Following the news that a Lithuanian man had been charged over an email phishing scam attack Attack.Phishing against `` two US-based internet companies '' whose identities were not disclosed , it has been recently confirmed that the two companies involved were actually tech giants Google and Facebook . In a report published April 27 , Fortune disclosed the identities of both companies . The companies had been tricked Attack.Phishing into wiring over US $ 100 million to the alleged scammer ’ s bank accounts . Evaldas Rimasauskas , 48 , purportedly posed as Attack.Phishing an Asia-based manufacturer and deceived Attack.Phishing the two companies from at least 2013 to 2015 . `` Fraudulent phishing emails were sent to Attack.Phishing employees and agents of the victim companies , which regularly conducted multimillion-dollar transactions with [ the Asian ] company , '' the US Department of Justice ( DOJ ) said . The DOJ alleged that emails supposedly from the employees of said Asian manufacturer were sent from Attack.Phishing email accounts designed to look like Attack.Phishing they were actually from the firm . Rimasauskas was charged by the DOJ in March of sending Attack.Phishing the forged emails , as well as for fabricating invoices , contracts and letters `` that falsely appeared Attack.Phishing to have been executed and signed by executives and agents of the victim companies . '' `` We detected this fraud against our vendor management team and promptly alerted the authorities , '' a spokesperson for Google said in a statement . `` We recouped the funds and we 're pleased this matter is resolved . '' `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation , '' a representative from Facebook said . The BBC reported that neither Google nor Facebook revealed how much money they had transferred , or how much they recouped following the incident . While the two companies have advanced cybersecurity measures in place , the phishing attacks Attack.Phishing targeted individuals through their emails — attacks that could have been avoided through proper verification of dubious payment requests . `` Sometimes staff [ at large firms ] think that they are defended , that security is n't part of their job , '' James Maude of cyber-security firm Avecto told the BBC . `` But people are part of the best security you can have — that 's why you have to train them . ''

Infamous Necurs botnet seen sending Attack.Phishing spam emails containing new ransomware to millions of potential victims in just a few hours . A new form of ransomware is indiscriminately targeting millions of PCs , spread by the prolific botnet behind one of the most successful forms of ransomware in the world . The new ransomware is called Jaff and given that it appears to be heavily mimicking tactics of the infamous Locky - the most successful ransomware family of 2016 - it has the potential to become a major nuisance . It 's also brazen in its ransom demands Attack.Ransom , demanding Attack.Ransom victims pay Attack.Ransom 1.79 Bitcoins - currently $ 3,300 - in order to regain access to the infected network and encrypted files . It 's an ambitious ransom Attack.Ransom - most forms of ransomware want a payment Attack.Ransom of between $ 500 and $ 1000 - but the authors are likely to be aware that many organisations are willing to give in and pay Attack.Ransom to avoid losing business-critical files . As noted by cybersecurity researchers at Forcepoint , the Jaff campaign Attack.Ransom sprung to life on May 11 , using the Necurs botnet to send Attack.Phishing millions of spam emails emails Attack.Phishing to targets across the globe in the space of just a few hours . The malicious email itself is sent Attack.Phishing with a subject line referring to a receipt or to a fake document , with the pattern involving the words PDF , Scan , File , Copy or Document followed by an underscore and a string of at least four numbers - four example , one subject line seen by researchers was 'Copy _293636 ' Attached to this email is a PDF document containing an embedded DOCM file and a malicious Macro script . If this is run , the ransomware payload is executed and Jaff targets and encrypts a wide variety of file extensions , renaming them all to end in .jaff . While the attack might seem basic - especially compared with targeted spear-phising attacks Attack.Phishing - the sheer number of messages sent out Attack.Phishing means that even just a tiny percentage of targets open the email , download the attachment and enable the macros , this new ransomware could have a sizeable impact . As with other ransomware attacks Attack.Ransom , the infected victim sees their desktop changed to a ransom note and they 're directed to instructions , telling them their files are encrypted and that they must visit a dark web address in order to pay Attack.Ransom to get their files back . It 's this combined with how the ransomware is spread by Necurs - which leads researchers to suggest that there 's a connection between Jaff and Locky : the Jaff decryptor website and the Locky decryptor website look almost identical . Researchers also note that while the code behind Jaff is less sophisticated than Locky , it carries one major similarity - the ransomware will delete itself from the infected machine if the local language is Russian . If the ransomware does not want to target Russian users this might suggest it originate from Russia and the developers do n't want to cause trouble in their own neighbourhood . While researchers ca n't say for certain if Jaff is definitively linked to the gang behind Locky but those behind it have the funding and skills required to carry out a sophisticated campaign . `` What is clear , given the volume of messages sent , is that the actors behind the campaign have expended significant resources on making such a grand entrance , '' said Forcepoint researchers .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Microsoft has issued Vulnerability-related.PatchVulnerability an emergency , out-of-band patch for an Internet Explorer zero-day that was being actively exploited Vulnerability-related.DiscoverVulnerability in targeted attacks . The company says that it learned about the vulnerability through a report from Google . CVE-2018-8653 affects Vulnerability-related.DiscoverVulnerability a range of versions of Internet Explorer from 9 to 11 , across Windows 7 to 10 and Windows Server . The vulnerability amounts to a remote code execution exploit , and it was first spotted Vulnerability-related.DiscoverVulnerability by Google 's Threat Analysis Group . Microsoft explains Vulnerability-related.DiscoverVulnerability that a problem with Internet Explorer 's scripting engine could be exploited Vulnerability-related.DiscoverVulnerability by an attacker to execute arbitrary code on a victim 's computer . In a short security advisory , the company says : Today , we released Vulnerability-related.PatchVulnerability a security update for Internet Explorer after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Customers who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates , are protected automatically . We encourage customers to turn on automatic updates . Microsoft would like to thank Google for their assistance . In a more detailed security vulnerability posting , Microsoft explains the impact of the problem : A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designed Attack.Phishing to exploit the vulnerability through Internet Explorer and then convince Attack.Phishing a user to view the website , for example , by sending Attack.Phishing an email . The security update addresses Vulnerability-related.PatchVulnerability the vulnerability by modifying Vulnerability-related.PatchVulnerability how the scripting engine handles objects in memory .

As thousands of freshmen move into their dorms for the first time , there are plenty of thoughts rushing through their minds : their first time away from home , what cringey nickname they 're gon na try to make a thing , if there are any parties before orientation kicks off . One thing that probably is n't on their minds is whether they 're going to get hacked . But that 's all Carnegie Mellon University 's IT department thinks about . Back-to-school season means hordes of vulnerable computers arriving on campus . The beginning of the semester is the most vulnerable time for a campus network , and every year , with new students coming in , schools have to make sure everything runs smoothly . Carnegie Mellon 's network gets hit with 1,000 attacks a minute -- and that 's on a normal day . Cybersecurity is an increasingly important aspect of our everyday lives , with technology playing a massive role in nearly everything we do . Universities have been vulnerable to attacks Attack.Databreach in the past , with cybercriminals stealing Attack.Databreach student and faculty databases and hackers vandalizing university websites . Students are often targets for hackers , even before they 're officially enrolled . Considering how much money flows into a university from tuition costs , along with paying for room and board , criminals are looking to cash in on weak campus cybersecurity . A bonus for hackers : Admissions offices often hold data with private information like student Social Security numbers and addresses , as well as their families ' data from financial aid applications . Phishing Attack.Phishing happens when hackers steal Attack.Databreach your passwords by sending Attack.Phishing you links to fake websites that look like Attack.Phishing the real deal . It 's how Russians hacked the Democratic National Committee during the presidential election , and it 's a popular attack to use on universities as well . The latest warning , sent Monday , called out malware hidden in a document pretending to be Attack.Phishing from Syracuse University 's chancellor . Digging through my old emails , I found about 20 phishing Attack.Phishing warnings that had gone out during the four years I 'd been there . Syracuse declined to comment on phishing attacks Attack.Phishing against the school , but in a 2016 blog post , it said the attacks were `` getting more frequent , cunning and malicious . '' The school is not alone . Duo Security , which protects more than 400 campuses , found that 70 percent of universities in the UK have fallen victim to phishing attacks Attack.Phishing . Syracuse , which uses Duo Security , fights phishing attacks Attack.Phishing with two-factor authentication , which requires a second form of identity verification , like a code sent to your phone . But it just rolled out the feature last year . Kendra Cooley , a security analyst at Duo Security , pointed out that students are more likely to fall for phishing attacks Attack.Phishing because they have n't been exposed to them as frequently as working adults have . Also , cybercriminals know how to target young minds . `` You see a lot of click-bait phishing messages like celebrity gossip or free travel , '' Cooley said . All students at Carnegie Mellon are required to take a tech literacy course , in which cybersecurity is a focus , said Mary Ann Blair , the school 's chief information security officer . The school also runs monthly phishing campaigns Attack.Phishing : If a student or faculty member falls Attack.Phishing for the friendly trap Attack.Phishing , they 're redirected to a training opportunity . When your network is being hit with at least two phishing attempts Attack.Phishing a day , Blair said , it 's a crucial precaution to keep students on guard . `` It 's just constantly jiggling the doorknobs to see if they 're unlocked , '' Blair said . `` A lot of it is automated attacks . '' It 's not just the thousands of new students that have university IT departments bracing for impact , it 's also their gadgets . `` All these kids are coming on campus , and you do n't know the security level of their devices , and you ca n't manage it , because it 's theirs , '' said Dennis Borin , a senior solutions architect at security company EfficientIP . A lot of university IT teams have their hands tied because they ca n't individually go to every student and scan all their computers . Borin 's company protects up to 75 campuses across the United States , and it 's always crunch time at the beginning of the semester . `` If I was on campus , I would n't let anybody touch my device , '' Borin said . `` So if somebody has malware on their device , how do you protect against an issue like that ? '' Instead of going through every single student , Borin said , his company just casts a wide net over the web traffic . If there 's any suspicious activity coming from a specific device , they 're able to send warnings to the student and kick him or her off the network when necessary . Keeping school networks safe is important for ensuring student life runs smoothly . A university that had only two people on its team reached out to EfficientIP after it suffered an attack . All of the school 's web services were down for an entire week while recovering from the attack , Borin said . Scam artists love to take advantage of timing , and the back-to-school season is a great opportunity for them . There was an influx of fake ransomware protection apps when WannaCry hit Attack.Ransom , as well as a spike in phony Pokemon Go apps stuffed with malware during the height of the game 's popularity . If there 's a massive event going on , you can bet people are flooding the market with phony apps to trick Attack.Phishing victims into downloading viruses . A quick search for `` back to school apps '' in August found 1,182 apps that were blacklisted for containing malware or spyware , according to security firm RiskIQ . Researchers from the company scanned 120 mobile app stores , including the Google Play store , which had more than 300 blacklisted apps . They found apps for back-to-school tools ; themes and wallpapers for your device ; and some apps that promised to help you `` cheat on your exams . '' Though most of the blacklisted apps are poorly made games , others pretend to help you be a better student . Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts , Risk IQ said . For any educational apps , like Blackboard Learn , you should always check the sources and look for the official versions . New students coming to school have enough to worry about . Let 's hope a crash course in cybersecurity is enough to ensure they make it to graduation without getting hit by hacks .

Microsoft has seen Vulnerability-related.DiscoverVulnerability its share of issues as of late , and now a seemingly simple patch is causing serious issues to certain laptops running the 2016 Anniversary Update . The update was originally released Vulnerability-related.PatchVulnerability to prevent a zero-day attack on IE . Per Microsoft , this was the issue being fixed Vulnerability-related.PatchVulnerability : A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designed Attack.Phishing to exploit the vulnerability through Internet Explorer and then convince Attack.Phishing a user to view the website , for example , by sending Attack.Phishing an email . The security update addresses Vulnerability-related.PatchVulnerability the vulnerability by modifying how the scripting engine handles objects in memory . But now that fix is causing a pretty big problem of its own : it ’ s preventing certain laptops from booting . The affected machines are part of a pretty small bunch—only Lenovo laptops with less than 8 GB of RAM running the 2016 Anniversary Update ( 1607 ) —but it ’ s still a pretty bad problem to have . Fortunately , there ’ s a way to bypass the failed boot by restarting into the UEFI and disabling Secure Boot . It ’ s also noted that if BitLocker is enabled that you may have to go through BitLocker recovery after disabling Secure Boot . On the upside , Microsoft is working with Lenovo to correct Vulnerability-related.PatchVulnerability the issue and will release Vulnerability-related.PatchVulnerability a fix sometime in the future . I just wouldn ’ t count on it before the end of the year . Until then , be careful when updating devices , especially if they happen to be Lenovo laptops with limited RAM .

A phishing campaign Attack.Phishing is targeting customers of every major UK bank , with cybercriminals posing as Attack.Phishing customer support staff on Twitter in an attempt to steal users ' online banking credentials . Easy to carry out but difficult to defend against , phishing Attack.Phishing is an increasingly popular weapon of choice for hackers . That 's because , with an authentic-looking fake website , they can just sit back and scoop up Attack.Databreach data as victims unwittingly hand over their usernames and passwords . Phishing Attack.Phishing often relies on cybercriminals sending Attack.Phishing tailored emails to potential victims in an effort to lure Attack.Phishing them into giving up credentials or installing malware . However , cybersecurity researchers at Proofpoint have uncovered an Angler phishing campaign Attack.Phishing which , rather than being tailored Attack.Phishing to specific users , takes advantage of how they can often be careless on social media -- specifically Twitter . In this instance , cybercriminals monitor Twitter for users approaching genuine support accounts for banks , and attempt to hijack the conversation with a fake support page . This sort of phishing attack Attack.Phishing is unlikely to provide cybercriminals with the big score they 'd hit if they targeted a corporate network , but it does enable the easy theft of credentials and small amounts of money -- and repeated success could become lucrative , and also provide criminals with access Attack.Databreach to other types of data which can be used to commit fraud . `` In many of the examples we 've seen , the hacker is not just collecting Attack.Databreach banking credentials . They also look for information like ATM Pin , Credit/Debit card numbers , security questions and answers , and even social security numbers . With this information , they can circumvent some security measures , make purchases/withdrawals without online access , or create entirely new bogus accounts using the customer 's information , '' says Celeste Kinswood at Proofpoint . Fortunately , there are some simple things users can do to ensure they do n't become victims of this style of social media phishing attack Attack.Phishing . For starters , a real support account will be verified with a blue tick and wo n't directly ask for login credentials . A quick search for the real account should also demonstrate if the one contacting you is fake . Users may want to see their problems solved quickly , but taking ten seconds to verify who you 're talking to will pay off in the long run .

Staff are still falling for phishing scams Attack.Phishing , with social media friend requests and emails pretending to come from Attack.Phishing the HR department among the ones most likely to fool Attack.Phishing workers into handing over usernames and passwords . Phishing scams Attack.Phishing aim to trick Attack.Phishing staff into handing over data -- normally usernames and passwords -- by posing as Attack.Phishing legitimate email . It 's a technique used by the lowliest criminals as part of ransomware campaigns , right up to state-backed hackers because it continues to be such an effective method . In a review of 100 simulated attack campaigns for 48 of its clients , accounting for almost a million individual users , security company MWR Infosecurity found that sending Attack.Phishing a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent Attack.Phishing to a work email address . Almost a quarter of users clicked the link to be taken through to a fake login screen , with more than half going on to provide a username and password , and four out of five then going on to download a file . A spoof email claiming to be Attack.Phishing from the HR department referring to the appraisal system was also very effective : nearly one in five clicked the link , and three-quarters provided more credentials , with a similar percentage going on to download a file . Some might argue that gaining access Attack.Databreach to a staff email account is of limited use , but the security company argues that this is a handy for an assault . A hacker could dump Attack.Databreach entire mailboxes , access Attack.Databreach file shares , run programs on the compromised user 's device , and access multiple systems , warned MWR InfoSecurity . Even basic security controls , such as two-factor authentication or disabling file and SharePoint remote access , could reduce the risk . The company also reported bad news about the passwords that users handed over : while over 60 percent of passwords were found to have a length of 8 to 10 characters -- the mandatory minimum for many organizations -- the company argued that this illustrates how users stick to minimum security requirements . A third of the passwords consisted of an upper-case first letter , a series of lower-case letters , and then numbers with no symbols . It also found that 13.6 percent of passwords ended with four numbers in the range of 1940 to 2040 . Of those , nearly half ended in 2016 , which means one-in-twenty of all passwords end with the year in which they were created .

A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaign Attack.Phishing designed to trick Attack.Phishing victims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuade Attack.Phishing the victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacks Attack.Phishing involves attackers sending Attack.Phishing status updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacks Attack.Phishing to look authentic and crucially , from someone the target might trust . In one example of this attack Attack.Phishing , the target receives Attack.Phishing an email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to be Attack.Phishing someone the recipient knows . Mimicking Attack.Phishing someone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to contain Attack.Phishing information from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouraged Attack.Phishing to click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attract Attack.Phishing victims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .

If there ’ s one thing that can be counted on to happen every year around tax season — besides the ongoing tax preparation service commercials — it ’ s fraud . Whether it ’ s selling Attack.Databreach W2 forms online or sending Attack.Phishing malicious emails that look like Attack.Phishing they are from the IRS , cybercriminals tend to keep themselves busy this time of year . Rick Holland , VP of strategy at Digital Shadows , joined this week ’ s Hacker Tracker to highlight how cybercriminals are utilizing the dark web to support their tax fraud campaigns . Earlier this year , the Treasury Inspector General for Tax Administration reported that there was a reduction in the number of fraudulent tax returns identified between 2013 and 2015 . On the other hand , around that same time the IRS released data showing that phishing Attack.Phishing and malware incidents in the 2016 tax season increased by 400 percent . Noting that the number of identified fraudulent returns was not indicative of the overall levels of tax fraud occurring , Digital Shadows set out to reconcile two very different perspectives on the same problem . In response , the external digital risk management team recently released its research assessing dark web and criminal chatter related to tax fraud so far this year . As of February , the number of mentions in 2017 so far was already over 40 percent of the 2016 total . Rick Holland , VP of strategy at Digital Shadows , explained that cybercriminals are often using the dark web marketplaces to sell Attack.Databreach W2s for as little as $ 4 , which include a victim ’ s full information that can then be used for whatever campaign the cybercriminal is going to run . In fact , he noted that often cybercriminals capitalize on phishing Attack.Phishing and malware schemes during this time by using the term “ tax refund ” in an email subject of a message that looks like Attack.Phishing it ’ s from the IRS . However , those malicious emails are actually just delivering malware to a computer for other purposes , maybe to participate in a botnet or something similar . “ Sometimes it ’ s easy to think of the personal fraud that ’ s being committed , and certainly that is happening , but I think it ’ s important to remember that it goes much broader as far as what the adversaries are doing , ” Holland said . At the end of the day , fraudsters are doing everything they can increase the likelihood of their social engineering being successful . What ’ s Next In Tax Fraud Holland stressed how important it is for both consumers and businesses to under that there are differences in the types of cyber campaigns criminals perpetrate during tax season and that the threat of fraud can be much more encompassing during this time of year . Cybercriminals aren ’ t always going to go after credit card information , because they don ’ t have to . With increased sophistication and social engineering tactics , these criminals are not limited to relying on payment data alone to make money .

Payday loan firm Wonga has suffered a data breach Attack.Databreach affecting up to 245,000 customers in the U.K. A further 25,000 customers in Poland may also be affected , according to the BBC . It says it does not believe customers ’ Wonga account passwords were compromised Attack.Databreach but suggests concerned users change their password anyway . Wonga is warning affected customers to be “ extra vigilant ” and to alert their bank of potential risk — though it says it will also be contacting financial institutions about the breach . We ’ ve reached out to Wonga with questions and will update this story with any response . Update : In a statement a spokesperson for the company told us : “ Wonga is urgently investigating illegal and unauthorised access Attack.Databreach to the personal data of some of its customers in the UK and Poland . We are working closely with authorities and we are in the process of informing affected customers . According to The Guardian , the company became aware of a problem last week but only realized on Friday that data could be accessed Attack.Databreach externally , and only started contacting affected customers on Saturday . The U.K. ’ s data protection regulator , the ICO , has apparently been informed of the breach — although it ’ s unclear when . An ICO spokesperson did not respond to the question , providing this statement instead : “ All organisations have a responsibility to keep customers ’ personal information secure . Where we find this has not happened , we can investigate and may take enforcement action ” . Back in 2014 the company had to write down $ 340 million in unpaid loans , following an investigation by the U.K. ’ s Competition and Markets Authority over its lending practices . It was also fined by the regulator for sending Attack.Phishing fake lawyers ’ letters to customers in arrears . Although Wonga attracted substantial tech investment for a real-time automated decision-making platform for affordability checks , it ended up having to write off the loans of 330,000 customers , and waive the interest and fees for a further 45,000 — raising questions about the efficacy of its algorithms . Tightened criteria on short-term loans by the U.K. financial regulator ultimately shrunk the size of Wonga ’ s business , which saw losses double in 2015 — to £80.2 million .

The shadowy hacker consortium known as Callisto Group targeted the UK 's Foreign Office over several months in 2016 . According to research firm F-Secure , Callisto Group is an advanced threat actor whose known targets include military personnel , government officials , think tanks and journalists , especially in Europe and the South Caucasus . Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions , and this , combined with infrastructure footprint links to known state actors , suggests a nation-state benefactor , the firm said . In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain Attack.Databreach the target ’ s webmail credentials . Then , in early 2016 , the Callisto Group began sending Attack.Phishing highly targeted spear phishing emails with malicious attachments that contained , as their final payload , the “ Scout ” malware tool from the HackingTeam RCS Galileo platform . Scout was , ironically , originally developed for law enforcement . “ These spear-phishing emails were crafted Attack.Phishing to appear highly convincing , including being sent Attack.Phishing from legitimate email accounts suspected to have been previously compromised Attack.Databreach by the Callisto Group via credential phishing Attack.Phishing , ” F-Secure noted in a paper , adding that the group is continuing to set up new phishing Attack.Phishing infrastructure every week . One of the targets for Callisto in 2016 was the Foreign Office , according to BBC sources . The outlet reports that the government is investigating an attack that began in April last year . A source told the BBC that the compromised server didn ’ t contain the most sensitive information , fortunately . In a statement , the UK 's National Cyber Security Centre ( NCSC ) declined attribution or comment and merely said : `` The first duty of government is to safeguard the nation and as the technical authority on cybersecurity , the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world . The government 's Active Cyber Defence programme is developing services to block , prevent and neutralise attacks before they reach inboxes. ” F-Secure also said that evidence suggests the Callisto Group may have a nation-state sponsor , and that it uses infrastructure tied to China , Russia and Ukraine . It told the BBC that Callisto Group 's hacking efforts show similarities in tactics , techniques , procedures and targets to the Russia-linked group known as APT28 , though the two appear to be different entities . However , Callisto Group is also associated with infrastructure used for the sale of controlled substances , which “ hints at the involvement of a criminal element , ” F-Secure said . Going a bit further , a different source told the BBC that two of the phishing domains used in the UK attack Attack.Phishing “ were once linked to an IP address mentioned in a US government report into Grizzly Steppe. ” Grizzly Steppe is the code-name for Russian meddling in the US elections .

The Necurs botnet has , once again , begun pushing Locky ransomware on unsuspecting victims . The botnet , which flip-flops from sending Attack.Phishing penny stock pump-and-dump emails to booby-trapped files that lead to malware ( usually Locky or Dridex ) , has been spotted slinging Attack.Phishing thousand upon thousand of emails in the last three or four days . “ Talos has seen in excess of 35K emails in the last several hours associated with this newest wave of Locky , ” Cisco Talos researchers noted on Friday . In the first part of the spam campaign , the emails contain no text except in the Subject line , which simply says “ Receipt ” or “ Payment ” , followed by random numbers . Those numbers are seen again in the name of the attached PDF file ( as seen in the screenshot above ) . Later , the emails were made to look like Attack.Phishing they contained a scanned image in PDF format for the recipient to peruse . In both cases , the attached PDF contains embedded Word documents with macros , and in order for them to be opened and run the aforementioned macros , users are required to enable them . This is achieved through subterfuge : the victims are shown a note saying that the document is protected , and that they have to “ Enable editing ” in order to view it . Before that , the victims are also prompted to allow the opening of the file – a step that ’ s required for the malware to bypass the protection offered by the program ’ s sandbox . “ The word document itself contains an XOR ’ d Macro that downloaded the Locky sample from what is likely a compromised website , ” the researchers explained , noting that the DNS requests associated with the domain serving the malware have been spiking , but that it ’ s difficult to determine if these requests are from victims or the many security practitioners that are investigating this widespread campaign . Users who go through through all the motions required to serve the malware will end up with their files encrypted and the .osiris extension added to them . The criminals behind the ransomware are asking for Attack.Ransom 0.5 Bitcoin ( around $ 620 ) in order to decrypt the files . Unfortunately for them , there is currently no way to decrypt the files without paying the ransom Attack.Ransom , so they ’ ll need to choose between losing the files ( if they have no backup ) or paying up Attack.Ransom ( although there is no guarantee that the crooks will keep their word ) .

Google users today were hit Attack.Phishing with an extremely convincing phishing spree Attack.Phishing launched by attackers who manipulated Google Docs ' legitimate third-party sharing mechanism . Targets received Attack.Phishing messages with the subject like `` [ Sender ] has shared a document on Google Docs with you '' often from senders they knew . The messages contained links , which led to a page that clearly requested access to the user 's Gmail account . If the target user provides access , the attack Attack.Phishing begins sending Attack.Phishing spam to all the user 's contacts . Theoretically , the attacker could also access Attack.Databreach the victim 's messages and steal Attack.Databreach sensitive data , but thus far there have been no reports of such activity . Because it takes advantage of Google 's legitimate third-party sharing mechanism , the phishing message is much more difficult to identify as malicious . The icons and messaging are familiar to Google users . Gmail itself did not filter the messages as phishing Attack.Phishing or flag them as spam , but rather sent them to Gmail users ' `` Primary '' inbox mail folders . The senders were familiar enough to have the target in their contact lists . One way to spot the attack : some targets report that the message includes a recipient with an address that begins `` hhhhhhhhhhhhhh '' and ends with the domain `` mailinator.com . '' Google responded with a fix and issued a statement : `` We have taken action to protect users against an email impersonating Attack.Phishing Google Docs , and have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . If you think you were affected , visit http : //g.co/SecurityCheckup '' Those who have already fallen victim to this attack should also go to their Google account permissions settings and revoke access to the false `` Google Docs '' application . They 're also advised to set up two-factor authentication .

The Google Doc phishing scam Attack.Phishing that conned over a million users this week illustrates how attackers cleverly respond to wider spread Attack.Phishing end-user awareness about how phishing attacks Attack.Phishing work . The attack did n't ask users to enter credentials . Instead , it exhibited very few traditional phishing scam Attack.Phishing behaviors and could n't have been detected by endpoint protections . Some researchers are calling this attack a `` game changer '' that could be just the start of a new wave of attacks that take advantage of third-party authentication connections rampant in the cloud services-based economy . The attack tricked Attack.Phishing victims into clicking a link that gave attackers access to their Google Drive through OAuth authentication connections commonly used by third-party applications . The attackers did so by sending Attack.Phishing victims lure messages claiming Attack.Phishing to contain links to a shared Google Doc . Instead of a legit document , the link actually initiates a process to give a phony app masquerading as Attack.Phishing `` Google Docs '' access to the user 's Google account . If the user is already logged into Google , the connection routes that app into an OAuth permissions page asking the user to `` Allow '' access to the user 's legitimate Google Drive . `` You are n't giving your Google credentials directly to the attacker . Rather , OAuth gives the attacker permissions to act on behalf of your account . You 're on the real Google permissions page . OAuth is a legitimate way to give third-party applications access to your account . The application name is 'Google Docs , ' which is fake but convincing Attack.Phishing , '' says Jordan Wright , R & D engineer for Duo Security . `` So unless you know that Google Docs wo n't ask for your permissions , there is little you could use to determine that this was fake . '' The lure emails appear to come from Attack.Phishing Google Drive from a previous victim , making it difficult to detect as a fakeout , says Travis Smith , senior security researcher at Tripwire . `` Not only does this have a casual appearance of being legitimate , by being part of the official marketplace the link in the email went back directly to legitimate Google servers , '' says Smith . `` For those that are trained to validate the link before clicking on it , this passes two of the common techniques the majority of internet users are trained to not click on every link they come Attack.Phishing across : 'Does it come from Attack.Phishing someone you trust and validate the link is going to a trusted source ? ' '' The only big tip-off is that many of the messages seem to have an suspicious account , hhhhhhhhhhhhhhhh @ mailinator.com , cc 'd on the message , says John Bambenek , threat research manager at Fidelis Cybersecurity . He says the attack shows the glaring problem with OAuth , namely that it allows passive authentication . Netskope 's analysis found that a number of enterprise users across various industries ended up falling prey to this attack . Google worked to quickly block the attack , but there was a window of opportunity in that time between compromise and mitigation where emails , contacts , attachments and whatever else on a Google account could have been purloined , he warns . `` If an enterprise has identified that their users have granted access to the app in this attack , we recommend they conduct a full audit of the activities that were performed in Google Gmail after the permissions were granted to the app , '' Balupari writes .