spam and delete it . Do not click any of the links in it .
The Indiana Department of Revenue ( DOR ) and the Internal Revenue Service ( IRS ) are warning folks of fraudulent emails impersonatingAttack.Phishingeither revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online. ” The scam email includes an attachment labeledAttack.Phishing“ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receivesAttack.Phishingan email claiming to beAttack.Phishingthe IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .
People are still falling for fake sites pretending to beAttack.PhishingFacebook , research from Kaspersky Labs suggests . In 2018 thus far , the Russian security company blocked “ 3.7 million attempts to visit fraudulent social network pages ” . Notably , 58.7 % of these attacks were attempting to direct users to fake FB pages . That ’ s a pretty substantial slice of the pie , considering that VKontakte — Russia ’ s version of Facebook — was responsible for 20.8 % , and LinkedIn 12.9 % . “ At the beginning of the year , Facebook was the most popular social networking brand for fraudsters to abuse , and Facebook pages were frequently fakedAttack.Phishingby cybercriminals to try and stealAttack.Databreachpersonal data via phishing attacks , ” the company states in a press release . The main targets for these attacks include “ global internet portals and the financial sector , including banks , payment services and online stores , ” Kaspersky adds . The firm also suggests that this is nothing new . “ Last year Facebook was one of the top three most exploited company names . The schemes are numerous , but fairly standard : the user is asked to ‘ verify ’ an account or luredAttack.Phishinginto signing into a phishing site on the promise of interesting content , ” it reveals . The company also noted that South America suffered the most phishing attacksAttack.Phishingin 2018 thus far . “ Brazil was the country with the largest share of users attackedAttack.Phishingby phishers in the first quarter of 2018 ( 19 % ) , ” it revealed . It was followed by Argentina , Venezuela , and Albania — all at 13 % .
The Internal Revenue Service today warned the public of a tax transcript scheme via a surge of fraudulent emails impersonatingAttack.Phishingthe IRS . The emails offerAttack.Phishingtax transcripts , or the summary of a tax return , as baitAttack.Phishingto enticeAttack.Phishingusers to open documents containing malware . The scam email carries an attachment labeled “ Tax Account Transcript ” or something similar , and the subject line uses some variation of the phrase “ tax transcript. ” The IRS said the scamAttack.Phishingis especially problematic for businesses whose employees might open the malware because it can spread throughout the network and potentially take months to successfully remove . Known as Emotet , the well-known malware generally poses asAttack.Phishingspecific banks and financial institutions in its effort to trickAttack.Phishingpeople into opening infected documents . However , in the past few weeks , the scamAttack.Phishinghas been masquerading asAttack.Phishingthe IRS , pretending to beAttack.Phishingfrom “ IRS Online. ” The United States Computer Emergency Readiness Team ( US-CERT ) issued a warning in July about earlier versions of the Emotet in Alert ( TA18-201A ) Emotet Malware . US-CERT has labeled the Emotet Malware “ among the most costly and destructive malware affecting state , local , tribal , and territorial ( SLTT ) governments , and the private and public sectors. ” The IRS reminds taxpayers it does not send unsolicited emails to the public , nor would it email a sensitive document such as a tax transcript . Taxpayers should not open the email or the attachment . If using a personal computer , delete or forward the scam email to phishing @ irs.gov . If seen while using an employer ’ s computer , notify the company ’ s technology professionals .
If you 've just paid your self-assessment tax bill , be vigilant if you receive an email informing you that you 're due a refund . Fraudsters are targeting taxpayers with spurious emails and text messages pretending to beAttack.Phishingfrom the government . I received one such email over the weekend , telling me I was due a refund of £222.32 . The email cameAttack.Phishingcomplete with a bogus 'HMRC Transaction Confirmation ' number and a link claiming to beAttack.Phishingto the Government Gateway , which is used to access online government services . Of course , I would just need to click on the bogus link with my 'credit/debit card ready ' so the criminals at the other end of the link could scamAttack.Phishingmy cards for as much money as possible . At first glance , it may look fairly convincing - the spelling and grammar is pretty good , it contains plenty of official-looking reference numbers and the web links are at least in part quite similar to the genuine articles . But it 's very definitely a 'phishing ' email - whereby the fraudster sender is trying to hookAttack.Phishingyou into providing personal information . In this case , they 're after my credit or debit card numbers . Phishing happens by text message too . Earlier this month HMRC reported people are nine times more likely to fall for text message scams than other types such as email because they can appear more legitimate , with many texts displaying ‘ HMRC ’ as the sender , rather than a phone number . It also said it had 'stopped thousands of taxpayers from receiving scam text messages , with 90 per cent of the most convincing texts now halted before they reach their phones ' . To help you protect yourself and your bank account , there are several warning signs you should always look out for to determine whether such emails and texts are fakes This is in case they contain malware - software with a virus that can read personal information on your computer – or destroy it . The bug is often activated by users inadvertently opening an attachment or clicking on an email link . And it 's not just emails and texts about tax refunds you need to be vigilant towards . A spokesman for Action Fraud told This is Money : 'At this important time in the tax year when people will be claiming refunds , we are warning of fraudsters who contact victims claiming to beAttack.Phishingfrom HMRC to trickAttack.Phishingthem into paying bogus debts and taxes . 'These criminals will contactAttack.Phishingvictims in many ways , including spoof calls , voicemails and text messages . And in most cases they will ask for payments in iTunes giftcards . 'It is important that people spot the signs of this type of fraud to protect themselves . 'HMRC will never use text messages to inform about a tax rebate or penalty and will never ask for any payment in the form of iTunes vouchers . '
The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attackAttack.Phishing, in which someone pretending to beAttack.Phishinga bank sendsAttack.Phishingan email or text message , hoping to trickAttack.Phishingyou into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attackAttack.Phishing, in which scammers impersonateAttack.Phishinga client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several luresAttack.Phishing; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonatedAttack.Phishingas part of this attempt . The successful trickAttack.Phishingled to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paidAttack.Ransom$ 20,000 in what ’ s known as a ransomware attackAttack.Ransom, in which cyberattackers manage to lock or encrypt network data until the victim pays upAttack.Ransom. While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacksAttack.Phishing. With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attackAttack.Phishing, the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .
As thousands of freshmen move into their dorms for the first time , there are plenty of thoughts rushing through their minds : their first time away from home , what cringey nickname they 're gon na try to make a thing , if there are any parties before orientation kicks off . One thing that probably is n't on their minds is whether they 're going to get hacked . But that 's all Carnegie Mellon University 's IT department thinks about . Back-to-school season means hordes of vulnerable computers arriving on campus . The beginning of the semester is the most vulnerable time for a campus network , and every year , with new students coming in , schools have to make sure everything runs smoothly . Carnegie Mellon 's network gets hit with 1,000 attacks a minute -- and that 's on a normal day . Cybersecurity is an increasingly important aspect of our everyday lives , with technology playing a massive role in nearly everything we do . Universities have been vulnerable to attacksAttack.Databreachin the past , with cybercriminals stealingAttack.Databreachstudent and faculty databases and hackers vandalizing university websites . Students are often targets for hackers , even before they 're officially enrolled . Considering how much money flows into a university from tuition costs , along with paying for room and board , criminals are looking to cash in on weak campus cybersecurity . A bonus for hackers : Admissions offices often hold data with private information like student Social Security numbers and addresses , as well as their families ' data from financial aid applications . PhishingAttack.Phishinghappens when hackers stealAttack.Databreachyour passwords by sendingAttack.Phishingyou links to fake websites that look likeAttack.Phishingthe real deal . It 's how Russians hacked the Democratic National Committee during the presidential election , and it 's a popular attack to use on universities as well . The latest warning , sent Monday , called out malware hidden in a document pretending to beAttack.Phishingfrom Syracuse University 's chancellor . Digging through my old emails , I found about 20 phishingAttack.Phishingwarnings that had gone out during the four years I 'd been there . Syracuse declined to comment on phishing attacksAttack.Phishingagainst the school , but in a 2016 blog post , it said the attacks were `` getting more frequent , cunning and malicious . '' The school is not alone . Duo Security , which protects more than 400 campuses , found that 70 percent of universities in the UK have fallen victim to phishing attacksAttack.Phishing. Syracuse , which uses Duo Security , fights phishing attacksAttack.Phishingwith two-factor authentication , which requires a second form of identity verification , like a code sent to your phone . But it just rolled out the feature last year . Kendra Cooley , a security analyst at Duo Security , pointed out that students are more likely to fall for phishing attacksAttack.Phishingbecause they have n't been exposed to them as frequently as working adults have . Also , cybercriminals know how to target young minds . `` You see a lot of click-bait phishing messages like celebrity gossip or free travel , '' Cooley said . All students at Carnegie Mellon are required to take a tech literacy course , in which cybersecurity is a focus , said Mary Ann Blair , the school 's chief information security officer . The school also runs monthly phishing campaignsAttack.Phishing: If a student or faculty member fallsAttack.Phishingfor the friendly trapAttack.Phishing, they 're redirected to a training opportunity . When your network is being hit with at least two phishing attemptsAttack.Phishinga day , Blair said , it 's a crucial precaution to keep students on guard . `` It 's just constantly jiggling the doorknobs to see if they 're unlocked , '' Blair said . `` A lot of it is automated attacks . '' It 's not just the thousands of new students that have university IT departments bracing for impact , it 's also their gadgets . `` All these kids are coming on campus , and you do n't know the security level of their devices , and you ca n't manage it , because it 's theirs , '' said Dennis Borin , a senior solutions architect at security company EfficientIP . A lot of university IT teams have their hands tied because they ca n't individually go to every student and scan all their computers . Borin 's company protects up to 75 campuses across the United States , and it 's always crunch time at the beginning of the semester . `` If I was on campus , I would n't let anybody touch my device , '' Borin said . `` So if somebody has malware on their device , how do you protect against an issue like that ? '' Instead of going through every single student , Borin said , his company just casts a wide net over the web traffic . If there 's any suspicious activity coming from a specific device , they 're able to send warnings to the student and kick him or her off the network when necessary . Keeping school networks safe is important for ensuring student life runs smoothly . A university that had only two people on its team reached out to EfficientIP after it suffered an attack . All of the school 's web services were down for an entire week while recovering from the attack , Borin said . Scam artists love to take advantage of timing , and the back-to-school season is a great opportunity for them . There was an influx of fake ransomware protection apps when WannaCry hitAttack.Ransom, as well as a spike in phony Pokemon Go apps stuffed with malware during the height of the game 's popularity . If there 's a massive event going on , you can bet people are flooding the market with phony apps to trickAttack.Phishingvictims into downloading viruses . A quick search for `` back to school apps '' in August found 1,182 apps that were blacklisted for containing malware or spyware , according to security firm RiskIQ . Researchers from the company scanned 120 mobile app stores , including the Google Play store , which had more than 300 blacklisted apps . They found apps for back-to-school tools ; themes and wallpapers for your device ; and some apps that promised to help you `` cheat on your exams . '' Though most of the blacklisted apps are poorly made games , others pretend to help you be a better student . Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts , Risk IQ said . For any educational apps , like Blackboard Learn , you should always check the sources and look for the official versions . New students coming to school have enough to worry about . Let 's hope a crash course in cybersecurity is enough to ensure they make it to graduation without getting hit by hacks .
There ’ s a new scam on the block and over 200 people have already been hit . Here ’ s what you need to know about the TV Licence con . Action Fraud is warning that criminals are sending outAttack.Phishingemails pretending to beAttack.Phishingfrom TV Licensing . The watchdog says it has already received over 200 reports about the phishing scamAttack.Phishing. The email luresAttack.Phishingyou in by saying you are owed a refund on your TV Licence payments . But , it ’ s a con and all the senders are really after is your bank details . What does the email say ? So far all the emails have been the same . They say : “ This is an official notification from TV Licensing ! “ We would like to notify you that , after the last annual calculation we have determined that you are eligible to receive a TV Licensing refund of 85.07 GBP . “ Due to invalid account details records , we were unable to credit your account . Please fill in the TV Licensing refund request and allow us 5-6 working days to the amount to be credited to your account. ” All this is untrue . If you receive this email the best thing to do is report it to Action Fraud and then delete it . Do not click on any links within the email . “ A small number of our customers have receivedAttack.Phishingscam email messages saying they are due a refund , ” a spokesperson for TV Licensing has said . “ A link directsAttack.Phishingcustomers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details . “ If you receive a similar email message please delete it . If you have already clicked the link , do not enter or submit any information . TV Licensing never sends refund information by email and is investigating the source of the fraud. ” While these emails are a scam they carry an element of truth – you might be due a refund from TV Licensing . There are a number of ways you can avoid paying the full licence fee . If you are a student you are entitled to a £37 discount on the £147.50 colour TV licence . You can also apply for a refund if you ’ ve paid for a TV Licence beyond your 75th birthday . Anyone over the age of 75 is entitled to watch TV for free . TV Licences apply to households not individuals so if anyone if your household is a student , or over 75 then you all get the benefit of their discount . Similarly , if someone in your house is severely visually impaired they are entitled to a half-price TV licence . You can apply for a refund via the official TV Licensing Website .
A NEW DVLA car tax scamAttack.Phishingis doing the rounds online which could see motorists dupedAttack.Phishinginto entering sensitive information and being ripped off by criminals . Here ’ s what to do if you receive this message . DVLA car tax scam are not a new thing and every couple of months a new one does the rounds . Criminals pose asAttack.Phishingthe Driver and Vehicle Licensing Agency in a bid to extort motorists of their cash by requesting this bank details . These crooks usually try to achieve this by threatening a monetary punishment of some sort or in other cases by stating that the driver is entitled to a refund . The problem for some motorists could fallAttack.Phishingfor the fraudulent messages especially as they often look fairly professional and can even contain the logo of the DVLA Motorists Jason Price , however , was not fooledAttack.Phishingby the latest attempt by fraudsters trying to get him to hand over his details . Mr Price tweeted a link to the email that he receivedAttack.Phishingfrom the criminal pretending to beAttack.Phishingthe DVLA . The subject of the email is “ You are not up-to-date with your vehicle tax ” followed by a bogus item reference number , which presumably is to , in some way , make the email seem more legitimate . The contents of the email claim that the driver is not up to date with their vehicle tax and states that this is their ‘ last chance ’ to pay the remainder of the fee . It reads : “ Our records show that you are not up-to-date with your vehicle tax . “ This is a reminder ( V11 ) and a ‘ last chance ’ warning letter from us . “ Tax your car , motorcycle or other vehicle today to avoid unpleasant consequences . “ You must tax your vehicle even if you don ’ t have to pay anything , for example if you ’ re exempt because you ’ re disabled . “ You ’ ll need to meet all the legal obligations for drivers before you can drive. ” It also states that “ You can be fined up to £1,000 if you do not renew your car tax ” The DVLA has issued numerous warnings to customers in the past about how it will never contact the motorist in this way . “ # SCAM WARNING : We 're reminding customers that the only official place to find our services and information is on http : //GOV.UK “ Cyber scams are common so we want to help our customers to spot fraudulent activity. ” If you receive an email or message like this you should either report it or instantly delete it and not click the link in the message . If you ’ re unsure on the validity of a message then you can ring the licensing agency .
Email is great for keeping in touch with friends and family and quickly conversing with colleagues but it ’ s not without its pitfalls . Scammers approachAttack.Phishingpeople via email to encourage them to hand over private or sensitive information about themselves or the company they work for . “ The most prevalent threats we see targeting consumers today are phishing attacksAttack.Phishingpredominantly via email , where scammers try to trickAttack.Phishingpeople into sharing private information or access to money , ” Jessica Brookes , director of EMEA consumer at McAfee , told the Press Association . “ The first thing you should know about phishingAttack.Phishingis that it almost always involves a form of ‘ social engineering ’ , in which the scammer tries to manipulateAttack.Phishingyou into trusting them for fraudulent purposes , often by pretending to beAttack.Phishinga legitimate person or business . Secondly , if an email doesn ’ t seem legitimate , it probably isn ’ t ; it ’ s always better to be safe than sorry. ” Here are four of the most popular scams circulating today : 1 ) The CEO Scam This scamAttack.Phishingappears asAttack.Phishingan email from a leader in your organisation , asking for highly sensitive information like company accounts or employee salaries . The hackers fakeAttack.Phishingthe boss ’ s email address so it looks likeAttack.Phishinga legitimate internal company email . That ’ s what makes this scam so convincing – the lure is that you want to do your job and please your boss . But keep this scam in mind if you receive an email asking for confidential or highly sensitive information , and ask the apparent sender directly whether the request is real , before responding . 2 ) The Lucky Email How fortunate ! You ’ ve won a free gift , an exclusive service , or a great deal on a trip abroad . Just remember , whatever “ limited time offer ” you ’ re being sold , it ’ s probably a phishing scamAttack.Phishingdesigned to get you to give up your credit card number or identity information . The lure here is something free or exciting at what appears to be little or no cost to you . 3 ) The Urgent Email Attachment Phishing emails that try to trickAttack.Phishingyou into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time . This is because they work . You ’ ve probably received emails asking you to download attachments confirming a package delivery , trip itinerary or prize . They might urge you to “ respond immediately ” . The lureAttack.Phishinghere is offering you something you want , and invoking a sense of urgency to get you to click . 4 ) The Romance Scam This one can happen completely online , over the phone , or in person once initial contact is established . But the romance scam always starts with someone supposedly looking for love . The scammer often poses asAttack.Phishinga friend-of-a-friend via email and contacts you directly . But what starts as the promise of love or partnership , often leads to requests for money or pricey gifts . The scammer will sometimes spin a hardship story , saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch . The lure here is simple – love and acceptance . Brookes added : “ It is everyone ’ s responsibility to be aware and educate each other – we need to share knowledge and collaborate to protect ourselves against the current threats we face as people living in a connected world . ”
The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scamsAttack.Phishingthat could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
PhishingAttack.Phishingis one of the most devious scams for filching your personal information , but experts say it is possible to avoid them if you know what you 're looking for . At its essence , phishingAttack.Phishingis the act of pretending to beAttack.Phishingsomeone or something you trust in order to trickAttack.Phishingyou into entering sensitive data like your user name and password . The goal -- of course -- is to take your money . Some of the most common phishing scamsAttack.Phishingare bogus emails purportedly from trustworthy institutions like the U.S.Internal Revenue Service or major banks . The more sophisticated scams are crafted to look very much likeAttack.Phishinga legitimate message from a site you do business with . “ Many popular phishing scamsAttack.Phishingpurport to beAttack.Phishingfrom shipping companies , e-commerce companies , social networking websites , financial institutions , tax-preparation companies and some of the world ’ s most notable companies , ” said Norton by Symantec senior security response manager Satnam Narang via email . One of the worst cases on record was an aircraft parts CEO who was trickedAttack.Phishinginto handing over more than $ 55 million – which shows that phishing scamsAttack.Phishingcan dupeAttack.Phishingeven smart people . Fox News asked Symantec about the top phishing scamsAttack.Phishingand how to avoid them . 1 . Your account has been or will be locked , disabled or suspended . `` Scare tactics are a common theme when it comes to phishing scamsAttack.Phishing, '' said Narang . `` Claiming a users ’ account has been or will be locked or disabled is a call to action to the user to enticeAttack.Phishingthem to provide their login credentials . '' 2 . Irregular/fraudulent activity detected or your account requires a `` security '' update . `` Extending off of # 1 , scammers will also claim irregular or fraudulent activity has been detected on your account or that your account has been subjected to a compulsory 'security update ' and you need to login to enable this security update , '' Narang said . 3 . You ’ ve received a secure or important message . `` This type of phishing scamAttack.Phishingis often associated with financial institutions , but we have also seen some claiming to beAttack.Phishingfrom a popular e-commerce website , '' said Narang . `` Because financial institutions don ’ t send customer details in emails , the premise is that users will be more inclined to click on a link or open an attachment if it claims to beAttack.Phishinga secure or important message . '' 4 . Tax-themed phishing scamsAttack.Phishing. `` Each year , tax-themed phishing scamsAttack.Phishingcrop up before tax-time in the U.S. and other countries , '' Narang added . `` These tax-related themes can vary from updating your filing information , your eligibility to receive a tax refund or warnings that you owe money . One thing that ’ s for sure is that the IRS doesn ’ t communicate via email or text message , they still send snail mail . '' 5 . Attachment-based phishingAttack.Phishingwith a variety of themes . `` Another trend we have observed in recent years is that scammers are using the luresAttack.Phishingmentioned above , but instead of providing a link to an external website , they are attaching an HTML page and asking users to open this 'secure page ' that requests login credentials and financial information , '' according to Narang . Avast , which also develop antivirus software and internet security services , offered advice on what to look for . Ransomware , which encrypts data ( i.e. , makes it inaccessible to the user ) , tries to tap into the same fears that phishingAttack.Phishingdoes . The hope that the “ attacked person will panic , and pay the ransomAttack.Ransom, ” Jonathan Penn , Director of Strategy at Avast , told Fox News .
The Indiana Department of Revenue and the Internal Revenue Service is warning individuals and businesses about emails that use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open attachments . These scams are problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It ’ s been described as one of the most costly and destructive malware to date . Both the DOR and IRS have several tips to help individuals and businesses stay clear of these scams : - The DOR and IRS do not contact customers via email to share sensitive documents such as a tax transcript - Use security software to protect against malware and viruses , and make sure it ’ s up-to-date - Never open emails , attachments , or click on links when you ’ re not sure of the source If you receiveAttack.Phishingan email claiming to beAttack.Phishingthe IRS , delete it or forward the email to phishing @ irs.gov < mailto : phishing @ irs.gov > . If the email claims to beAttack.Phishingfrom the DOR forward it to investigations @ dor.in.gov < mailto : investigations @ dor.in.gov > . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online ” . The scam email includes an attachment , with the subject line often including “ tax transcript ” .
It ’ s tax season , and that means con artists and scammers are out in full force trying to capitalize on people ’ s financial anxieties . The IRS puts out strong warnings each year—often republishing its “ ’ Dirty Dozen ’ list of tax scams ” several times between January and April . This year , phishing schemesAttack.Phishing—in which scammers sendAttack.Phishingemails pretending to beAttack.Phishingfrom the IRS in order to trickAttack.Phishingpeople into divulging sensitive information—topped the list . “ We urge taxpayers to watch out for these tricky and dangerous schemes , ” acting IRS Commissioner David Kautter said in a March 5 warning to consumers . “ PhishingAttack.Phishingand other scams on the ‘ Dirty Dozen ’ list can trapAttack.Phishingunsuspecting taxpayers . Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data. ” Threat researchers at Zscaler published a blog on March 15 outlining four new phishing schemesAttack.Phishingthey identified during this tax season , most of which used fake IRS websites to steal taxpayers ’ information . “ Cybercriminals have long used social engineering and phishing techniques to lureAttack.Phishingunsuspecting users into giving away private information , ” the researchers wrote . “ They track current trends and events to make their attacks more effective , and tax season offers a rich opportunity for attackers to disguise themselves asAttack.Phishingwell-known brands and even government agencies in an effort to exploit users. ” This tendency is on display with the “ chalbhai ” phishing attackAttack.Phishing, which uses a spoof of an outdated IRS form to trickAttack.Phishingusers into giving up their tax identification information , which can then be used to file false returns . While studying this campaign , researchers noticed the term “ chalbhai ” used in the source code . “ We have typically seen this tag associated with phishing pages that look likeAttack.PhishingMicrosoft Office 365 , Apple ID , Dropbox or DocuSign , ” Zscaler wrote . “ This is a good example of criminals adapting their phishing content to reflect current trends , ” i.e. , tax season . Another similar scheme directed users to a fake IRS page for unlocking expired passwords . Researchers noted this campaign was particularly tricky , as users were redirectedAttack.Phishingto a legitimate IRS page after giving up their information . “ With this page , ” they wrote , “ the attacker is attempting to prevent user suspicion by redirecting the user from this phishing page to a legitimate e-policy statement hosted on the actual IRS page… At this point , the victims believe they have completed the account unlock process and they proceed to log in on the legitimate page unaware that their information has been stolen. ” Researchers also found similar tactics used to get taxpayers ’ logins for tax preparer sites like TurboTax . In a fourth example , Zscaler researchers found an encrypted phishing page designed to mask their ill-intent from security measures . After a user downloads the page , it is decrypted within the browser , skirting some security checks . In all these examples , users could have avoided the scam by double-checking the URL in the browser , which all included additional characters before the .gov domain , indicating users were not actually at an official IRS site .
Over the phone you ’ re trying to get them to say what they can see on their PC screen , and attempting to describe the button they should be clicking on , or the file they need to drag from one folder to another . A much easier way to do remote technical support is to use a program that allows you – with permission , of course – to take remote control of the distant PC , and fix it over the internet . You literally take over control of the mouse and keyboard , and can see what is on your “ patient ” ‘ s computer screen . Trust me , it ’ s a much easier way to fix things – and avoids the need to take a lengthy road-trip to their house . Many in the IT world use software like Team Viewer to do this remote technical support , and help their friends and family out when they find themselves in a PC pickle . But here ’ s the problem – bad guys use Team Viewer too . For years scammers have been contactingAttack.Phishingvulnerable people , pretending to beAttack.Phishingfrom their ISP or Microsoft technical support , and offering to clean-up non-existant virus infections . If you make the mistake of grantingAttack.Phishingone of these criminals remote access to your computer to “ clean it up ” you may find that they end up stealing your files , planting malicious code , and even demanding you pay a fee for their bogus service . British ISP TalkTalk has decided that the problem of scammers defraudingAttack.Phishingits customers has become so big that they have blocked usage of TeamViewer from its network . That ’ s bad news if you ’ re a scammer , but it ’ s even worse news if you happen to be a TalkTalk customer who routinely uses TeamViewer to help out friends and family diagnose and fix computer problems . Unfortunately it took TalkTalk a while to admit that they had blocked the software , leaving many customers posting messages on its forum in the dark as they spent hours trying to get to the bottom of why the software they relied upon was no longer working . Eventually TalkTalk ‘ fessed up that it was responsible for the block .
Companies and individuals in Japan are finding their computers are increasingly targeted by ransomware campaignAttack.Ransomthat bar victims from accessing important files unless they pay moneyAttack.Ransom. “ Attacks on Japanese businesses have been particularly large in number , ” said Masakatsu Morii , a professor of information and telecommunications engineering at Kobe University ’ s Graduate School of Engineering . Ransomware typically infects computers when its user opens a file attached to spam mail from a sender pretending to beAttack.Phishinga legitimate entity such as a parcel delivery company , according to the government-affiliated Information-Technology Promotion Agency . The malicious programs encrypt the infected computers ’ files , and users can only open them after payingAttack.Ransomthe perpetrators money to obtain a special key to unlock them . Yoshihito Kurotani , a researcher at the agency ’ s engineering department , said the programs employ basic encryption technologies . Kurotani ’ s agency has received numerous inquiries asking for help from victims who can not access their photos or business files . The bogus emails “ used to be written in English or unnatural Japanese , but we have seen increasing attacks using natural Japanese recently , ” Kurotani said . Computer security firm Trend Micro Inc. said it received 2,810 reports of ransomware attacksAttack.Ransomnationwide in 2016 — a 3.5-fold jump from the previous year . “ Tactics are expected to be even more sophisticated in 2017 , ” a Trend Micro official said . A survey conducted by the firm last June shows that about 60 percent of companies that were attackedAttack.Ransompaid ransomsAttack.Ransom. The payment in one case exceeded ¥10 million ( $ 88,000 ) . The extortionAttack.Ransomand the transactions in the ransomware programs themselves have become a profitable business for cybercriminals . The programs are traded on online black markets that can not be accessed without the use of special software . In the “ dark web ” networks , various programs are sold , including multilingual ones and one that can be used for a “ lifetime ” for just $ 39 . The people who post the programs make profits by taking a share of ransoms collectedAttack.Ransom. Firms undertaking the delivery of unsolicited emails do business there , too . Katsuyuki Okamoto , a security “ evangelist ” at Trend Micro , said it has become easier and easier to be involved in or become a victim of cybercrime . Cybersecurity experts warn that users should protect their computers by always keeping operating systems and anti-malware software up-to-date and should constantly back up their data . They said victims should never pay ransomsAttack.Ransomas there is no guarantee their files will actually be restored . “ If you pay moneyAttack.Ransomto the criminals , that will only help them create a new virus , ” Okamoto said .
Every year , cybercriminals cash in on tax season by targeting individuals , but this year it 's a little different . It 's businesses that must be extra careful when filing , because businesses are experiencing a rise in tax-related scams , specifically W-2 fraud . Researchers at IBM X-Force , the tech giant 's security research division , discovered more than 1400 % growth in general tax-themed spam between December 2016 and March 2017 . `` On top of all the usual activity -- consumer tax fraud , filing on others ' behalf -- we began to see that businesses are being targeted a lot more , '' says Limor Kessem , executive security advisor for IBM Security . In the past , she says , tax fraud on businesses were the purview of only advanced attackers . This year , they saw a rise in social engineering attacks on smaller organizations like schools , non-profits , and restaurants as fraudsters start to aim for the `` low-hanging fruit '' of the corporate world . Cybercriminals often collectAttack.DatabreachW-2 data by pretending to beAttack.Phishinga company exec and emailing HR or payroll for employee information , which is used to file fraudulent returns and collect refunds . In addition , they may also request a wire transfer to a specific bank account . Attackers who are more technically inclined may bypass the fake emails and breachAttack.Databreachan organization 's servers to stealAttack.Databreachdata directly , says Kessem . In addition to using W-2 data for their own scams , fraudsters will sell it on the dark web , the report states . The most valuable bundles of information are called `` Fullz '' and contain the victim 's address , contact info , Social Security and driver 's license numbers , plus all W-2 and W-9 information . Each record runs for $ 40- $ 50 in Bitcoin on the Dark Web . With all this data for $ 50 per record , harmful activity does n't have to stop at tax fraud , Kessem notes . Cybercriminals can buy and use this data for other scams like identity theft or online loan applications . Tax-related risks increase as the filing deadline approaches . One-third of Americans ( 54 million people ) filed their taxes after April 1 in 2016 , giving fraudsters a larger window of opportunity to strike . Tax-related cybercrime wo n't stop after April 18 , 2017 . `` There are a number of people filing after the deadline , '' says Kessem , noting the popularity of extensions . There are millions who will still be interested in tax-themed emails . '' However , their tax scam strategies will shift after the deadline as cybercriminals move from stealing data to infecting machines with malware . Because victims may expect messages indicating problems with their returns , they are more likely to open potentially malicious attachments , Kessem explains . Researchers believe data sets sold on the Dark Web are a sign that fraudsters are stealingAttack.Databreachtax info from employer databases -- meaning they get it before the taxpayers
Financial institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before . The report further cautions that a slight mistake could cause great cash loss to the financial institutions like what happened to a Bangladesh Bank Central Bank . The Sophos report indicates that financial infrastructure is at greater risk of attack . `` The use of targeted phishingAttack.Phishingand 'whaling ' continues to grow . These attacksAttack.Phishinguse detailed information about company executives to trickAttack.Phishingemployees into paying fraudsters or compromising accounts . `` We also expect more attacks on critical financial infrastructure , such as the attack involving SWIFTconnected institutions which cost the Bangladesh Central Bank $ 81 million in February , '' reveals the report . The caution comes in following a Cybersecurity giant Sophos report published recently shows that the attacks are expected to increase this year . Expounding further , the report indi - cates that the year 2016 saw a huge number and variety of cyber-attacks , ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election , according to a report by a Cybersecurity giant Sophos . The Sophos report shows that they also saw a rising tide of data breachesAttack.Databreachfrom big organisations and small and significant losses of people 's personal information . `` Since the year 2016 is over , we 're pondering how some of those trends might play out in 2017 , '' it notes . The report indicates that the current and emerging attack trends include the destructive DDoS IOT attack which is expected to rise . `` In 2016 , Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT ( Internet of Things ) devices . Mirai 's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques , '' part of the report indicates . However , the report claims that cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities . `` Expect IoT exploits , better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network , '' it notes . It shows there is a shift from exploitation to targeted social attacks . `` Cybercriminals are getting better at exploiting the ultimate vulnerability - humans . Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves . For example , it 's common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect , '' explains part of the report . It further states that shock , awe or borrowing authority by pretending to beAttack.Phishinglaw enforcement are common and effective tactics , saying that the email directs them to a malicious link that users are panicked into clicking on , opening them up to attack . `` Such phishing attacksAttack.Phishingcan no longer be recognised by obvious mistakes , '' it states . SWIFT recently admitted that there have been other such attacks and it expects to see more , stating in a leaked letter to client banks , stating that the threat is very persistent , adaptive and sophisticated - and it is here to stay . The Sophos report notes that there is increasing exploitation of the Internet 's inherently insecure infrastructure . All Internet users rely on ancient foundational protocols and their ubiquity makes them nearly impossible to revamp or replace
The Russian hacking group blamed for targeting U.S. and European elections has been breaking intoAttack.Databreachemail accounts , not only by trickingAttack.Phishingvictims into giving up passwords , but by stealingAttack.Databreachaccess tokens too . It 's sneaky hack that 's particularly worrisome , because it can circumvent Google 's 2-step verification , according to security firm Trend Micro . The group , known as Fancy Bear or Pawn Storm , has been carrying out the attackAttack.Phishingwith its favored tactic of sending outAttack.Phishingphishing emails , Trend Micro said in a report Tuesday . The attackAttack.Phishingworks by sending outAttack.Phishinga fake email , pretending to beAttack.Phishingfrom Google , with the title “ Your account is in danger. ” An example of a phishing email that Fancy Bear has usedAttack.Phishing. The email claims that Google detected several unexpected sign-in attempts into their account . It then suggests users install a security application called “ Google Defender. ” However , the application is actually a ruse . In reality , the hacking group is trying to dupeAttack.Phishingusers into giving up a special access token for their Google account , Trend Micro said . Victims that fall for the scheme will be redirected to an actual Google page , which can authorize the hacking group 's app to view and manage their email . Users that click “ allow ” will be handing over what ’ s known as an OAuth token . Although the OAuth protocol does n't transfer over any password information , it 's designed to grant third-party applications access to internet accounts through the use of special tokens . In the case of Fancy Bear , the hacking group has leveraged the protocol to buildAttack.Phishingfake applications that can foolAttack.Phishingvictims into handing over account access , Trend Micro said . “ After abusing the screening process for OAuth approvals , ( the group ’ s ) rogue application operatesAttack.Phishinglike every other app accepted by the service provider , ” the security firm said . Even Google 's 2-step verification , which is designed to prevent unwarranted account access , ca n't stop the hack , according to Trend Micro . Google 's 2-step verification works by requiring not only a password , but also a special code sent to a user 's smartphone when logging in . Security experts say it 's an effective way to protect your account . However , the phishing schemeAttack.Phishingfrom Fancy Bear manages to sidestep this security measure , by trickingAttack.Phishingusers into granting access through the fake Google security app . Google , however , said it takes many steps to protect users from such phishing attacksAttack.Phishing. `` In addition , Google detects and reviews potential OAuth abuse and takes down thousands of apps for violating our User Data Policy , such as impersonatingAttack.Phishinga Google app , '' the company said in a statement . `` Note that a real Google app should be directly accessed from a Google site or installed from the Google Play or Apple App stores , '' it added . According to Trend Micro , victims were targeted with this phishing attackAttack.Phishingin 2015 , and 2016 . In addition to Google Defender , Fancy Bear has used other apps under names such as Google Email Protection and Google Scanner . They ’ ve also gone after Yahoo users with apps called Delivery Service and McAfee Email protection . The attackAttack.Phishingattempts to trickAttack.Phishingusers into handing over access to their email through fake Google third-party applications . “ Internet users are urged to never accept OAuth token requests from an unknown party or a service they did not ask for , ” Trend Micro said . Although a password reset can sometimes revoke an OAuth token , it 's best to check what third-party applications are connected to your email account . This can be done by looking at an email account 's security settings , and revoking access where necessary . Fancy Bear is most notorious for its suspected role in hacking the Democratic National Committee last year . However , the group has also been found targeting everything from government ministries , media organizations , along with universities and think tanks , according to Trend Micro .
Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big , metropolitan areas in countries like Brazil . He managed to buy a new one , but kept the same number for convenience . Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password . Fortunately , he was able to recover and update it , as his phone number was tied to his Facebook account . But a pickpocket accessing his victim ’ s Facebook account is quite unusual . After all , why would a crook be interested with his victim ’ s Facebook account for when the goal is usually to use or sell the stolen device ? It didn ’ t stop there ; a day after , my friend curiously receivedAttack.Phishinga phishing SMS message on his new phone . What ’ s interesting here is the blurred line between traditional felony and cybercrime—in particular , the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks . Figure 1 : SMS message with a link to a phishing page The SMS message , written in Portuguese , translates to : “ Dear user : Your device in lost mode was turned on and found ; access here and view its last location : ” . The message was accompanied with a link pointing to hxxp : //busca-devices [ . ] pe [ . ] hu , which we found to be a phishing page with a log-in form asking for Apple ID credentials . We then checked the last location of his stolen iPhone , the official iCloud website indeed confirmed that it was where he had the phone snatched . Figure 2 : Phishing page asking for Apple ID credentials Connecting the dots , it appears the modus operandi is to physically steal the victim ’ s phone ( while in use , so they can still access the apps ) , uncover the device ’ s number , then try changing the password of installed social networking ( and possibly email ) apps—probably to extort the victim in the future—before turning the stolen device off as soon as possible . Attackers then try to grab the victim ’ s Apple ID credentials using a phishing page and a socially engineered SMS message pretending to beAttack.PhishingApple . Apart from perpetrating identity theft , getting their hands on Apple credentials allows them to disable the Activation Lock feature in iOS devices which would enable them to wipe the phone ( as part of an attack , or for them to reuse the device ) . Figure 3 : iCloud phishing page advertised in the Brazilian underground Interestingly , we came across an iCloud phishing page peddled for R $ 135 ( roughly equivalent to US $ 43 as of May 4 , 2017 ) during one our recent forays into the Brazilian underground . The phishing page offered for rent came with a video tutorial explaining how the service works . Coincidence ? While there may be no direct correlation , it wouldn ’ t be surprising if it somehow intersects with my friend ’ s iPhone scam situation—given how Apple credentials are one of the commodities sold in Brazil ’ s online underworld . In fact , this kind of attack has been reported in Brazil as early as 2015 . The moral of my friend ’ s story ? Traditional crime and cybercrimes are not mutually exclusive and can , in fact , work together in seemingly bigger attacks or malicious schemes . Another lesson learned ? Physical security strengthens cybersecurity . This rings true—even intuitive—not only to individual end users . Organizations understand that the risks of attacks are just as significant if their workplace ’ s perimeters aren ’ t as properly secure as their virtual/online walls . Indeed , today ’ s increasingly intricate—and in a lot of cases , brazen—attacks , whether physical or in cyberspace , call for being more proactive . Being aware of red flags in phishing scamsAttack.Phishing, securing the privacy of mobile apps , and adopting best practices for BYOD devices , are just some of them . These are complemented by physically securing mobile devices—from password-protecting important documents to employing biometrics or strong PINs to prevent unauthorized access to the device ’ s apps . Users can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Apple devices ( available on the App Store ) that can monitor and block phishing attacksAttack.Phishingand other malicious URLs . For organizations , especially those that use BYOD devices , Trend Micro™ Mobile Security for Enterprise provides device , compliance and application management , data protection , and configuration provisioning , as well as protect devices from attacks that leverage vulnerabilities , preventing unauthorized access to apps , as well as detecting and blocking malware and fraudulent websites . With help from our colleagues from PhishLabs , we were able to take down the phishing pages that were still online . We also disclosed to Apple our findings related to this threat . The domains we uncovered related to this scam are in this appendix .
Hackers that tried to extort moneyAttack.Ransomfrom Disney by threatening to make public an upcoming movie ahead of its release date appear to have been bluffing , the firm ’ s boss has revealed . Chairman and CEO Bob Iger said the media giant had , to its knowledge , not been hacked . “ We had a threat of a hackAttack.Databreachof a movie being stolenAttack.Databreach. We decided to take it seriously but not react in the manner in which the person who was threatening us had required , ” he told Yahoo Finance . “ We don ’ t believe that it was real and nothing has happened. ” The hackers apparently demandedAttack.Ransoma large paymentAttack.Ransomin Bitcoin , and threatened to release five minutes of the stolen film followed by subsequent 20-minute instalments if their demandsAttack.Ransomweren ’ t met . Disney likely took the threat seriously given that a similar incident occurred last month when a hacker uploaded the upcoming series of Netflix prison drama Orange is the New Black to The Pirate Bay after the streaming giant refused to pay a ransomAttack.Ransom. In that case , a third-party production vendor used by the studios was to blame , after its security was compromised by the hacker . Iger acknowledged the elevation of cybersecurity to a “ front burner issue. ” “ Technology is an enabler to run our businesses more securely , whether that ’ s protecting our intellectual property or protecting our guests or employees around the world , ” he argued . Unfortunately , many boardrooms don ’ t share Iger ’ s enthusiasm for cybersecurity-related issues . Just 5 % of FTSE 100 companies claim to have a technology expert on the board , despite most of them ( 87 % ) identifying cybersecurity as a major risk to the firm , according to a recent Deloitte report . Yet cybersecurity is something the C-level need to get urgently up to speed with , as increasing numbers are targeted by whalers . Just this month , Barclays CEO Jes Staley was trickedAttack.Phishinginto emailing someone pretending to beAttack.Phishingthe bank ’ s chairman , John McFarlane .
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.
UK police are warning that fraudsters are posing asAttack.PhishingDepartment of Education officials in order trickAttack.Phishingschools into installing ransomware . An Action Fraud notice claimed that the fraudsters have been cold calling education institutions pretending to beAttack.Phishinggovernment officials and socially engineering the victim into giving them the email address of the head teacher , in order to send across “ sensitive information ” . The resulting email contains a .zip attachment loaded with ransomware that will apparently demandAttack.Ransomup to £8000 to recover the files . Action Fraud claimed similar cases have been noted where the fraudsters pretend to beAttack.Phishingcalling from the Department for Work and Pensions , or even telecom providers . The newly reported incidentsAttack.Phishingrepresent an escalation in tactics designed to get ransomware on the networks of targets presumably selected because they may be relatively poorly secured , and be willing to pay a high penaltyAttack.Ransomto gain access back to their data . “ Once again , hackers have preyed on the weakest link in security – the end-user – but this is not where the fault lies . It ’ s unfair to expect busy teachers to be able to tell the difference between an email from the Department of Education and these sophisticated mimics , ” argued Fraser Kyne , EMEA CTO at Bromium . “ Hackers are clever and convincing con artists , yet the industry continues to try and convince us that they can be defeated through detection tools and user education . As we can see from the rise in such attacks , this approach is neither realistic nor effective ” . In related news , new tacticsAttack.Phishingdesigned to deliver the Petya variant GoldenEye have been discovered using fake job application emails . The new campaignAttack.Phishingis designed to target HR staff , with the ransomware hidden in a malicious attachment masquerading asAttack.Phishinga CV , according to Check Point . The emails also contain a harmless PDF as covering letter in order to lullAttack.Phishingthe recipient into a false sense of security , the vendor claimed