Cybercriminals prey on naivety , and a new scam campaign that attempts to trick Attack.Phishing people into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupe Attack.Phishing victims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to be Attack.Phishing from 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupe Attack.Phishing victims into paying for a fake subscription . Those who receive Attack.Phishing the email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lure Attack.Phishing victims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be from Attack.Phishing real companies . Previously , Action Fraud has warned about scammers attempting to steal Attack.Databreach credentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to be Attack.Phishing from a charity .

A flaw in Safari – that allows an attacker to spoof Attack.Phishing websites and trick Attack.Phishing victims into handing over their credentials – has yet to be patched Vulnerability-related.PatchVulnerability . A browser address bar spoofing flaw was found Vulnerability-related.DiscoverVulnerability by researchers this week in Safari – and Apple has yet issue Vulnerability-related.PatchVulnerability a patch for the flaw . Researcher Rafay Baloch on Monday disclosed Vulnerability-related.DiscoverVulnerability two proof-of-concepts revealing Vulnerability-related.DiscoverVulnerability how vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fix Vulnerability-related.PatchVulnerability the flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addresses Vulnerability-related.PatchVulnerability the issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixed Vulnerability-related.PatchVulnerability the vulnerability Baloch found Vulnerability-related.DiscoverVulnerability in the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory released Vulnerability-related.PatchVulnerability August 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoof Attack.Phishing the website , using it to lure Attack.Phishing in victims and potentially gather credentials or spread malware . For instance , the attacker could send Attack.Phishing an email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to be Attack.Phishing Gmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discovered Vulnerability-related.DiscoverVulnerability to have the flaw , said Baloch . Baloch is known for discovering Vulnerability-related.DiscoverVulnerability similar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosed Vulnerability-related.DiscoverVulnerability to both Microsoft and Apple and Baloch gave both a 90-day deadline before he went public Vulnerability-related.DiscoverVulnerability with the flaws . Due to the Safari browser bug being unpatched Vulnerability-related.PatchVulnerability , Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .

Consumers are being left vulnerable to increasingly sophisticated cybercriminals because major companies are not taking measures to protect them from plagues of fake emails , a leading cyber-crime expert has claimed . Billions of “ phishing ” emails purporting to be Attack.Phishing from companies we trust such as Apple and Amazon , or banks , charities and even government departments , are reaching consumers ’ inboxes . Their intention is to trick Attack.Phishing recipients into visiting a website – specially created to mirror Attack.Phishing a legitimate business ’ s site – and entering personal details such as email addresses and passwords . These can be used by criminals in a number of ways , including accessing bank accounts , making payments or applying for credit or other services . Phishing emails are cleverly designed to mimic Attack.Phishing the firm ’ s real emails . They are increasingly well-written . Worryingly , as fraudsters invest more in their processes , the emails are also more likely to bypass spam filters . To add to the convincing effect , criminals are buying domain names similar to the companies they are impersonating Attack.Phishing , so recipients are more likely to think the emails real . Since January Action Fraud , the national cybercrime reporting service , has issued alerts about scams involving fake correspondence from HMRC , Amazon , and the Department of Education , among others . But now the proliferation of these emails is causing some to question whether the real businesses are doing enough to protect their customers . Chris Underhill , chief technical officer at Cyber Security Partners , a consultancy , said firms that communicate by email have a “ corporate responsibility ” to prevent fraudsters impersonating them online . He said many firms were failing to take the basic – and inexpensive – precaution of buying up domain names similar to their own . He said : “ The technology is there for little cost but sadly the adoption rate is low . “ The responsibility is now placed on the consumer to check the sender of the emails is real. ” Telegraph Money found it was possible , for example , to buy domain names such as amazonuk.org , amazon.eu.co.uk or amazonuk.tech for as little as £5.99 per year . Andrew Goodwill , of The Goodwill Group , a fraud-prevention consultancy , said consumers should “ be incredibly sceptical ” about any unsolicited digital communication even from familiar companies . If they contained links or asked for personal information they were “ more than likely to be fake ” , he said . He added : “ It ’ s a difficult situation . Why wouldn ’ t you expect to receive an email from a service you use ?

Cybercriminals are finding it more difficult to maintain the malicious URLs and deceptive domains used for phishing attacks Attack.Phishing for more than a few hours because action is being taken to remove them from the internet much more quickly . That does n't mean that phishing Attack.Phishing -- one of the most common means of performing cyber-attacks -- is any less dangerous , but a faster approach to dealing with the issue is starting to hinder attacks . Deceptive domain names look like Attack.Phishing those of authentic services , so that somebody who clicks on a malicious link may not realise they are n't visiting the real website of the organisation being spoofed Attack.Phishing . One of the most common agencies to be imitated Attack.Phishing by cyber-attackers around the world is that of government tax collectors . The idea behind such attacks Attack.Phishing is that people will be tricked Attack.Phishing into believing they are owed money by emails claiming to be Attack.Phishing from the taxman . However , no payment ever comes , and if a victim falls for such an attack , they 're only going to lose money when their bank details are stolen Attack.Databreach , and they can even have their personal information compromised Attack.Databreach . In order to combat phishing Attack.Phishing and other forms of cyber-attack , the UK 's National Cyber Crime Centre -- the internet security arm of GCHQ -- launched what it called the Active Cyber Defence programme a year ago . It appears to have some success in its first 12 months because , despite a rise in registered fraudulent domains , the lifespan of a phishing URL has been reduced and the number of global phishing attacks Attack.Phishing being carried out by UK-hosted sites has declined from five percent to three percent . The figures are laid out in a new NCSC report : Active Cyber Defence - One Year On . During that time , 121,479 phishing sites hosted in the UK , and 18,067 worldwide spoofing Attack.Phishing UK government , were taken down , with many of them purporting to be Attack.Phishing HMRC and linked to phishing emails in the form of tax refund scams . An active approach to dealing with phishing domains has also led to a reduction in the amount of time these sites are active , potentially limiting cybercriminal campaigns before they can gain any real traction . Prior to the launch of the program , the average time a phishing website spoofing Attack.Phishing a UK government website remained active was for 42 hours -- or almost two days . Now , with an approach designed around looking for domains and taking them down , that 's dropped to ten hours , leaving a much smaller window for attacks to be effective . However , while this does mean there 's less time for the attackers to steal Attack.Databreach information or finances , it does n't mean that they 're not successful in carrying out attacks . The increased number of registered domains for carrying out phishing attacks Attack.Phishing shows that crooks are happy to work a little bit harder in order to reap the rewards of campaigns -- and the NCSC is n't under any illusion that the job of protecting internet users is anywhere near complete . `` The ACD programme intends to increase our cyber adversaries ' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks , '' said Dr Ian Levy , technical director of the NCSC . `` The results we have published today are positive , but there is a lot more work to be done . The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt . '' A focus on taking down HMRC and other government-related domains has helped UK internet users , but cyber-attacks are n't limited by borders , with many malicious IPs hosted in practically every country used to carry out cyber-attacks around the world -- meaning every country should be playing a part . `` Obviously , phishing Attack.Phishing and web-inject attacks are not connected to the UK 's IP space and most campaigns of these types are hosted elsewhere . There needs to be concerted international effort to have a real effect on the security of users , '' says the report .

Noticed more emails and texts lately claiming to be Attack.Phishing from your bank – and not just yours ? You ’ re not the only one . Action Fraud , the UK police ’ s dedicated fraud tracking team , has revealed a significant increase in reports about phishing attacks Attack.Phishing connected to TSB ’ s massive IT outage have been reported . A total of 176 complaints have been received , or around ten a day since April 30 . “ There has been an uptick in phishing attempts Attack.Phishing across the piece , ” says an Action Fraud spokesperson . TSB ’ s banking meltdown , caused by a botched IT upgrade , still has not been remedied – nearly four weeks on . And the crisis has become paydirt for scammers and hackers , who have waded into a confusing , chaotic situation and are making out with thousands of pounds worth of savings from people ’ s accounts . And it ’ s not just TSB - the number of phishing texts claiming to be Attack.Phishing from other banks such as Barclays and NatWest also seems to be on the rise . “ When a ‘ change ’ goes wrong and so publicly like TSB ’ s , it ’ s like cyber blood in the water , ” explains Ian Thornton-Trump , chief technical officer of Octopi Managed Services , an IT company . “ Cyber criminals pay attention to companies rocked by internal scandals or public ‘ ball drops ’ and react accordingly. ” With the bank ’ s staff overloaded trying to fix the problems that caused the outage in the first place , fraudulent transactions aren ’ t being tracked or checked as quickly as they should be . “ It is a sad fact that fraudsters might try to take advantage of situations like these , ” says a TSB spokesperson . The scammers are using one of the most common tools in their arsenal : phishing attacks Attack.Phishing . They send out Attack.Phishing mass texts and emails to customers – many of whom identify themselves as TSB ’ s customers in increasingly irate social media posts – with links to legitimate-sounding but fraudulent websites . Customers are encouraged to click a link and input their username and password to process their complaints against the company – and lose control of their bank account . Lucy Evans , 23 , is one customer who has had her cash stolen . Her TSB current account was looted , and she ’ s received Attack.Phishing a number of texts purporting to be Attack.Phishing from TSB . She was defrauded Attack.Phishing by a combination of phone calls and texts . “ I think I was targeted whilst we couldn ’ t actually view our money , ” says Evans . “ Criminals are happy to exploit people ’ s misery , whatever form that might take , ” says professor Alan Woodward , a cybersecurity specialist from the University of Surrey . “ Criminals can pretend to be Attack.Phishing the bank and ask customers to undertake strange actions that under normal operations would seem suspicious . Customers might be so delighted to actually be able to access their web banking that they might just let their guard down that little bit more than usual. ” TSB has to act more proactively to shut down fraudulent domains and to make the public more aware of the scams circulating , Woodward argues . “ TSB need to up their game in responding to customers – as that very lack of response can be used to lure customers in. ” For those who have fallen victim , the loss of money is adding insult to injury . “ I ’ m certain I ’ ll move banks , ” says Evans , who lost the contents of her current account . “ Most of the staff have been helpful and apologetic , but this should have been resolved by now . It seems they are not fit for purpose . ”

Like any community , the Internet has dark alleys and sketchy places it is best to avoid . Granted , anyone with a connected mobile device is at risk of having his or her private personal and financial information stolen Attack.Databreach and misused . But dangerous software and applications often lurk in specific corners of cyberspace , where a touch of a button can have disastrous consequences . These sites may have a web address that ’ s similar to legitimate sites but contain misspellings , bad grammar or low-resolution images , according to McAfee Labs , which is the threat research division of Intel Security . Double check URLs to make sure that sites are authentic and not replicas created by scammers to try to steal Attack.Databreach personal information . A scam currently making the rounds is a message that shows up in people ’ s in-boxes purporting to be Attack.Phishing from Netflix . But in reality , it ’ s a “phishing” scheme Attack.Phishing intended to steal people ’ s log-in and credit card information . Apple.com , obviously , is a well-known and trustworthy source of content . The fake address , however , is not visible when the message is viewed on a cell phone . That “ s ” makes all the difference , because it signals that a site has security encryption . Legitimate e-commerce sites use encryption to keep customers ’ payment information safe . To confirm it is a trusted site , look for on a lock symbol in the browser window . Consumers also should try to restrict their downloads to official and reputable app stores , such as the Apple Store , the Google Play Store and Amazon , said Scot Ganow , an attorney with Dayton-based law firm Faruki Ireland Cox Rhinehart & Dusing whose practice focuses on information privacy and security law . More than 1 million Android phones were infected by a yucky type of malware dubbed “ Googlian ” that consumers downloaded from third-party apps and by clicking on malicious links , experts said . The malware campaign has exposed Attack.Databreach people ’ s messages , documents , photographs and other sensitive data and also led to the installation of unwanted apps their devices , according to Check Point , a threat prevention software company .

A recent lull in the distribution of spam spreading information-stealing malware via the Hancitor downloader has been snapped . Researchers at the SANS Internet Storm Center are currently tracking an increase in spam purporting to be Attack.Phishing a forwarded parking ticket notification . The message prompts Attack.Phishing the recipient to click a link to pay a parking ticket ; the hyperlink is to a Microsoft Word document . “ The document contains a malicious VB macro described has Hancitor , Chanitor or Tordal , ” wrote Brad Duncan , handler at the SANS Internet Storm Center in blog post warning of the spam campaign Attack.Phishing . “ If you enable macros , the document retrieves a Pony downloader DLL . The Pony downloader then retrieves and installs Vawtrak malware ” .

A widely reported e-mail purporting to be Attack.Phishing a request to share a Google Docs document is actually a well-disguised phishing attack Attack.Phishing . It directs Attack.Phishing the user to a lookalike site and grants the site access to the target 's Google credentials . If the victim clicks on the prompt to give the site permission to use Google credentials , the phish Attack.Phishing then harvests Attack.Databreach all the contacts in the victim 's Gmail address book and adds them to its list of targets . The phish Attack.Phishing appears to have been initially targeted at a number of reporters , but it quickly spread widely across the Internet . Some of the sites associated with the attack appear to have been shut down . The e-mail uses a technique that a Trend Micro report linked last week to Pawn Storm , an ongoing espionage campaign frequently attributed to Russian intelligence operations . The attack uses the OAuth authentication interface , which is also used by many Web services to allow users to log in without using a password . By abusing OAuth , the attack is able to present a legitimate Google dialogue box requesting authorization . However , the authentication also asks permission for access to `` view and manage your e-mail '' and `` view and manage the files in your Google Drive . '' The fake application used in the Pawn Storm phish Attack.Phishing ( which posed as Attack.Phishing a Google security alert ) was named `` Google Defender . '' Today's phish Attack.Phishing asks the target to grant access to `` Google Docs '' —a fake application using the name of Google 's service . If the target grants permission , the malicious site will immediately harvest Attack.Databreach contacts from the target 's e-mail and send copies of the original message to them . [ Update , 4:40 pm EDT : ] Google has struck hard at the worm . Not only have all the sites associated with the phish Attack.Phishing been taken offline , but the permissions associated with the worm have been dropped from victims ' accounts . The domains used in the attack were registered through NameCheap , and used a Panama-based privacy service to conceal the registration information . The hostnames were pointed at a server behind Cloudflare 's content delivery and denial-of-service protection network .

Hawksmoor Investment Management has sought to reassure clients after it was the victim of a cyber attack earlier this week . The discretionary investment manager , which runs £711m on behalf of clients , has emailed investors to let them know it was the target of an attack on its IT systems . Phishing emails were sent Attack.Phishing out to clients on Tuesday ( 17 January ) purporting to be Attack.Phishing from the company ’ s business development manager , Jill Gill . In an email sent out today ( 19 January ) , Hawksmoor chief executive John Crowley apologised to clients , but said the IT team had quickly identified and resolved the issue . He also said the team had taken “ immediate steps ” to prevent this kind of incident from happening again . “ Hawksmoor treats confidentiality and data protection extremely seriously , and I can assure you that no client data was compromised at any stage , ” he said . Mr Crowley advised clients to delete any emails they received from Ms Gill between 3pm and 4pm on the 17 January . He also recommended that customers change their password if they opened any link on the emails . Last year , the head of cyber technology firm ZoneFox said companies should implement a framework to guard against breaches to their data security