to a scam artist . Tax season is always a busy time for scammers seeking to gain accessAttack.Databreachto sensitive information , but this year attacks are coming earlier and in greater numbers than usual . The uptick has caused the IRS to release an urgent alert warning employers to be on the lookout for what they 're refering to as `` one of the most dangerous email phishing scamsAttack.Phishingwe ’ ve seen in a long time . '' By using email spoofing techniques , criminals are able to draftAttack.Phishingemails that look as though they are coming directly fromAttack.Phishinga high-level executive at your organization . They sendAttack.Phishingthe message to an employee in the payroll department or HR and include a request for a list of the organization 's employees along with their W-2 forms . Their initial goal is to use the W-2 information to file fraudulent tax returns and claim refunds . But not all criminals are stopping there . Once they 've found a responsive victim , a portion are also following up with additional email requesting a wire transfer be made to an account they provide . Also referred to as business email compromise (BEC)Attack.Phishing, these attacksAttack.Phishinghave claimed more than 15,000 victims and cost organizations more than $ 1 billion over the past three years . More than 100 organizations have already fallen victim to W-2 phishing scamsAttack.Phishingin 2017
A recent phishing scamAttack.Phishingis targeting businesses and consumers who use Office 365 email services . Fraudsters are gaining accessAttack.Databreachto Office 365 accounts by stealingAttack.Databreachlogin credentials obtainedAttack.Databreachusing convincing fake login screens . Fraudster email attacksAttack.Phishingare becoming increasingly sophisticated – often appearing to be sent fromAttack.Phishinga business , organization , or individual the victim normally emails or does business with . The fictitious emails contain malicious links or attachments that redirectAttack.Phishingthe victim to a fake login page asking for their email username and password . Once the information is entered , fraudsters then use the stolen credentials to log into Office 365 and sendAttack.Phishingfraudulent emails to the victim ’ s contact list , perpetuating the scam . If you use Office 365 for email , we encourage you to be extra vigilant . Emails containing hyperlinks or attachments that require additional actions by you should be carefully vetted before proceeding . If you are unsure if an email you received is legitimate , do not click on any links , attachments , or provide any information . We also encourage you to contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromisedAttack.Databreachand to let them know they may receiveAttack.Phishingfraudulent emails appearing to be sentAttack.Phishingby you . While Office 365 is the most recent phishing target , these types of scams regularly impact other email applications and platforms as well . Always be cautious when opening any emails that were not expected , are coming from someone you do not know , and contain links or attachments you were not expecting . Take advantage of added security measures that your email provider offers .. If you ever feel information related to your financial accounts with us has been compromisedAttack.Databreach, please notify us immediately so that we can assist you with protecting your accounts and notifying the appropriate authorities .
Robert Gren was working from home on Friday when , all of a sudden , his laptop stopped working . What he initially thought was just a kink in his computer ’ s software was in fact part of a global ransomware attackAttack.Ransomthat has affected more than 200,000 computers and caused untold havoc from China to Britain . Now , Mr. Gren and the thousands of other victims worldwide face an agonizing choice : either hand over the ransomAttack.Ransom— a figure that has climbed to $ 600 for each affected machine — by a deadline this Friday , or potentially lose their digital information , including personal photos , hospital patient records and other priceless data , forever . “ I ’ m pretty devastated , ” said Mr. Gren , 32 , a manager of an online entertainment business in Krakow , Poland , who has spent almost all of his waking hours since Friday looking for ways to reclaim his digital data . “ I ’ ve lost private files that I have no other way of recovering . For me , the damage has been huge. ” That decision has become even more difficult as cybersecurity experts and law enforcement officials have repeatedly warned people against paying the ransomAttack.Ransomahead of this week ’ s deadline . Aside from dissuading victims from handing over moneyAttack.Ransomthat may help fund further such attacks , they caution that it is not guaranteed the attackers will return control of people ’ s computers even if they payAttack.Ransomthe assailants in bitcoin , a digital currency favored in such ransomware attacksAttack.Ransomthat can be difficult to trace . Officials also note that the attackers , who have yet to been named , have provided only three bitcoin addresses — similar to a traditional bank routing number — for all global victims to deposit the ransomAttack.Ransom, so it may prove difficult to know who has paid the digital feesAttack.Ransom. This haphazard planning has led many victims to hold off payingAttack.Ransom, at least until they can guarantee they will get their data back . So far , roughly $ 80,000 has been depositedAttack.Ransominto the bitcoin addresses linked to the attackAttack.Ransom, according to Elliptic , a company that tracks online financial transactions involving virtual currencies . F-Secure , a Finnish cybersecurity firm , has confirmed that some of the 200 individuals that it had identified , who had paid the ransomAttack.Ransom, had successfully had their files decrypted . Yet that represented a small fraction of those affected , and the company said it still remained unlikely that people would regain control of their computers if they paid the online feeAttack.Ransom. The tally of ransom paymentsAttack.Ransommay rise ahead of Friday ’ s deadline , but cybersecurity experts say the current numbers — both total ransom money paidAttack.Ransomand machines decrypted — are far short of early estimates forecasting that the digital attack may eventually cost victims hundreds of millions of dollars in combined ransom feesAttack.Ransom. “ I predict this may be an epic failure , ” said Kim Peretti , a former senior litigator in the Department of Justice ’ s computer crime and intellectual property division who now is co-chairwoman of the cybersecurity preparedness and response team at Alston & Bird , an international law firm . “ Because of the publicity of this attack and the public ’ s awareness of people potentially not getting their files back , the figures aren ’ t as high as people had first thought. ” For victims of such attacks , the potential loss of personal or business files can be traumatic . In typical ransomware cases , including the most recent hack , assailants sendAttack.Phishingan encrypted email to potential targets . The message includes a malware attachment that takes over their machines if opened . The attackers then demand paymentAttack.Ransombefore returning control of the computers , often through money paid into bitcoin or other largely untraceable online currencies .
Infamous Necurs botnet seen sendingAttack.Phishingspam emails containing new ransomware to millions of potential victims in just a few hours . A new form of ransomware is indiscriminately targeting millions of PCs , spread by the prolific botnet behind one of the most successful forms of ransomware in the world . The new ransomware is called Jaff and given that it appears to be heavily mimicking tactics of the infamous Locky - the most successful ransomware family of 2016 - it has the potential to become a major nuisance . It 's also brazen in its ransom demandsAttack.Ransom, demandingAttack.Ransomvictims payAttack.Ransom1.79 Bitcoins - currently $ 3,300 - in order to regain access to the infected network and encrypted files . It 's an ambitious ransomAttack.Ransom- most forms of ransomware want a paymentAttack.Ransomof between $ 500 and $ 1000 - but the authors are likely to be aware that many organisations are willing to give in and payAttack.Ransomto avoid losing business-critical files . As noted by cybersecurity researchers at Forcepoint , the Jaff campaignAttack.Ransomsprung to life on May 11 , using the Necurs botnet to sendAttack.Phishingmillions of spam emails emailsAttack.Phishingto targets across the globe in the space of just a few hours . The malicious email itself is sentAttack.Phishingwith a subject line referring to a receipt or to a fake document , with the pattern involving the words PDF , Scan , File , Copy or Document followed by an underscore and a string of at least four numbers - four example , one subject line seen by researchers was 'Copy _293636 ' Attached to this email is a PDF document containing an embedded DOCM file and a malicious Macro script . If this is run , the ransomware payload is executed and Jaff targets and encrypts a wide variety of file extensions , renaming them all to end in .jaff . While the attack might seem basic - especially compared with targeted spear-phising attacksAttack.Phishing- the sheer number of messages sent outAttack.Phishingmeans that even just a tiny percentage of targets open the email , download the attachment and enable the macros , this new ransomware could have a sizeable impact . As with other ransomware attacksAttack.Ransom, the infected victim sees their desktop changed to a ransom note and they 're directed to instructions , telling them their files are encrypted and that they must visit a dark web address in order to payAttack.Ransomto get their files back . It 's this combined with how the ransomware is spread by Necurs - which leads researchers to suggest that there 's a connection between Jaff and Locky : the Jaff decryptor website and the Locky decryptor website look almost identical . Researchers also note that while the code behind Jaff is less sophisticated than Locky , it carries one major similarity - the ransomware will delete itself from the infected machine if the local language is Russian . If the ransomware does not want to target Russian users this might suggest it originate from Russia and the developers do n't want to cause trouble in their own neighbourhood . While researchers ca n't say for certain if Jaff is definitively linked to the gang behind Locky but those behind it have the funding and skills required to carry out a sophisticated campaign . `` What is clear , given the volume of messages sent , is that the actors behind the campaign have expended significant resources on making such a grand entrance , '' said Forcepoint researchers .
Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breachAttack.Databreachfor U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breachesAttack.Databreachcan include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacksAttack.Databreachever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposedAttack.Databreach. A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attackAttack.Ransom— one of many types — cybercriminals can buy specialized tools such as those used to sendAttack.Phishingphishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets throughAttack.Phishingand an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand paymentAttack.Ransom, typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimicAttack.Phishinga real phishing campaignAttack.Phishingthat seeks passwords and personal information . In April , for instance , Northwell sent outAttack.Phishingphishing emails with a tax theme . Hughes collects reports on which employees take the baitAttack.Phishingby user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to beAttack.Phishinga colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaksAttack.Databreachat Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breachedAttack.Databreachthe credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breachAttack.Databreach, which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”
Hacking has long been thought of as a sort of black magic whose incantations are made using keyboards . That is , until 2016 , when the John Podesta email hack made big enough news that hackers ’ dirty secret got out : many breaches have less to do with coding skills and much more to do with classic trickery , albeit in digital form . Web users simply get dupedAttack.Phishinginto entering their username and passwords onto fake websites . With that information , it doesn ’ t take any special cleverness to hack a system . The attacker has the keys . The chief tool hackers use to lureAttack.Phishingunsuspecting people to these phony websites is email . When the victim works at a company of some kind , those credentials might provide cyber-criminals with access to more than just email . The same credentials might also provide access to intranets , servers and sensitive data . Executives are looking hard for ways to protect their operations today without cramping employee productivity . One method many might be looking at is virtual machines , workspaces that run software on the cloud but looks to the user just like a normal desktop . As counter-measures go , muckraking news outlet The Intercept has sung its praises . As it happens , Amazon Web Services announced a new offer on its blog Thursday—40 hours of virtual machinery free to users and companies that might want to try it out . Windows 7 and Windows 10 experiences are available . Working inside a window into the cloud protects physical devices from evil code a user might get tricked into initializing . Called WorkSpaces , it can give staff access to all of a company ’ s data and tools from anywhere . If an employee is working from home and gets hitAttack.Ransomby ransomware , it encrypts everything on the hard drive and demands paymentAttack.Ransomin bitcoin to set data free . If the ransomware got run on the employee ’ s actual machine , all the music , photos and personal documents stored there would be locked up too . On a virtual machine , though , only the virtual device gets hit . All that personal data stays safe . If a user clicks on a link in a malicious email and accepts a prompt to enter their user name and password on a phony website , there is nothing about a virtual machine that will prevent that information from getting lost . That ’ s why it ’ s good for companies to have more robust sign-ons , such as using two-factor authentication . More sophisticated hackers might try to get specific credentials for high level employees in order to impersonate them digitally . For example , an attacker could sendAttack.Phishingan email from an executive ’ s email address , Jakobsson explained , directing bookkeepers to wire money to a specific account for phony services , Jakobsson explained . The FBI has estimated that such scams have cost companies $ 5 billion over the last few years . A virtual machine can ’ t prevent that trick . Carbon Black delivers security services over the crowd , spotting attacks and detecting intruders . “ The majority of leading cybersecurity researchers are not yet ready to give all the power to the machines just yet , ” Rick McElroy , a security strategist there wrote the Observer , via a spokesperson . “ User awareness and education continue to major best practices when it comes to defending against phishing attacksAttack.Phishing. Computers will help , but not yet replace , human decision making. ” Desktop-as-a-service systems like WorkSpaces can turn clunky computers into lean , mean , totally updated machines . They might even be digital Sir Lancelot ’ s , protecting companies ’ IT castles well , but one knight won ’ t be enough—firms will still need a full roundtable .
A flaw in Safari – that allows an attacker to spoofAttack.Phishingwebsites and trickAttack.Phishingvictims into handing over their credentials – has yet to be patchedVulnerability-related.PatchVulnerability. A browser address bar spoofing flaw was foundVulnerability-related.DiscoverVulnerabilityby researchers this week in Safari – and Apple has yet issueVulnerability-related.PatchVulnerabilitya patch for the flaw . Researcher Rafay Baloch on Monday disclosedVulnerability-related.DiscoverVulnerabilitytwo proof-of-concepts revealingVulnerability-related.DiscoverVulnerabilityhow vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fixVulnerability-related.PatchVulnerabilitythe flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addressesVulnerability-related.PatchVulnerabilitythe issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixedVulnerability-related.PatchVulnerabilitythe vulnerability Baloch foundVulnerability-related.DiscoverVulnerabilityin the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory releasedVulnerability-related.PatchVulnerabilityAugust 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoofAttack.Phishingthe website , using it to lureAttack.Phishingin victims and potentially gather credentials or spread malware . For instance , the attacker could sendAttack.Phishingan email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to beAttack.PhishingGmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discoveredVulnerability-related.DiscoverVulnerabilityto have the flaw , said Baloch . Baloch is known for discoveringVulnerability-related.DiscoverVulnerabilitysimilar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosedVulnerability-related.DiscoverVulnerabilityto both Microsoft and Apple and Baloch gave both a 90-day deadline before he went publicVulnerability-related.DiscoverVulnerabilitywith the flaws . Due to the Safari browser bug being unpatchedVulnerability-related.PatchVulnerability, Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .
By 2021 , millions more of us will be doing our banking on smartphones and tablets , researchers say . The number of mobile bank app users is expected to leap 53 % in the next four years . So far , mobile banking has been a pretty secure experience . Mobile app breaches represented less than 3 % of all computer records hacked last year , according to the Identity Theft Research Center , a San Diego tracking firm . But don ’ t get cozy . A veritable flood of consumers is heading for mobile , according to Juniper Research . It predicts over 3 billion people around the world will be banking on mobile by 2021 — quite a lure for hackers who target financial apps . That means more people are likely to fall prey , so bank customers will need to be ready to protect their devices and their bank accounts . Criminals try to access mobile apps in a number of ways . When a mobile app communicates with a financial institution ’ s server over the internet , the app verifies the bank ’ s or credit union ’ s identity by checking its server certificate . With a man-in-the-middle attack , fraudsters will try to “ listen in ” on this network traffic , perhaps by accessing the same public Wi-Fi network as the mobile user , and attempt to sendAttack.Phishinga fake bank server certificate to the mobile app . If the app accepts the fake certificate , it could let the hacker receive the user ’ s personal information . When installed on a mobile device , key logger programs secretly record a person ’ s actions as he or she uses the device . With a banking app , the malicious software could log your account names , numbers and passwords and send them to a hacker . It ’ s been around for years , but this tried and true hack is still popular with criminals , says Doug Johnson , senior vice president of payments and cybersecurity policy at the American Bankers Association . It occurs when a fraudster pretends to beAttack.Phishinga legitimate financial institution that asks a mobile user to submit private bank information . Many phishing attemptsAttack.Phishingbypass mobile apps completely . A hacker could sendAttack.Phishingemails telling people their account is locked and asking them to reply to the message with their account username and password . But the account isn ’ t locked , and the information a person sends would go to the criminal , not the bank .
The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scamsAttack.Phishingthat could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
Prize scams are as old as the hills , but people keep falling for them — sending the fraudsters hundreds , sometimes thousands of dollars to claim their cash , luxury cars or other non-existent prizes . Sweepstakes , lottery and prize scams “ are among the most serious and pervasive frauds operating today , ” according to a new report from the Better Business Bureau . And along with phone calls , letters and email , the crooks are now using text messages , pop-ups and phony Facebook messages to lureAttack.Phishingtheir victims . In fact , social media is now involved in a third of the sweepstakes fraud complaints received by the FBI ’ s Internet Crime Complaint Center ( IC3 ) . “ Scammers are like viruses . They mutate and adapt and find things that work , ” said Steve Baker , former director of the Federal Trade Commission ’ s Midwest region and author of the BBB report . “ The crooks have discovered social media big time and since social media is free to use , they can easily do a whole lot of damage from other countries. ” The BBB study found that : Nearly 500,000 people reported a sweepstakes , lottery or other prize scam to law enforcement agencies in the U.S. and Canada in the last three years . Monetary losses totaled $ 117 million last year . Facebook Messenger Lottery Fraud Scammers are creatingAttack.Phishingbogus websites that look likeAttack.Phishinga legitimate lottery or sweepstakes site . Or they are reaching out to potential victims who don ’ t properly set their privacy settings on social media platforms such as Facebook . The BBB report says Facebook Messenger , the private messaging app , is a favorite way for fraudsters to find victims . They can use Messenger — with or without a Facebook profile — and contact people who are not Facebook friends . In many cases , the bogus message appears to beAttack.Phishingfrom Publishers Clearing House ( PCH ) congratulating you on winning a big prize . To claim that prize , it says , you need to send them money . “ That ’ s a red flag warning , ” said Chris Irving , a PCH assistant vice president . “ If anybody asks you to send money to collect a prize , you know it 's a scam and it 's not from the real Publishers Clearing House . At Publishers Clearing House or any legitimate sweepstakes , the winning is always free — no purchase , no payment , no taxes or customs to pay. ” The crooks also impersonateAttack.PhishingFacebook founder Mark Zuckerberg in some of their phony Messenger messages . “ They postAttack.Phishinga fake profile of Zuckerberg on Facebook , ” Baker said . “ Then they sendAttack.Phishingyou a message through the Facebook messenger system saying : ‘ Hi this is Mark Zuckerberg . I 'm delighted to be able to tell you that you have won the Facebook Lottery and here is the person you need to contact to get the money . ’ ” Take the baitAttack.Phishingand click the link , and you ’ ll be told to send money to claim your winnings . Of course , there is no Facebook Lottery and Zuckerberg is not sending prize notices to anyone . In a recent story on social media scams , the New York Times reported it found 208 accounts that impersonated Zuckerberg or Facebook COO Sheryl Sandberg on Facebook and Instagram . At least 51 of the impostor accounts , including 43 on Instagram , were lottery scams . ( In 2012 , Facebook purchased Instagram for $ 1 billion . ) Facebook says it ’ s working to stop the scammers who use its platform to trickAttack.Phishingpeople out of their money . In March , the company announced it was using new machine learning techniques that helped it detect more than a half-million accounts related to fraudulent activity . “ These ploys are not allowed on Facebook and we 're constantly working to better defend against them , ” said Product Manager Scott Dickens . “ While we block millions of fake accounts at registration every day , we still need to focus on the would-be scammers who manage to create accounts . Our new machine learning models are trained on previously confirmed scams to help detect new ones. ” The company has also posted a warning on how to avoid Facebook scams . The BBB report calls on Facebook and other social media platforms to make “ additional efforts ” to prevent fake profiles and to make it easier for users to contact them about fraud .
Flipkart has recently posted a story to make people aware of fake Flipkart websites . The e-commerce giant on its blog 'Flipkart stories ' said that people need to be beware of email , call , SMS , WhatsApp message or any social media message which claims to beAttack.Phishingoffering unbelievable discounts and offers from Flipkart . Flipkart said : “ Be warned that these messages are not sentAttack.Phishingby official Flipkart channels , but by fraudsters and scammers who intend to deceiveAttack.Phishingyou . If you are not careful , you may be at the receiving end of fraud . Fraudsters intend to make a fast buck by misappropriating the familiarAttack.Phishingand trustworthy name of Flipkart . You are advised not to trust these fraudulent individuals or agencies with your money , or your personal and financial information . Always check with authentic and original Flipkart sources first. ” The content of the fake messages or calls sentAttack.Phishingby the fraudulent may include references to tempting deals , discounts and offers on Flipkart . The fake messages may closely resembleAttack.Phishingthe Flipkart ’ s official logos , typefaces and brand colour while some may also contain the word ‘ Flipkart ’ in the URL . Then how can you catch them ? 1 ) Fake websites : The websites such as ‘ flipkart.dhamaka-offers.com , flipkart-bigbillion-sale.com ’ contain the name of the company in their URL . Such websites pretend to beAttack.Phishingassociated with Flipkart by using similar-looking and similar-sounding names . However , they are not authorised by Flipkart . 2 ) WhatsApp , Facebook Messenger and/or other social messaging platforms : Fraudsters may try to sendAttack.Phishingthe customers messages via social messaging platforms and many have also reported the same . These imposters will ask for your personal details or will be asked to share these fraudulent messages with friends and family members to win prizes . Apart from these customers might also be offered products at ‘ unbelievable ’ prices such as a 32 GB pen drive for Rs 25 . Customers will be asked to make payments via online wallets , bank transfer or other means to avail free gifts . To this , Flipkart has directed the customers to not reply to these messages or click any of the links the fake messages contain without verifying it with the company . “ Flipkart has no connection with these fraudulent senders , and we have no control over any information that you share with them . Any details that you share with these fraudulent senders that impersonate Flipkart can compromise your personal and financial information . Payments once made to these accounts can not be retrieved or reversed , and you may be cheated of your hard-earned money , ” the e-commerce website said . 3 ) Fake Calls or SMS to customers : Sometimes , customers may also receive calls from an unknown number . The may speak in any language such as English , Hindi among others . The person might lureAttack.Phishingcustomers by offering free gifts or by saying that your mobile number has been selected via a lucky draw , etc . To avail these gifts , the imposter will ask you for your personal details and access to bank account numbers among other things . They may also lureAttack.Phishingyou to a website appearing very similar to Flipkart or sendAttack.Phishingyou a fake fabricated certificate . They may also claim to beAttack.PhishingFlipkart employees or partners and may display fake identifiation as proof . “ It is easy to fabricate such documents in order to make you believe that they are genuine . You may also be asked to transfer money to certain digital wallets to claim prizes or gifts . Note that these accounts are not managed by Flipkart , but by fraudsters who want to cheat you , ” Flipkart said . 4 ) Phishing ( Fake Emails ) : PhishingAttack.Phishingis a fraudulent attempt to obtain sensitive information such as usernames , passwords , and credit card details for malicious reasons by disguising asAttack.Phishinga trustworthy entity in an electronic communication . Phishing emails are sentAttack.Phishingby fraudsters . The emails may ask you to visit malicious links through which your personal and/or financial information can be obtained and be used without your consent to carry out fraudulent transactions . You may lose money , personal and sensitive information and your systems — desktop computers , laptops or mobile phones — can get potentially compromised by malware/viruses upon opening or clicking on links in such emails . 5 ) Online games/websites ( discount coupons/gift vouchers/offers/online games ) : Online scams of this type reach out to customers , asking them to play games such as ‘ spin the wheel , ’ which promise free gifts , cash prizes , and other tempting bait . The players are often asked to share the game with their contacts to be able to avail the prize , which , of course , never materializes . 6 ) From Marketplace Sellers : While you may have received an order placed on Flipkart , you may receive a pamphlet or inserts , asking you to make future purchases on some other online shopping site or portal to avail higher discounts . Similarly , sellers/callers posing as sellers may ask you to place an order directly with them and may ask for payment to be made directly . Often , they may ask you to cancel your Flipkart order . Once you agree to any such deal with these fraudulent sellers , Flipkart will not have any control over any information you might share with them . You are at risk of fraud if you accept such offers .
Flipkart has recently posted a story to make people aware of fake Flipkart websites . The e-commerce giant on its blog 'Flipkart stories ' said that people need to be beware of email , call , SMS , WhatsApp message or any social media message which claims to beAttack.Phishingoffering unbelievable discounts and offers from Flipkart . Flipkart said : “ Be warned that these messages are not sentAttack.Phishingby official Flipkart channels , but by fraudsters and scammers who intend to deceiveAttack.Phishingyou . If you are not careful , you may be at the receiving end of fraud . Fraudsters intend to make a fast buck by misappropriating the familiarAttack.Phishingand trustworthy name of Flipkart . You are advised not to trust these fraudulent individuals or agencies with your money , or your personal and financial information . Always check with authentic and original Flipkart sources first. ” The content of the fake messages or calls sentAttack.Phishingby the fraudulent may include references to tempting deals , discounts and offers on Flipkart . The fake messages may closely resembleAttack.Phishingthe Flipkart ’ s official logos , typefaces and brand colour while some may also contain the word ‘ Flipkart ’ in the URL . Then how can you catch them ? 1 ) Fake websites : The websites such as ‘ flipkart.dhamaka-offers.com , flipkart-bigbillion-sale.com ’ contain the name of the company in their URL . Such websites pretend to beAttack.Phishingassociated with Flipkart by using similar-looking and similar-sounding names . However , they are not authorised by Flipkart . 2 ) WhatsApp , Facebook Messenger and/or other social messaging platforms : Fraudsters may try to sendAttack.Phishingthe customers messages via social messaging platforms and many have also reported the same . These imposters will ask for your personal details or will be asked to share these fraudulent messages with friends and family members to win prizes . Apart from these customers might also be offered products at ‘ unbelievable ’ prices such as a 32 GB pen drive for Rs 25 . Customers will be asked to make payments via online wallets , bank transfer or other means to avail free gifts . To this , Flipkart has directed the customers to not reply to these messages or click any of the links the fake messages contain without verifying it with the company . “ Flipkart has no connection with these fraudulent senders , and we have no control over any information that you share with them . Any details that you share with these fraudulent senders that impersonate Flipkart can compromise your personal and financial information . Payments once made to these accounts can not be retrieved or reversed , and you may be cheated of your hard-earned money , ” the e-commerce website said . 3 ) Fake Calls or SMS to customers : Sometimes , customers may also receive calls from an unknown number . The may speak in any language such as English , Hindi among others . The person might lureAttack.Phishingcustomers by offering free gifts or by saying that your mobile number has been selected via a lucky draw , etc . To avail these gifts , the imposter will ask you for your personal details and access to bank account numbers among other things . They may also lureAttack.Phishingyou to a website appearing very similar to Flipkart or sendAttack.Phishingyou a fake fabricated certificate . They may also claim to beAttack.PhishingFlipkart employees or partners and may display fake identifiation as proof . “ It is easy to fabricate such documents in order to make you believe that they are genuine . You may also be asked to transfer money to certain digital wallets to claim prizes or gifts . Note that these accounts are not managed by Flipkart , but by fraudsters who want to cheat you , ” Flipkart said . 4 ) Phishing ( Fake Emails ) : PhishingAttack.Phishingis a fraudulent attempt to obtain sensitive information such as usernames , passwords , and credit card details for malicious reasons by disguising asAttack.Phishinga trustworthy entity in an electronic communication . Phishing emails are sentAttack.Phishingby fraudsters . The emails may ask you to visit malicious links through which your personal and/or financial information can be obtained and be used without your consent to carry out fraudulent transactions . You may lose money , personal and sensitive information and your systems — desktop computers , laptops or mobile phones — can get potentially compromised by malware/viruses upon opening or clicking on links in such emails . 5 ) Online games/websites ( discount coupons/gift vouchers/offers/online games ) : Online scams of this type reach out to customers , asking them to play games such as ‘ spin the wheel , ’ which promise free gifts , cash prizes , and other tempting bait . The players are often asked to share the game with their contacts to be able to avail the prize , which , of course , never materializes . 6 ) From Marketplace Sellers : While you may have received an order placed on Flipkart , you may receive a pamphlet or inserts , asking you to make future purchases on some other online shopping site or portal to avail higher discounts . Similarly , sellers/callers posing as sellers may ask you to place an order directly with them and may ask for payment to be made directly . Often , they may ask you to cancel your Flipkart order . Once you agree to any such deal with these fraudulent sellers , Flipkart will not have any control over any information you might share with them . You are at risk of fraud if you accept such offers .
It ’ s tax season , and that means con artists and scammers are out in full force trying to capitalize on people ’ s financial anxieties . The IRS puts out strong warnings each year—often republishing its “ ’ Dirty Dozen ’ list of tax scams ” several times between January and April . This year , phishing schemesAttack.Phishing—in which scammers sendAttack.Phishingemails pretending to beAttack.Phishingfrom the IRS in order to trickAttack.Phishingpeople into divulging sensitive information—topped the list . “ We urge taxpayers to watch out for these tricky and dangerous schemes , ” acting IRS Commissioner David Kautter said in a March 5 warning to consumers . “ PhishingAttack.Phishingand other scams on the ‘ Dirty Dozen ’ list can trapAttack.Phishingunsuspecting taxpayers . Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data. ” Threat researchers at Zscaler published a blog on March 15 outlining four new phishing schemesAttack.Phishingthey identified during this tax season , most of which used fake IRS websites to steal taxpayers ’ information . “ Cybercriminals have long used social engineering and phishing techniques to lureAttack.Phishingunsuspecting users into giving away private information , ” the researchers wrote . “ They track current trends and events to make their attacks more effective , and tax season offers a rich opportunity for attackers to disguise themselves asAttack.Phishingwell-known brands and even government agencies in an effort to exploit users. ” This tendency is on display with the “ chalbhai ” phishing attackAttack.Phishing, which uses a spoof of an outdated IRS form to trickAttack.Phishingusers into giving up their tax identification information , which can then be used to file false returns . While studying this campaign , researchers noticed the term “ chalbhai ” used in the source code . “ We have typically seen this tag associated with phishing pages that look likeAttack.PhishingMicrosoft Office 365 , Apple ID , Dropbox or DocuSign , ” Zscaler wrote . “ This is a good example of criminals adapting their phishing content to reflect current trends , ” i.e. , tax season . Another similar scheme directed users to a fake IRS page for unlocking expired passwords . Researchers noted this campaign was particularly tricky , as users were redirectedAttack.Phishingto a legitimate IRS page after giving up their information . “ With this page , ” they wrote , “ the attacker is attempting to prevent user suspicion by redirecting the user from this phishing page to a legitimate e-policy statement hosted on the actual IRS page… At this point , the victims believe they have completed the account unlock process and they proceed to log in on the legitimate page unaware that their information has been stolen. ” Researchers also found similar tactics used to get taxpayers ’ logins for tax preparer sites like TurboTax . In a fourth example , Zscaler researchers found an encrypted phishing page designed to mask their ill-intent from security measures . After a user downloads the page , it is decrypted within the browser , skirting some security checks . In all these examples , users could have avoided the scam by double-checking the URL in the browser , which all included additional characters before the .gov domain , indicating users were not actually at an official IRS site .
Microsoft releasedVulnerability-related.PatchVulnerabilitya security update designed to patchVulnerability-related.PatchVulnerabilityremote code execution ( RCE ) and information disclosure vulnerabilities in its Microsoft Exchange Server 2019 , 2016 , and 2013 products . The RCE security issue is being tracked asVulnerability-related.DiscoverVulnerabilityCVE-2019-0586 and according to Microsoft 's advisory it exists because `` the software fails to properly handle objects in memory . '' Attackers can run code as System user Following a successful attack of a vulnerable Microsoft Exchange Server installations , potential attackers would be able to take advantage of System user permissions . An attacker who successfully exploitedVulnerability-related.DiscoverVulnerabilitythe vulnerability could run arbitrary code in the context of the System user . An attacker could then install programs ; view , change , or delete data ; or create new accounts . In order to exploit the CVE-2019-0586 vulnerability , attackers have to sendAttack.Phishingmaliciously crafter emails to a vulnerable Exchange server . The issue has been addressedVulnerability-related.PatchVulnerabilityby changing the way Microsoft Exchange handles objects in memory . The information disclosure Microsoft Exchange Server vulnerability was assignedVulnerability-related.DiscoverVulnerabilitythe CVE-2019-0588 tracking id and it is caused by the way Microsoft Exchange 's `` PowerShell API grants calendar contributors more view permissions than intended . '' To exploit this vulnerability , an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell . The attacker would then be able to view additional details about the calendar that would normally be hidden . The CVE-2019-0588 , security vulnerability was fixedVulnerability-related.PatchVulnerabilityby correcting the way Exchange 's PowerShell API grants permissions to contributors . Microsoft rated the two vulnerabilities as 'Important ' Microsoft assigned an Important severity level to both security issues and , until their public disclosure , no mitigation factors or workarounds have been found . On servers that are using user account control ( UAC ) the update may fail to install if the update packages are run without Administrator privileges .
Criminals are attempting to trickAttack.Phishingconsumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .
Criminals are attempting to trickAttack.Phishingconsumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .
Last December the US Intelligence Community ( IC ) released a report naming APT28 , a suspected Russian hacking group , as being linked to numerous cyberattacks designed to influence the outcome of the 2016 presidential election with a mixture of leaks and misinformation . Highlighting Russian `` malicious cyber activity '' the IC 's analysis reported on this `` advanced persistent threat '' by confirming it was likely linked to the county 's military or intelligence services . The hackers go by many names : Fancy Bear , Pawn Storm , Sofacy , Sednit , Tsar Team and more . The group – after targeting the Democratic National Committee ( DNC ) , the World Anti-Doping Agency ( Wada ) and the German government – is the focus of a new report from US-based cybersecurity firm FireEye , discussing the key hacking techniques it uses . `` We have observed APT28 rely on four key tactics when attempting to compromise intended targets , '' the report states . These include the use of spearphishingAttack.Phishingto deploy exploit kits , the spreading of malware , compromising web-facing servers and creating fake internet addresses . Some of the tactics are straightforward , but work . In one hypothetical case , a hacker would craftAttack.Phishingan exploit document with `` enticing lure content '' and sendAttack.Phishingit to a carefully chosen victim . Once the document is opened , malware is automatically installed by exploiting a vulnerability in computer software . According to FireEye , APT28 has exploitedVulnerability-related.DiscoverVulnerabilitya number of known security flaws in the past including previously undiscovered `` zero day '' vulnerabilities in Adobe Flash Player , Java , and Windows . The hackers then contactAttack.Phishingtargets saying they need to reset passwords , lead the victim to a malicious login page and hijack passwords . `` APT28 employs a suite of malware with features indicative of the group 's plans for continued operations , as well as the group 's access to resources and skilled developers , '' the report states . After information is stolenAttack.Databreach, FireEye explains , the hacking group will often leak it to `` further political narratives '' . These reportedly include the conflict in Syria , Nato , the European Union refugee crisis and the 2016 Olympics and Paralympics athlete doping scandal . In agreement with the US government , the security firm believes the hacking group conducts its operations `` in support of Russian strategic interests '' and is made up of a `` sophisticated and prolific set of developers and operators '' . This is denied by Russian president , Vladimir Putin . `` The recent activity in the US is but one of many instances of Russian government influence operations conducted in support of strategic political objectives , and it will not be the last , '' the report states . `` As the 2017 elections in Europe approach - most notably in Germany , France , and the Netherlands – we are already seeing the makings of similarly concerted efforts . '' The research paper adds another layer to the already-impressive body of work released by organisations including ThreatConnect , Crowdstrike , SecureWorks and Fidelis Cybersecurity . The firms , while less open to attributing with utmost certainty , continue to link APT28 with Putin 's state . `` We stand by our research that the attack data we were given to analyse mirrors previous attacks of APT28 , '' John Bambenek , threat intelligence manager at Fidelis told IBTimes UK . `` The malware and the tactics we can speak with expertise on . What we can not answer is what the intent of those actors were and at whose direction they were acting , as we do not have direct intelligence on those subjects nor are we in a position to get them . '' Tom Finney , a counter threat researcher from SecureWorks , said : `` We 've been able to link this activity to Russia because of the wider targeting seen in this campaign . `` The majority of the activity appears to focus on Russia 's military involvement in eastern Ukraine ; for example , the email address targeted by the most phishing attemptsAttack.Phishing( nine ) was linked to a spokesperson for the Ukrainian prime minister . `` Other targets included individuals in political , military , and diplomatic positions in former Soviet states , as well as journalists , human rights organisations and regional advocacy groups in Russia .
When it comes to phishing scamsAttack.Phishing, the general concept is that cyber criminals will only sendAttack.Phishinga link to trickAttack.Phishingusers into logging in with their social media or email credentials . But since that is an old school trick , the malicious threat actors are aiming at much more than your Facebook or Gmail password . Recently , we discovered a sophisticated phishing campaignAttack.Phishingtargeting Apple users . The aim of this attackAttack.Databreachis to stealAttack.Databreachtheir Apple ID , credit card data , a government issued ID card , and or passport . That ’ s not all , the scam also asks users to provide it with access to their device webcam to take their snap for verification purposes . It all starts with users receivingAttack.Phishingan email in which the sender poses asAttack.Phishingone of the officials from Apple Inc . The email alerts the user that their iCloud account is on hold because of an unusual sign in activity through an unknown browser and in case they didn ’ t log in from the device mentioned in the email they need to click on a link to change the password . Those who understand how phishing scamsAttack.Phishingwork will know how to ignore it , but unsuspecting users may fall for it and be trickedAttack.Phishinginto clicking the link and giving away their personal and financial information . Upon clicking the link users are takenAttack.Phishingto the phishing page which looks exactly likeAttack.Phishingthe official Apple ID login page . The users then are then asked to enter their Apple ID and its password to proceed . Once the users are logged in , they are taken to another page which asks users for their credit card details including cardholder name , card number , expiration date , CVV code and ED secure password . Upon giving this info , the users are asked to click the next tab . Remember by now the scammers have got your Apple ID login credentials and credit card information . Because criminals will remain criminals , the more you feed them the more they will ask for . Once the “ next ” tab is clicked , users are invited to enter their personal information including full name , date of birth , country , state , city , address , Zip code and phone number . This is done to use user information for further scams like identity theft and social engineering frauds . Once your personal information is handed over to the criminals , the page asks users to click the “ finish ” tab , but they aren ’ t done yet . Upon clicking the Finish tab users are taken to another page asking them to upload their password , a government issued identity card or the driver license – both sides . The users can click skip to avoid uploading their government issued documents but then they need to allow the website to access their device ’ s camera and microphone to take a snap of them . The users can also click the “ Skip ” tab , and the page will redirect them to the official Apple ID website . Good news is that Google Chrome has already detected the scam and marked the phishing domain as “ Deceptive. ” However , the bad news is that Firefox , Opera , and Safari browsers didn ’ t show any warning messages to their users therefore if you are using these browsers be vigilant .
Leading French presidential candidate Emmanuel Macron ’ s campaign said on Friday it had been the target of a “ massive ” computer hackAttack.Databreachthat dumpedAttack.Databreachits campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival , Marine Le Pen . Macron , who is seen as the frontrunner in an election billed as the most important in France in decades , extended his lead over Le Pen in polls on Friday . As much as 9 gigabytes of data were posted on a profile called EMLEAKS to Pastebin , a site that allows anonymous document sharing . It was not immediately clear who was responsible for posting the data or if any of it was genuine . In a statement , Macron ’ s political movement En Marche ! ( Onwards ! ) confirmed that it had been hacked . “ The En Marche Movement has been the victim of a massive and co-ordinated hackAttack.Databreachthis evening which has given rise to the diffusion on social media of various internal information , ” the statement said . An interior ministry official declined to comment , citing French rules that forbid any commentary liable to influence an election , which took effect at midnight on Friday ( 2200 GMT ) . The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron ’ s campaign informed it about the hackAttack.Databreachand publishing of the data . Former economy minister Macron ’ s campaign has previously complained about attempts to hackAttack.Databreachits emails , blaming Russian interests in part for the cyber attacksAttack.Databreach. On April 26 , the team said it had been the target of a attempts to stealAttack.Databreachemail credentials dating back to January , but that the perpetrators had failed to compromiseAttack.Databreachany campaign data . The Kremlin has denied it was behind any such attacks , even though Macron ’ s camp renewed complaints against Russian media and a hackers ’ group operating in Ukraine . Vitali Kremez , director of research with New York-based cyber intelligence firm Flashpoint , told Reuters his review indicates that APT 28 , a group tied to the GRU , the Russian military intelligence directorate , was behind the leak . He cited similarities with U.S. election hacks that have been previously attributed to that group . APT28 last month registered decoyAttack.Phishinginternet addresses to mimicAttack.Phishingthe name of En Marche , which it likely used sendAttack.Phishingtainted emails to hack into the campaign ’ s computers , Kremez said . Those domains include onedrive-en-marche.fr and mail-en-marche.fr . “ If indeed driven by Moscow , this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election , expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome , ” Kremez said . France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking . En Marche said the documents only showed the normal functioning of a presidential campaign , but that authentic documents had been mixed on social media with fake ones to sow “ doubt and misinformation ” . Ben Nimmo , a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank , said initial analysis indicated that a group of U.S. far-right online activists were behind early efforts to spread the documents via social media . They were later picked up and promoted by core social media supporters of Le Pen in France , Nimmo said . The leaks emerged on 4chan , a discussion forum popular with far right activists in the United States . An anonymous poster provided links to the documents on Pastebin , saying , “ This was passed on to me today so now I am giving it to you , the people . ”
Yesterday we wrote about a “ Google Docs ” phishing campaignAttack.Phishingthat aimed to trickAttack.Phishingyou into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam outAttack.Phishinganother wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to sendAttack.Phishingout another wave of emails , and another , and so on . Technically , that made it more than just a “ phishAttack.Phishing” , which we ’ ll define very loosely here as an email that aims to trickAttack.Phishing, coerce or cajoleAttack.Phishingyou into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phishAttack.Phishingis an email that tells you that you have lost money to fraudAttack.Phishing, or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishingAttack.Phishingis generally understood much more broadly , describing any sort of misdirectionAttack.Phishingthat gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phishAttack.Phishingfor access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .
Microsoft ’ s security team had a busy weekend . On Friday night , security researcher Tavis Ormandy of Google ’ s Project Zero announcedVulnerability-related.DiscoverVulnerabilityon Twitter that he had foundVulnerability-related.DiscoverVulnerabilitya Windows bug . Well , not just any bug . It was “ crazy bad , ” Ormandy wrote . “ The worst Windows remote code exec in recent memory. ” By Monday night , Microsoft had releasedVulnerability-related.PatchVulnerabilityan emergency patch , along with details of what the vulnerability entailed . And yes , it was every bit as scary as advertised . That ’ s not only because of the extent of the damage hackers could have done , or the range of devices the bug affectedVulnerability-related.DiscoverVulnerability. It ’ s because the bug 's fundamental nature underscores the vulnerabilities inherent in the very features meant to keep our devices safe . What made this particular bug so insidious was that it would have allowed hackers to target Windows Defender , an antivirus system that Microsoft builds directly into its operating system . That means two things : First , that it impacted the billion-plus devices that have Windows Defender installed . ( Specifically , it took advantage of the Microsoft Malware Protection Engine that underpins several of the company ’ s software security products . ) Second , that it leveraged that program ’ s expansive permissions to enable general havoc , without physical access to the device or the user taking any action at all . “ This was , in fact , crazy bad , ” says Core Security systems engineer Bobby Kuzma , echoing Ormandy ’ s original assessment . As Google engineers noteVulnerability-related.DiscoverVulnerabilityin a report on the bug , to pull off the attack a hacker would have only had to sendAttack.Phishinga specialized email or trickAttack.Phishinga user into visiting a malicious website , or otherwise sneak an illicit file onto a device . This also isn ’ t just a case of clicking the wrong link ; because Microsoft ’ s antivirus protection automatically inspects every incoming file , including unopened email attachments , all it takes to fall victim is an inbox . “ The moment [ the file ] hits the system , the Microsoft malware protection intercepts it and scans it to make sure it ’ s ‘ safe , ’ ” says Kuzma . That scan triggers the exploit , which in turn enables remote code execution that enables a total machine takeover . “ As soon as it ’ s there , the malware protection will take it up and give it root access. ” It ’ s scary stuff , though tempered by Microsoft ’ s quick action and the fact that Ormandy appears to have foundVulnerability-related.DiscoverVulnerabilitythe bug before bad actors did . And because Microsoft issuesVulnerability-related.PatchVulnerabilityautomatic updates for its malware protection , most users should be fully protected soon , if not already . It should still serve as an object lesson , though , in the risks that come with antivirus software that has tendrils in every part of your system . It ’ s a scary world out there , and antivirus generally helps make it less so . To do its job correctly , though , it needs unprecedented access to your computer—meaning that if it falters , it can take your entire system down with it . “ There is a raging debate about antivirus in some circles , stating that it can be used as a springboard to infect users , ” says Jérôme Segura , lead malware intelligence analyst with Malwarebytes . “ The fact of the matter is that security software is not immune to flaws , just like any other program , but there is no denying the irony when an antivirus could be leveraged to infect users instead of protecting them. ” Irony and , well , damage . A year ago , Google ’ s Ormandy foundVulnerability-related.DiscoverVulnerabilitycritical vulnerabilities that affectedVulnerability-related.DiscoverVulnerabilityno fewer than 17 Symantec antivirus products . He ’ s found similar in offerings from security vendors like FireEye , McAfee , and more . And more recently , researchers discoveredVulnerability-related.DiscoverVulnerabilityan attack called “ DoubleAgent , ” which turned Microsoft ’ s Application Verifier tool into a malware entry point . “ Because of what they do , AV products are really complex and have to touch a lot of things that are untrusted , ” says Kuzma . “ This is the kind of vulnerability we ’ ve seen time and again. ” There ’ s also no real solution ; it ’ s not easy to weigh the protections versus the risks . The best you can hope for , really , is what Ormandy and Microsoft demonstrated during the last few days : That someone catches the mistakes before the bad guys do , and that the fixes come fast and easy .
Since last year ’ s revelation that attackers have compromised SWIFT software of Bangladesh ’ s central bank and usedAttack.Phishingit to perform fraudulent transfers worth tens of millions , news about similar attacks – both successful and not – have become a regular occurrence . Attackers usually use banks ’ compromised SWIFT system to sendAttack.Phishinginformation about fraudulent financial transactions , but in attacksAttack.Phishingaimed at three government-owned banks in India , they chose to create fake trade documents such as letters of credit and guarantees . A letter of credit allows the sellers to be sure that they will get paid once they prove that the sold goods have been provided , as the buyer ’ s bank – the institution that issued the letter of credit – is obliged to release the money , even if the buyer is unable to make payment . Bank guarantees are documents that guarantee that the bank will release an agreed-upon sum either to the seller or the buyer in case the other party ultimately can ’ t provide the goods or the cash . A source close to the investigation told Economic Times that there have been no monetary losses or ransom demands as of yet . He or she posits that the hackers were planningAttack.Phishingto use the forged documents to get cash from offshore banks or carry out trade of prohibited or illegal commodities . It ’ s still unknown how the compromises were effected , and it ’ s possible that other Indian banks have been hit as well . The Reserve Bank of India has been notified of the breaches , and it has directed several banks to check whether the trade documents they sent via SWIFT have a match in their core banking system
DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacksAttack.Phishingtargeting its customers and users was the result of a data breachAttack.Databreachat one of its computer systems . The company stresses that the data stolenAttack.Databreachwas limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was trackingAttack.Phishinga malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent fromAttack.Phishinga malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to sendAttack.Phishingthe messages to customers and users because it had broken in and stolenAttack.DatabreachDocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary accessAttack.Databreachto a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessedAttack.Databreach; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessedAttack.Databreach. No content or any customer documents sent through DocuSign ’ s eSignature system was accessedAttack.Databreach; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks likeAttack.Phishingit ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stoleAttack.Databreachthe company ’ s customer email list are going to be putting it to nefarious use for some time to come .
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.
The bad guys sendAttack.Phishingalong a URL , since removed , that perfectly mirrorsAttack.Phishingthe real Australian site with the email requesting the person verify their identity , according to Malwarebytes . Once on the fake landing page the victim is asked to input their login credentials , then the crooks take the unusual , and nervy , step of asking for many different pieces of information . Malwarebytes said the fake site asks for a high-resolution image , front and back , of the person 's driver 's license , passport be uploaded . But the bad guys are not satisfied even with this gift , they then ask for the victim to link their banking account with the site and supply account numbers , mother 's maiden name , phone number and telephone passcode . An SMS text is then sent to the person 's phone to “ confirm ” that everything is legitimate