personal information from Vermont state employees and other U.S. residents was sentenced . Tuesday in Rutland federal court to time served , or 14 months in jail . Osariemen Isibor , 32 , pleaded guilty in U.S. District Court in March to conspiracy to commit wire fraud . Another man , Eneye Dania , 31 , also pleaded guilty in March to being part of the same conspiracy . Last week , Dania was sentenced to serve 17 months in jail . Dania has been held in jail for about 14 months . While Isibor 's prison sentence on the charge is complete and Dania 's will be soon , neither is expected to be released . Instead , both are expected to be turned over to the custody of Immigration and Customs Enforcement before being deported to Nigeria . According to court records , the goal of the conspiracy was “ foolingAttack.PhishingUnited States residents … into sending the logon information they used to accessAttack.Databreachtheir IRS form W-2 data from their employer 's website to another website designed to look likeAttack.Phishingtheir employer 's human resources page but actually operated by the conspiracy to collect this data ” . Once people entered their information into the fake website , the conspirators attempted to trickAttack.Phishingthe IRS into sending tax refunds to the conspirators , but prosecutors said fraud detection controls put in place by the IRS “ caused most , if not all , such fraudulent tax returns to be rejected ” .
A series of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . A wave string of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . The phishing messages pretend to be sent fromAttack.Phishinga travel agency or a someone inside the target firm , they include a weaponized document or embed a malicious link . “ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” explained Asaf Cidon , vice president , content security services at Barracuda Networks . According to Barracuda Networks , aviation-themed phishing attacksAttack.Phishingcontain links to spoofedAttack.Phishingairline sites , threat actors personalizeAttack.Phishingthe phishing page in a way to trickAttack.Phishingvictims into providing business information . The attackers show a deep knowledge of the targets , hackers are targeting logistic , manufacturing and shipping industries . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon added . Recently the U.S. Computer Emergency Readiness Team issued an alert of phishing campaignsAttack.Phishingtargeting airline consumers . “ US-CERT has received reports of email-based phishing campaignsAttack.Phishingtargeting airline consumers . Systems infected through phishing campaignsAttack.Phishingact as an entry point for attackers to gain accessAttack.Databreachto sensitive business or personal information. ” reads the US-CERT warning . “ US-CERT encourages users and administrators to review an airline Security Advisory ( link is external ) and US-CERT ’ s Security Tip ST04-014 for more information on phishing attacksAttack.Phishing. ” The US-CERT specifically references the security advisory published by Delta Air Lines that warned its consumers of fraudulent activities . “ Delta has received reports of attempts by parties not affiliated with us to fraudulently gather customer information in a number of ways including : fraudulent emails , social media sites , postcards , Gift Card promotional websites claiming to beAttack.Phishingfrom Delta Air Lines and letters or prize notifications promising free travel , ” states the Delta Air Lines warning . Barracuda confirmed that these campaigns have a high success rate : “ Our analysis shows that for the airline phishing attackAttack.Phishing, attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” concluded Cidon . “ This is one of the highest success rates for phishing attacksAttack.Phishing. ”
A series of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . A wave string of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . The phishing messages pretend to be sent fromAttack.Phishinga travel agency or a someone inside the target firm , they include a weaponized document or embed a malicious link . “ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” explained Asaf Cidon , vice president , content security services at Barracuda Networks . According to Barracuda Networks , aviation-themed phishing attacksAttack.Phishingcontain links to spoofedAttack.Phishingairline sites , threat actors personalizeAttack.Phishingthe phishing page in a way to trickAttack.Phishingvictims into providing business information . The attackers show a deep knowledge of the targets , hackers are targeting logistic , manufacturing and shipping industries . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon added . Recently the U.S. Computer Emergency Readiness Team issued an alert of phishing campaignsAttack.Phishingtargeting airline consumers . “ US-CERT has received reports of email-based phishing campaignsAttack.Phishingtargeting airline consumers . Systems infected through phishing campaignsAttack.Phishingact as an entry point for attackers to gain accessAttack.Databreachto sensitive business or personal information. ” reads the US-CERT warning . “ US-CERT encourages users and administrators to review an airline Security Advisory ( link is external ) and US-CERT ’ s Security Tip ST04-014 for more information on phishing attacksAttack.Phishing. ” The US-CERT specifically references the security advisory published by Delta Air Lines that warned its consumers of fraudulent activities . “ Delta has received reports of attempts by parties not affiliated with us to fraudulently gather customer information in a number of ways including : fraudulent emails , social media sites , postcards , Gift Card promotional websites claiming to beAttack.Phishingfrom Delta Air Lines and letters or prize notifications promising free travel , ” states the Delta Air Lines warning . Barracuda confirmed that these campaigns have a high success rate : “ Our analysis shows that for the airline phishing attackAttack.Phishing, attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” concluded Cidon . “ This is one of the highest success rates for phishing attacksAttack.Phishing. ”
A series of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . A wave string of phishing campaignsAttack.Phishingis targeting airline consumers with messages craftedAttack.Phishingto trickAttack.Phishingvictims into handing over personal or business credentials . The phishing messages pretend to be sent fromAttack.Phishinga travel agency or a someone inside the target firm , they include a weaponized document or embed a malicious link . “ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” explained Asaf Cidon , vice president , content security services at Barracuda Networks . According to Barracuda Networks , aviation-themed phishing attacksAttack.Phishingcontain links to spoofedAttack.Phishingairline sites , threat actors personalizeAttack.Phishingthe phishing page in a way to trickAttack.Phishingvictims into providing business information . The attackers show a deep knowledge of the targets , hackers are targeting logistic , manufacturing and shipping industries . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon added . Recently the U.S. Computer Emergency Readiness Team issued an alert of phishing campaignsAttack.Phishingtargeting airline consumers . “ US-CERT has received reports of email-based phishing campaignsAttack.Phishingtargeting airline consumers . Systems infected through phishing campaignsAttack.Phishingact as an entry point for attackers to gain accessAttack.Databreachto sensitive business or personal information. ” reads the US-CERT warning . “ US-CERT encourages users and administrators to review an airline Security Advisory ( link is external ) and US-CERT ’ s Security Tip ST04-014 for more information on phishing attacksAttack.Phishing. ” The US-CERT specifically references the security advisory published by Delta Air Lines that warned its consumers of fraudulent activities . “ Delta has received reports of attempts by parties not affiliated with us to fraudulently gather customer information in a number of ways including : fraudulent emails , social media sites , postcards , Gift Card promotional websites claiming to beAttack.Phishingfrom Delta Air Lines and letters or prize notifications promising free travel , ” states the Delta Air Lines warning . Barracuda confirmed that these campaigns have a high success rate : “ Our analysis shows that for the airline phishing attackAttack.Phishing, attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” concluded Cidon . “ This is one of the highest success rates for phishing attacksAttack.Phishing. ”
F-Secure says it can not prove which country was behind the hack but the group had links to 'entities ' in China , Russia and Ukraine The UK Foreign Office was targeted by a group of determined and well-funded hackers over several months last year . Research published by cybersecurity firm F-Secure suggested the attack was a “ spear-phishingAttack.Phishing” campaign in which people are sentAttack.Phishingtargeted emails with a link to a false login page to trickAttack.Phishingusers into giving up their username and password . The hackers createdAttack.Phishingwebsites that looked likeAttack.Phishinglegitimate Foreign Office websites , including those for accessing an internal email account online . The scam is believed to have been perpetrated by hackers who call themselves the Callisto Group . F-Secure said it did not know whether the attack was successful and the National Cyber Security Centre did not say whether data had been stolenAttack.Databreach. It was discovered after the spy agency analysed a successful attack on the French broadcaster TV5Monde in 2015 . The group forced the channel ’ s scheduled programming off air for 18 hours and replaced them with a screen showing the terror group ’ s flag . The inference with the UK ’ s government follows on from an ongoing probe into the Kremlin ’ s influence on the US elections last year . Hacking groups such as DC Leaks , Fancy Bears and Guccifer 2.0 who were responsible for the leakingAttack.Databreachof damaging information about the Democrat party . The most significant attackAttack.Databreach, the leakingAttack.Databreachof thousands of private emails between senior members of the DNC to Wikileaks by Fancy Bears , lead to the resignation of DNC Chair Debbie Wasserman-Schultz .
Evaldas Rimasauskas , 49 who allegedly connedAttack.Phishingtwo of the world 's biggest companies was arrested on fraud charges GOOGLE and Facebook have admitted they were conned outAttack.Phishingof an alleged $ 100million ( £77million ) in a phishing scamAttack.Phishing. The two world 's biggest companies fell victim after a Lithuanian man allegedly trickedAttack.Phishingemployees into wiring over the money to bank accounts that he controlled , Fortune reported on Thursday . Evaldas Rimasauskas , 48 , is accused of posing asAttack.Phishingan Asia-based manufacturer and deceivedAttack.Phishingthe internet giants from around 2013 until 2015 . He was arrested earlier this month in Lithuania at the request of US authorities The conman is said to have forgedAttack.Phishingemail addresses , invoices and corporate stamps to impersonateAttack.PhishingQuanta and trickAttack.Phishingthem into paying for computer supplies . Rimasauskas , who is awaiting extradition proceedings , has denied the allegations . The US Department of Justice ( DOJ ) said last month : `` Fraudulent phishing emails were sentAttack.Phishingto employees and agents of the victim companies , which regularly conducted multi-million-dollar transactions with [ the Asian ] company . '' Both Facebook and Google have confirmed the fraud and said that they had been able to recoup funds . But they did n't reveal how much money it had transferred and recouped . A Google spokeswoman said : `` We detected this fraud against our vendor management team and promptly alerted the authorities . '' `` We recouped the funds and we ’ re pleased this matter is resolved . '' A spokeswoman for Facebook added : `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation . '' Security experts said the recent cyber attack highlighted how sophisticated phishing scamsAttack.Phishingare being used to foolAttack.Phishingeven two of the biggest tech companies .
High street banks are losing the battle against fraud as criminals switch tactics to directly target customers . Efforts by lenders to bolster their IT defences against hackers have simply encouraged fraudsters to bombard individual customers with scams , according to Financial Fraud Action UK . Despite investing millions in tackling fraud , losses from fraud rose last year as banks became less effective at preventing scams . Financial Fraud Action UK said this was ‘ largely due to criminals shifting their methods away from using malware attacks on online banking systems , which bank security processes identified ’ . Increasingly , it said , fraudsters are focussing on targeting individuals directly , which is harder for banks to stop . The report said the main ploy used by criminals is the ‘ impersonation and deception scam ’ whereby they pretend to beAttack.Phishingfrom a ‘ legitimate and trusted organisation ’ such as a bank , the police , a utility company or a government department . These scams typically involve the fraudster contactingAttack.Phishingthe customer through a phone call , text message or email . Often the fraudster will claimAttack.Phishingthere has been suspicious activity on an account , ask the individual to verify or update their account details , or claimAttack.Phishingthey are due a refund . The criminal then attempts to trickAttack.Phishingthe target into giving away their personal or financial information , such as passwords , payment card details or bank account information . Financial Fraud Action UK – which represents banks - said its intelligence suggests criminals have also recently increased their focus on ‘ phishing ’ emails claiming to beAttack.Phishingfrom major online retailers and internet companies . It warned these emails are an ‘ increasingly sophisticated ’ attempt to trickAttack.Phishingrecipients into giving away personal and financial details , or into downloading malware software which hacks into their computers . Several banks have been targeted by high profile cyber attacks that have attempted to exploit weaknesses in their IT systems . Last November criminals launched an online attack against Tesco Bank that resulted in the loss of £2.5million from 9,000 accounts . Others to have been targeted include Royal Bank of Scotland and NatWest , Lloyds and HSBC . The threat to Britain ’ s financial infrastructure from persistent cyber-attacks prompted chancellor Philip Hammond to commit an extra £1.9billion in the autumn statement to boost Britain ’ s defences against the growing online threat .
High street banks are losing the battle against fraud as criminals switch tactics to directly target customers . Efforts by lenders to bolster their IT defences against hackers have simply encouraged fraudsters to bombard individual customers with scams , according to Financial Fraud Action UK . Despite investing millions in tackling fraud , losses from fraud rose last year as banks became less effective at preventing scams . Financial Fraud Action UK said this was ‘ largely due to criminals shifting their methods away from using malware attacks on online banking systems , which bank security processes identified ’ . Increasingly , it said , fraudsters are focussing on targeting individuals directly , which is harder for banks to stop . The report said the main ploy used by criminals is the ‘ impersonation and deception scam ’ whereby they pretend to beAttack.Phishingfrom a ‘ legitimate and trusted organisation ’ such as a bank , the police , a utility company or a government department . These scams typically involve the fraudster contactingAttack.Phishingthe customer through a phone call , text message or email . Often the fraudster will claimAttack.Phishingthere has been suspicious activity on an account , ask the individual to verify or update their account details , or claimAttack.Phishingthey are due a refund . The criminal then attempts to trickAttack.Phishingthe target into giving away their personal or financial information , such as passwords , payment card details or bank account information . Financial Fraud Action UK – which represents banks - said its intelligence suggests criminals have also recently increased their focus on ‘ phishing ’ emails claiming to beAttack.Phishingfrom major online retailers and internet companies . It warned these emails are an ‘ increasingly sophisticated ’ attempt to trickAttack.Phishingrecipients into giving away personal and financial details , or into downloading malware software which hacks into their computers . Several banks have been targeted by high profile cyber attacks that have attempted to exploit weaknesses in their IT systems . Last November criminals launched an online attack against Tesco Bank that resulted in the loss of £2.5million from 9,000 accounts . Others to have been targeted include Royal Bank of Scotland and NatWest , Lloyds and HSBC . The threat to Britain ’ s financial infrastructure from persistent cyber-attacks prompted chancellor Philip Hammond to commit an extra £1.9billion in the autumn statement to boost Britain ’ s defences against the growing online threat .
Hacker group “ Charming Kitten ” used false identities to ferret out information , says Israel-based cybersecurity firm ClearSky An Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers , human rights activists , media outlets and political advisors focusing on Iran , according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security . The group has also set upAttack.Phishinga news outlet called The British News Agency to lureAttack.Phishingtargets in . Most of the group 's targets are in Iran , the U.S. , Israel and the U.K. , the report said , but some come from countries including France , Germany , Switzerland , Denmark , India , Turkey and the United Arab Emirates . The report detailed the various methods used to gain accessAttack.Databreachto computers and private social accounts . Those include false identities , the impersonationAttack.Phishingof real companies , the insertion of malicious code into a breached website , also known as `` watering hole attacks , '' and spear phishingAttack.Phishing, the process of pretending to beAttack.Phishingservice providers like Gmail or Facebook to trickAttack.Phishingpeople into giving out personal information . A significant mainstay of the group 's activity was the establishment of a media outlet called The British News Agency . Much effort went into creatingAttack.Phishinga seemingly legitimate website , including details about the agency and a contact list of the management team . The purpose of the site was to attractAttack.Phishingthe targets and infect them with malware . According to the report , multiple Israeli researchers of Iran and the Middle East were sentAttack.Phishingemails and Twitter direct messages from accounts registered with seemingly Jewish Israeli names . Messages coming fromAttack.Phishingone such account were presented as if coming fromAttack.Phishinga journalist and political researcher at KNBC News . Other messages were presented as if coming fromAttack.Phishingan Israeli political researcher raised in California who needed help with an article and also wanted to apply for a position at an Israeli university . Another message was described as coming fromAttack.Phishinga Jewish girl living in Iran . These messages often linked to phishing pages . ClearSky can not estimate how many accounts were successfully infiltrated , but the success rate for such attacks is usually around 10 % , said Mr. Dolev .
Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region . The Saudi government ’ s National Cyber Security Center ( NCSC ) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “ MuddyWater ” by U.S. cyber firm Palo Alto Networks . Palo Alto ’ s Unit 42 threat research unit published a report last Friday showing how a string of connected attacksAttack.Phishingthis year used decoy documents with official-looking government logos to lureAttack.Phishingunsuspecting users from targeted organizations to download infected documents and compromise their computer networks . Documents pretending to beAttack.Phishingfrom the U.S.National Security Agency , Iraqi intelligence , Russian security firm Kaspersky and the Kurdistan regional government were among those used to trickAttack.Phishingvictims , Unit 42 said in a blog post ( goo.gl/SvwrXv ) . The Unit 42 researchers said the attacksAttack.Phishinghad targeted organizations in Saudi Arabia , Iraq , the United Arab Emirates , Turkey and Israel , as well as entities outside the Middle East in Georgia , India , Pakistan and the United States . The Saudi security agency said in its own statement that the attacksAttack.Databreachsought to stealAttack.Databreachdata from computers using email phishing techniques targeting the credentials of specific users . The NCSC said they also comprised so-called “ watering hole ” attacks , which seek to trickAttack.Phishingusers to click on infected web links to seize control of their machines . The technical indicators supplied by Unit 42 are the same as those described by the NCSC as being involved in attacks against Saudi Arabia . The NCSC said the attacks appeared to be by an “ advanced persistent threat ” ( APT ) group - cyber jargon typically used to describe state-backed espionage . Saudi Arabia has been the target of frequent cyber attacks , including the “ Shamoon ” virus , which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms . Saudi Aramco , the world ’ s largest oil company , was hit by an early version of the “ Shamoon ” virus in 2012 , in the country ’ s worst cyber attack to date . The NCSC declined further comment on the source of the attack or on which organizations or agencies were targeted . Unit 42 said it was unable to identify the attack group or its aims and did not have enough data to conclude that the MuddyWater group was behind the Saudi attacks as outlined by NCSC . “ We can not confirm that the NCSC posting and our MuddyWater research are in fact related , ” Christopher Budd , a Unit 42 manager told Reuters . “ There ’ s just not enough information to make that connection with an appropriate level of certainty. ” Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised asAttack.PhishingMicrosoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report .
Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region . The Saudi government ’ s National Cyber Security Center ( NCSC ) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “ MuddyWater ” by U.S. cyber firm Palo Alto Networks . Palo Alto ’ s Unit 42 threat research unit published a report last Friday showing how a string of connected attacksAttack.Phishingthis year used decoy documents with official-looking government logos to lureAttack.Phishingunsuspecting users from targeted organizations to download infected documents and compromise their computer networks . Documents pretending to beAttack.Phishingfrom the U.S.National Security Agency , Iraqi intelligence , Russian security firm Kaspersky and the Kurdistan regional government were among those used to trickAttack.Phishingvictims , Unit 42 said in a blog post ( goo.gl/SvwrXv ) . The Unit 42 researchers said the attacksAttack.Phishinghad targeted organizations in Saudi Arabia , Iraq , the United Arab Emirates , Turkey and Israel , as well as entities outside the Middle East in Georgia , India , Pakistan and the United States . The Saudi security agency said in its own statement that the attacksAttack.Databreachsought to stealAttack.Databreachdata from computers using email phishing techniques targeting the credentials of specific users . The NCSC said they also comprised so-called “ watering hole ” attacks , which seek to trickAttack.Phishingusers to click on infected web links to seize control of their machines . The technical indicators supplied by Unit 42 are the same as those described by the NCSC as being involved in attacks against Saudi Arabia . The NCSC said the attacks appeared to be by an “ advanced persistent threat ” ( APT ) group - cyber jargon typically used to describe state-backed espionage . Saudi Arabia has been the target of frequent cyber attacks , including the “ Shamoon ” virus , which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms . Saudi Aramco , the world ’ s largest oil company , was hit by an early version of the “ Shamoon ” virus in 2012 , in the country ’ s worst cyber attack to date . The NCSC declined further comment on the source of the attack or on which organizations or agencies were targeted . Unit 42 said it was unable to identify the attack group or its aims and did not have enough data to conclude that the MuddyWater group was behind the Saudi attacks as outlined by NCSC . “ We can not confirm that the NCSC posting and our MuddyWater research are in fact related , ” Christopher Budd , a Unit 42 manager told Reuters . “ There ’ s just not enough information to make that connection with an appropriate level of certainty. ” Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised asAttack.PhishingMicrosoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report .
Cybercriminals prey on naivety , and a new scam campaign that attempts to trickAttack.Phishingpeople into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupeAttack.Phishingvictims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to beAttack.Phishingfrom 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupeAttack.Phishingvictims into paying for a fake subscription . Those who receiveAttack.Phishingthe email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lureAttack.Phishingvictims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be fromAttack.Phishingreal companies . Previously , Action Fraud has warned about scammers attempting to stealAttack.Databreachcredentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to beAttack.Phishingfrom a charity .
ESET Ireland warns of an authentic looking phishing scam email , pretending to comeAttack.Phishingfrom Vodafone . The cybercriminals are up to their old tricks even in the new year . An email , pretending to beAttack.Phishingfrom Vodafone has been spamming Irish mailboxes with a phishing attemptAttack.Phishing. The email reads : Dear Valued Customer , Just a quick reminder that you need to pay for your Vodafone service . Pay now to avoid service restriction or suspension . Your monthly bill for NETVIGATOR service has been issued . We have proceeded autopay payment according to your credit card information . However , such autopay payment is not successful . Your account is now overdue , so unless you ’ ve already paid in the last few days here ’ s what you need to do next . To check the total amount owing , please visit MyAccount To avoid suspension of service , please settle the above amount before 04 Jan 2017 . Log In To MyAccount https : //www.vodafone.ie/myv/services/Process For details regarding the payment rejection , please contact your bank directly . It ’ s important that you make full payment of the outstanding amount to avoid restriction or suspension of your service . Please remember that if we suspend your service you ’ ll need to pay a reconnection fee . We ’ ll also apply all regular service charges until your service is cancelled . To help you manage your services , a number of online tools are available . You can pay your bill and track your usage through MyAccount and our 24×7 App . While the email is made to look very convincingAttack.Phishing, with all the Vodafone logos and overall appearance , all the links in the email lead to a fake website , registered in Mexico , which tries to trickAttack.Phishingthe user into submitting their account info and payment details . If you have received such an email , flag it as spam and delete it . Do not click any of the links in it .
Facebook users have noticed and reported a new scam making rounds on the popular network . [ 1 ] This time , it is the same old Facebook Messenger virus that compromises user accounts and acts on behalf of the victim to distribute the malicious link further . The scam uses a basic social engineering technique that luresAttack.Phishingthe potential target into clicking on the provided URL . In addition , the victim feels safe since the link comes fromAttack.Phishingone of his Facebook friends . The message usually includes a short line that looks similar to “ its you ? [ name ] : |. ” The emoji at the end of the message differs , and the provided link is shortened ; therefore the user can not figure out where it leads . However , the shortcut indicates that the link leads to a mysterious video and triggers victim ’ s curiosity to check it out . Typical strategy : Install something to watch the video Cybersecurity experts are already familiar with the technique used to trickAttack.Phishingquestioning users into installing the Facebook Message Video virus . As soon as the victim clicks the compromised link and enters the phishing website ( which apparently is designed to look likeAttack.PhishingYouTube or another popular video sharing platform ) , a misleading pop-up appearsAttack.Phishing, asking the victim to install an update or an application ( it could be a fake Adobe Flash Player or a plug-in ) . The file suggested to the user contains no software related to video streaming and simply carries the malicious payload that later compromisesAttack.Databreachvictim ’ s account and sends outAttack.Phishingthe deceptive messages to all victim ’ s contacts . Speaking of fake Adobe Flash Players , we want to inform you that these are one of the most dangerous threats to your security . One of the latest cyber attacksAttack.Phishingwas based on fake pop-ups appearing on compromised sites , urgingAttack.Phishingpeople to install an updated Flash Player . Unfortunately , launching the install_flash_player.exe file only infected the computer with Bad Rabbit ransomware .
Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attemptsAttack.Phishingbetween July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacksAttack.Phishingare currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaignAttack.Phishingdoes not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sentAttack.Phishingduring the phishing attemptsAttack.Phishing. Attackers did n't deliver malware but luredAttack.Phishingvictims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims receivedAttack.Phishingemails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims receivedAttack.Phishinganother email made to look likeAttack.Phishingit was coming fromAttack.Phishingthe same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimedAttack.Phishingat work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leadingAttack.Phishingvictims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishesAttack.Phishingwere not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trickAttack.Phishingusers into giving away LinkedIn creds . ⬭ Emails disguised to look likeAttack.Phishingthey were coming fromAttack.Phishingfamily members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted onAttack.Phishingthe target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked likeAttack.Phishinga friend was sharingAttack.Phishinginteresting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered backAttack.Phishingwith a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtainAttack.Databreachtheir password .
A new attack campaignAttack.Phishinghas been flingingAttack.Phishingphishing messages as well as ransomware-laced spam emails at potential victims in massive quantities . The attack campaign involves crypto-locking Locky ransomware . `` Beware . Do n't fall for this . Locky is horrid , '' says Alan Woodward , a computer science professor at the University of Surrey . The campaign began Monday , according to cloud-based cybersecurity provider AppRiver , which counted more than 23 million related spam emails having been sentAttack.Phishingin less than 24 hours . That makes it `` one of the largest malware campaigns that we have seen in the latter half of 2017 , '' says Troy Gill , manager of security research for AppRiver , in a blog post . Finnish security firm F-Secure says that the majority of the spam messages that its systems are currently blocking relate to Locky . It notes that some spam contains links to infected sites , while other messages carry malicious attachments . If a system becomes infected with this strain of Locky , crypto-locked files will have the extension `` .lukitus '' added , which is a Finnish word variously translated by native speakers as `` locking '' or `` locked , '' according to F-Secure . The Lukitus variant of Locky was first spotted last month . Rommel Joven , a malware researcher with security firm Fortinet , warned that it was being distributed via email attachments as part of a massive spam campaign being run by the one of the world 's biggest botnets , Necurs , which has historically been the principle outlet for Locky attacks . Spam Can Carry Locky Attachments AppRiver says emails related to the new Locky campaign have featured a variety of subject lines , including these words : documents , images , photo , pictures , please print , scans . `` Each message comes with a zip attachment that contains a Visual Basic Script ( VBS ) file that is nested inside a secondary zip file , '' Gill says . `` Once clicked , [ the ] VBS file initiates a downloader that reaches out to greatesthits [ dot ] mygoldmusic [ dotcom ] to pull down the latest Locky ransomware . Locky goes to work encrypting all the files on the target system and appending [ . ] lukitus to the users now-encrypted files . '' The ransomware then dropsAttack.Ransoma ransom note on the victim 's desktop . `` The victim is instructed to install the Tor browser and is provided an .onion ( aka Darkweb ) site to process paymentAttack.Ransomof 0.5 bitcoins '' - currently worth $ 2,400 - Gill says . `` Once the ransom paymentAttack.Ransomis made the attackers promise a redirect to the decryption service . '' As of Friday , meanwhile , Xavier Mertens , a freelance security consultant and SANS Institute Internet Storm Center contributor based in Belgium , says he 's seeing a new wave of malicious spam that uses emails that pretend to carry voice messages . Internet Storm Center reports that some malicious messages tied to Locky are showing fake alertsAttack.Phishingstating that the HoeflerText font needs to be installed . Not all of the Locky spam emails arrive with malicious attachments ; some are designed as phishing attacksAttack.Phishingthat redirect users to real-looking but malicious sites . Peter Kruse , an e-crime specialist at CSIS Security Group in Denmark , says some emails related to this ransomware campaign are skinned to look likeAttack.Phishingthey 've come fromAttack.PhishingDropbox . Some will attempt to trickAttack.Phishingrecipients into clicking on a `` verify your email '' link . Kruse says the attacks are being launched by the group tied to the Affid=3 [ aka affiliate ID=3 ] version of Locky . If victims click on the link , they 're redirected to one of a number of websites . Clicking on a link can result in a zipped attack file being downloaded , per the VBS attack detailed above , according to security researcher JamesWT , a former member of the anti-malware research group called Malware Hunter Team . Alternately , clicking on the link may result in the site attempting to execute a malicious JavaScript file that functions as a dropper , meaning it then attempts to download a payload file . In some attacks , this payload file is Locky . But JamesWT tells ISMG that malware from the campaign that he uploaded to malware-checking service VirusTotal was identified as being Shade ransomware .
A flaw in Safari – that allows an attacker to spoofAttack.Phishingwebsites and trickAttack.Phishingvictims into handing over their credentials – has yet to be patchedVulnerability-related.PatchVulnerability. A browser address bar spoofing flaw was foundVulnerability-related.DiscoverVulnerabilityby researchers this week in Safari – and Apple has yet issueVulnerability-related.PatchVulnerabilitya patch for the flaw . Researcher Rafay Baloch on Monday disclosedVulnerability-related.DiscoverVulnerabilitytwo proof-of-concepts revealingVulnerability-related.DiscoverVulnerabilityhow vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fixVulnerability-related.PatchVulnerabilitythe flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addressesVulnerability-related.PatchVulnerabilitythe issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixedVulnerability-related.PatchVulnerabilitythe vulnerability Baloch foundVulnerability-related.DiscoverVulnerabilityin the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory releasedVulnerability-related.PatchVulnerabilityAugust 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoofAttack.Phishingthe website , using it to lureAttack.Phishingin victims and potentially gather credentials or spread malware . For instance , the attacker could sendAttack.Phishingan email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to beAttack.PhishingGmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discoveredVulnerability-related.DiscoverVulnerabilityto have the flaw , said Baloch . Baloch is known for discoveringVulnerability-related.DiscoverVulnerabilitysimilar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosedVulnerability-related.DiscoverVulnerabilityto both Microsoft and Apple and Baloch gave both a 90-day deadline before he went publicVulnerability-related.DiscoverVulnerabilitywith the flaws . Due to the Safari browser bug being unpatchedVulnerability-related.PatchVulnerability, Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .
Nigerian scamsters have changed tactics as they target Indian people online , security experts have warned . The fraudsters are no longer relying on phishing emails about lotteries and charity as baitAttack.Phishing, but are dupingAttack.Phishingpeople on the pretext of partnering with MNCs ( multinational companies ) , investing in herbal seed businesses and channelising foreign funds . According to security agencies , there is a complete shift in the modus operandi of these Nigerian web gangs . A senior Delhi Police Crime Branch officer said : 'The scamsters lureAttack.Phishinggullible targets via social networking sites such as Facebook . 'They then pose asAttack.Phishingdiplomats or MNC executives and enticeAttack.Phishingtheir targets to invest in a global venture , which actually does not exist . 'Interestingly , all dealings are done at high-secured areas such as airport and five-star hotels to give an impression of being high-flyers and avoid the risk of getting into trouble . ' 'There is no fixed narrative . Depending upon the profile of the target , the gang traps them . In the herbal seeds scam , the victim is approached online as a representative of an overseas pharmaceutical firm looking to source herbal seeds from local farmers through an agent . They promise the victim huge returns if they pay the agent upfront for the seeds . Then they disappear with the money , ' said Uttar Pradesh Special Task Force 's additional superintendent of police Triveni Singh . One of the latest victims is Meerut 's Varun Thapar , who lost Rs 3 lakh to a Nigerian gang . Thapar went to meet the gang members at a five star hotel in Mumbai and Delhi . He told Mail Today : 'The gang members contact through their international number or makes a WhatsApp call . The gang sounds so professional that it is difficult to make out that they are fraud . ' I was trapped after getting a friend request from a Manchester-based female executive . I was given seed sample in Mumbai and later duped at a five-star hotel in Delhi . The trap was so perfect that I could not sense any foul play . ' During investigation , it was found that all the numbers used for communication were taken on fake identities . Police claim the gangs have developed a new trickAttack.Phishing, where they pose asAttack.Phishingdiplomat or MNC executive and work in nexus with a local youth who helps them with logistics .
The Indiana Department of Revenue ( DOR ) and the Internal Revenue Service ( IRS ) are warning folks of fraudulent emails impersonatingAttack.Phishingeither revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online. ” The scam email includes an attachment labeledAttack.Phishing“ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receivesAttack.Phishingan email claiming to beAttack.Phishingthe IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .
Google has announcedVulnerability-related.DiscoverVulnerabilitya crackdown on intrusive pop-up advertisements on its Chrome web browser after a previous update failedVulnerability-related.PatchVulnerabilityto stop them . The ads open users up to phishing attacksAttack.Phishingthat attempt to scamAttack.Phishingpeople into giving private information such as bank details to online fraudsters . Google says the ads create an 'abusive experience for users ' , including fee messages , unexpected clicks , phishing attemptsAttack.Phishingand misleading site behaviour . The firm tried to stopVulnerability-related.PatchVulnerabilitymanipulative adverts in an update last February but now admits that it 'did not go far enough ' . Chrome currently has an option to enable a pop-up blocker but fraudsters have quickly found ways around this . The company declined to name the companies involved in the crackdown but said that the update will blockVulnerability-related.PatchVulnerabilityads from a 'small number of sites with persistent abusive problems ' . Pop-ups are small windows that tend to show system warnings which are difficult to close , as well as 'watch video ' buttons . When the company announced its previous crackdown back in February , critics were quick to point out that the firm wanted to make ads more tolerable - so that their own could get past filters . Some said that the aim was to persuade people to disable their ad block so as not to deprive publishers ( including Google ) from displaying their advertisements and thus depriving them of revenue . Although they did not go into detail about why the previous block did n't work , Chrome product manager Vivek Sekhar said : 'We 've learned since then that this approach did not go far enough . ' 'In fact , more than half of these abusive experiences are not blocked by our current set of protections , and nearly all involve harmful or misleading ads . ' Advertisements also tend to be a hotbed for malicious software or scams where fraudsters trickAttack.Phishingpeople into giving out their personal information . Once a pop-up is clicked on , the ad can take you to a separate web page asking you to download an application and actually triggers an onslaught of more pop-up ads
The Internal Revenue Service today warned the public of a tax transcript scheme via a surge of fraudulent emails impersonatingAttack.Phishingthe IRS . The emails offerAttack.Phishingtax transcripts , or the summary of a tax return , as baitAttack.Phishingto enticeAttack.Phishingusers to open documents containing malware . The scam email carries an attachment labeled “ Tax Account Transcript ” or something similar , and the subject line uses some variation of the phrase “ tax transcript. ” The IRS said the scamAttack.Phishingis especially problematic for businesses whose employees might open the malware because it can spread throughout the network and potentially take months to successfully remove . Known as Emotet , the well-known malware generally poses asAttack.Phishingspecific banks and financial institutions in its effort to trickAttack.Phishingpeople into opening infected documents . However , in the past few weeks , the scamAttack.Phishinghas been masquerading asAttack.Phishingthe IRS , pretending to beAttack.Phishingfrom “ IRS Online. ” The United States Computer Emergency Readiness Team ( US-CERT ) issued a warning in July about earlier versions of the Emotet in Alert ( TA18-201A ) Emotet Malware . US-CERT has labeled the Emotet Malware “ among the most costly and destructive malware affecting state , local , tribal , and territorial ( SLTT ) governments , and the private and public sectors. ” The IRS reminds taxpayers it does not send unsolicited emails to the public , nor would it email a sensitive document such as a tax transcript . Taxpayers should not open the email or the attachment . If using a personal computer , delete or forward the scam email to phishing @ irs.gov . If seen while using an employer ’ s computer , notify the company ’ s technology professionals .
If you 've just paid your self-assessment tax bill , be vigilant if you receive an email informing you that you 're due a refund . Fraudsters are targeting taxpayers with spurious emails and text messages pretending to beAttack.Phishingfrom the government . I received one such email over the weekend , telling me I was due a refund of £222.32 . The email cameAttack.Phishingcomplete with a bogus 'HMRC Transaction Confirmation ' number and a link claiming to beAttack.Phishingto the Government Gateway , which is used to access online government services . Of course , I would just need to click on the bogus link with my 'credit/debit card ready ' so the criminals at the other end of the link could scamAttack.Phishingmy cards for as much money as possible . At first glance , it may look fairly convincing - the spelling and grammar is pretty good , it contains plenty of official-looking reference numbers and the web links are at least in part quite similar to the genuine articles . But it 's very definitely a 'phishing ' email - whereby the fraudster sender is trying to hookAttack.Phishingyou into providing personal information . In this case , they 're after my credit or debit card numbers . Phishing happens by text message too . Earlier this month HMRC reported people are nine times more likely to fall for text message scams than other types such as email because they can appear more legitimate , with many texts displaying ‘ HMRC ’ as the sender , rather than a phone number . It also said it had 'stopped thousands of taxpayers from receiving scam text messages , with 90 per cent of the most convincing texts now halted before they reach their phones ' . To help you protect yourself and your bank account , there are several warning signs you should always look out for to determine whether such emails and texts are fakes This is in case they contain malware - software with a virus that can read personal information on your computer – or destroy it . The bug is often activated by users inadvertently opening an attachment or clicking on an email link . And it 's not just emails and texts about tax refunds you need to be vigilant towards . A spokesman for Action Fraud told This is Money : 'At this important time in the tax year when people will be claiming refunds , we are warning of fraudsters who contact victims claiming to beAttack.Phishingfrom HMRC to trickAttack.Phishingthem into paying bogus debts and taxes . 'These criminals will contactAttack.Phishingvictims in many ways , including spoof calls , voicemails and text messages . And in most cases they will ask for payments in iTunes giftcards . 'It is important that people spot the signs of this type of fraud to protect themselves . 'HMRC will never use text messages to inform about a tax rebate or penalty and will never ask for any payment in the form of iTunes vouchers . '
The email didn ’ t just seem innocent , it also seemed familiar to the accounts payable employee at MacEwan University in Edmonton . It was from one of the local construction firms the public institution deals with , logo and all . There was new bank account information —could accounts payable please change it ? The staff and this supposed vendor communicated back and forth , from late June until a few weeks ago , in early August . One university employee was involved in this correspondence at first ; two more were added . Then vendor payments went through , as scheduled : $ 1.9 million from MacEwan accounts on August 10 . Another $ 22,000 were transferred seven days later . Finally , $ 9.9 million went to this new bank account on August 19 , a Saturday . Wednesday morning , for the first time in this episode , came a phone call . The Edmonton-area vendor wanted to know why it never got its payments . The massive fraud had already been perpetrated , $ 11.8 million winding its way into a TD bank account in Montreal and much of it then wired overseas , a university spokesman says . Investigators have traced $ 11.4 million of the money and frozen the suspect accounts in Quebec and Hong Kong . The school is pursuing civil legal action to recover the money . “ The status of the balance of the funds is unknown at the time , ” a MacEwan statement said about the other $ 400,000 . There ’ s likely not a person reading this online who hasn ’ t received a phishing attackAttack.Phishing, in which someone pretending to beAttack.Phishinga bank sendsAttack.Phishingan email or text message , hoping to trickAttack.Phishingyou into enter or re-enter account information or a credit card number . What hit MacEwan was a spear phishing attackAttack.Phishing, in which scammers impersonateAttack.Phishinga client or associate of the individual . In this case , the fraudster had cut-and-pasted the actual vendor ’ s logo , MacEwan spokesman David Beharry said . A phishing attacker will often cast several luresAttack.Phishing; in this case , investigators said 14 different Edmonton-area construction sites or firms were impersonatedAttack.Phishingas part of this attempt . The successful trickAttack.Phishingled to financial transfers equivalent to more than five per cent of the publicly funded school ’ s 2016 operating budget , according to records . This inflicted vastly more damage than the last well-documented online scam to successfully target an Alberta post-secondary school : last year , University of Calgary paidAttack.Ransom$ 20,000 in what ’ s known as a ransomware attackAttack.Ransom, in which cyberattackers manage to lock or encrypt network data until the victim pays upAttack.Ransom. While MacEwan is confident it can recoup the amounts already frozen , it will also incur legal fees on three continents as it tries to do so , Beharry says . Edmonton ’ s second-largest university knew enough about this problem to launch its own phishing awareness campaign last school year for staff and students , posters and all . Now , the school itself will become a cautionary tale about the perils and pratfalls of spear phishing cyberattacksAttack.Phishing. With this ugly incident , MacEwan University becomes a cautionary tale of another sort : financial controls . These were not high-level employees ensnared by this phishing attackAttack.Phishing, the school spokesman says , though he did not identify them or clarify how the three employees were involved . From now on , one fraud and $ 11.8 million later , such vendor banking information changes will need to go through a second and third level of approval at MacEwan before the final clicks or keystrokes occur .
Consumers are being left vulnerable to increasingly sophisticated cybercriminals because major companies are not taking measures to protect them from plagues of fake emails , a leading cyber-crime expert has claimed . Billions of “ phishing ” emails purporting to beAttack.Phishingfrom companies we trust such as Apple and Amazon , or banks , charities and even government departments , are reaching consumers ’ inboxes . Their intention is to trickAttack.Phishingrecipients into visiting a website – specially created to mirrorAttack.Phishinga legitimate business ’ s site – and entering personal details such as email addresses and passwords . These can be used by criminals in a number of ways , including accessing bank accounts , making payments or applying for credit or other services . Phishing emails are cleverly designed to mimicAttack.Phishingthe firm ’ s real emails . They are increasingly well-written . Worryingly , as fraudsters invest more in their processes , the emails are also more likely to bypass spam filters . To add to the convincing effect , criminals are buying domain names similar to the companies they are impersonatingAttack.Phishing, so recipients are more likely to think the emails real . Since January Action Fraud , the national cybercrime reporting service , has issued alerts about scams involving fake correspondence from HMRC , Amazon , and the Department of Education , among others . But now the proliferation of these emails is causing some to question whether the real businesses are doing enough to protect their customers . Chris Underhill , chief technical officer at Cyber Security Partners , a consultancy , said firms that communicate by email have a “ corporate responsibility ” to prevent fraudsters impersonating them online . He said many firms were failing to take the basic – and inexpensive – precaution of buying up domain names similar to their own . He said : “ The technology is there for little cost but sadly the adoption rate is low . “ The responsibility is now placed on the consumer to check the sender of the emails is real. ” Telegraph Money found it was possible , for example , to buy domain names such as amazonuk.org , amazon.eu.co.uk or amazonuk.tech for as little as £5.99 per year . Andrew Goodwill , of The Goodwill Group , a fraud-prevention consultancy , said consumers should “ be incredibly sceptical ” about any unsolicited digital communication even from familiar companies . If they contained links or asked for personal information they were “ more than likely to be fake ” , he said . He added : “ It ’ s a difficult situation . Why wouldn ’ t you expect to receive an email from a service you use ?
When tragedy strikes , criminals invariably prey on people ’ s best intentions . Scammers have been using Hurricane Harvey-themed messages to trickAttack.Phishingpeople into opening phishing emails and links on social media sites , which can steal login information , infect machines with malware , or con victims out of money . US-CERT , a cybersecurity arm of the U.S. Department of Homeland Security , issued a warning about the threat on Monday . “ [ R ] emain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey , ” the advisory read . “ Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters. ” As the advisory notes , a common scam during and after natural disasters is for fraudsters to pretendAttack.Phishingto set up relief funds and request donations . Fortune has seen several suspicious online profiles and personas that , although their legitimacy couldn ’ t be determined , raised several red flags : a small number of followers , unverified accounts , no apparent links to accredited charities , and no means to track where proceeds go . Zack Allen , threat operations manager at ZeroFOX , a social media-focused cybersecurity startup , says the ruse is a typical one . “ Cybercriminals are opportunists and , sadly , a crisis like Hurricane Harvey is a prime example of their preying on humanity ’ s empathy and trust , ” he wrote in an email to Fortune . “ People all over the world quickly rushed to their social media accounts to find the best avenues to donate to victims , but these same avenues are ideal for scammers who try to convinceAttack.Phishingvictims to donate to their fraudulent Hurricane Harvey cause. ” Kevin Epstein , vice president of threat operations at Proofpoint ( pfpt , +1.21 % ) , a cybersecurity firm that provides email protection , said that in recent days he has seen hurricane-related snares such as “ see this terrifying video ” or pleas to “ donate to the relief effort. ” One PDF attachment titled “ hurricane harvey – nueces county news release 11 – it ’ s your chance to help.pdf ” prompted people , when opened , to enter their email username and password , he told Fortune . It ’ s common for fraudsters to take advantage of news du jour to baitAttack.Phishingprospective victims . “ Consistently , attackers use world events as themes for their attacks , ” said Oren Falkowitz , CEO at Area1 Security , a cybersecurity startup that fights phishingAttack.Phishing. He noted that attacks related to tax season and national elections were examples of recent popular lures . A few tips you can use to stay safe : First , keep your software up to date . Hackers often try to compromise devices running outdated software that has security holes . Second , be careful what you click : Don ’ t accept or open unsolicited content from untrusted sources . ( You should even be wary of trusted contacts , as they too may have been compromised . ) Third , be sure the organizations to which you ’ re contributing money are legitimate . Here ’ s a rundown of some reputable charities assembled by Fortune . US-CERT further recommends reviewing these safety guidelines from by the Federal Trade Commission for Hurricane Harvey-related charitable giving , and cross-checking organizations on this directory of national charities from the Better Business Bureau .
SCAMMERS are using fake websites to lureAttack.Phishingin Cyber Monday and Christmas shoppers and take their money . Be wary of `` too good to be true '' offers on Fingerlings toys , iPhones and fashion as they 're the most common items sold by fraudsters , according to the City of London Police . With shoppers set to spend £2.96billion by the end of Cyber Monday , fraud experts have warned that scammers will temptAttack.Phishingshoppers with suspiciously good deals so they buy their counterfeit items and hand over their card details . They 'll also set upAttack.Phishingfake websites that look likeAttack.Phishinggenuine retailers to trickAttack.Phishingpeople into giving away their data and payment details , according to a new report by Action Fraud and the City of London Police . Phishing emails containing tempting deals which enticeAttack.Phishingshoppers to click on links to fake websites are also on the rise on Cyber Monday and over the Christmas period , the report said . Scammers are using social media websites such as Facebook , re-selling websites such as Gumtree and online auction websites such as eBay to target Christmas shoppers , experts revealed . Mobile phones - particularly Apple iPhones - are the most common item that people try to buy from fraudsters , according to the report . Seventy-four per cent of all mobiles bought from fraudsters were iPhones , the study said . Electrical and household items , computers , fashion and accessories are also commonly sold to fraud victims , including Apple MacBooks , Ugg boots and Fingerlings toys - so be wary of `` too good to be true '' offers for these items . Women aged between 20 and 29 are the most likely to be caught out by scammers , according to the report , with 30 per cent of fraud reports coming from young women . But the police have warned that everyone should stay on their guard as anyone can fall victim to Christmas shopping fraudsters . More than 15,000 shoppers lost a total of £11million to scammers over the Christmas period last year . Detective Chief Superintendent Pete O ’ Doherty , of the City of London Police , said : “ Unfortunately , at what is an expensive time of year for many , the internet has provided fraudsters with a platform to lureAttack.Phishingpeople in with the promise of cheap deals . He added : “ To stop fraudsters in their tracks , be cautious of where and from whom you ’ re buying , especially if it is technology at a reduced price . '' Tony Neate , CEO of Get Safe Online , a free fraud awareness website , said : “ It can be easy to rush into making a quick purchase online to secure a must have gift or bargain without taking the time to check that everything is as it seems . “ But taking a couple of minutes to familiarise yourself with a few simple online safety tips can be the difference between getting all your shopping done in time and becoming a victim of online fraud . '' There are plenty of Black Friday and Cyber Monday scams around at the moment - we 've revealed the latest tricks used by fraudsters . Meanwhile scammers claiming to beAttack.Phishingfrom Tesco are running a fake competition in an attempt to steal your bank details .
As thousands of freshmen move into their dorms for the first time , there are plenty of thoughts rushing through their minds : their first time away from home , what cringey nickname they 're gon na try to make a thing , if there are any parties before orientation kicks off . One thing that probably is n't on their minds is whether they 're going to get hacked . But that 's all Carnegie Mellon University 's IT department thinks about . Back-to-school season means hordes of vulnerable computers arriving on campus . The beginning of the semester is the most vulnerable time for a campus network , and every year , with new students coming in , schools have to make sure everything runs smoothly . Carnegie Mellon 's network gets hit with 1,000 attacks a minute -- and that 's on a normal day . Cybersecurity is an increasingly important aspect of our everyday lives , with technology playing a massive role in nearly everything we do . Universities have been vulnerable to attacksAttack.Databreachin the past , with cybercriminals stealingAttack.Databreachstudent and faculty databases and hackers vandalizing university websites . Students are often targets for hackers , even before they 're officially enrolled . Considering how much money flows into a university from tuition costs , along with paying for room and board , criminals are looking to cash in on weak campus cybersecurity . A bonus for hackers : Admissions offices often hold data with private information like student Social Security numbers and addresses , as well as their families ' data from financial aid applications . PhishingAttack.Phishinghappens when hackers stealAttack.Databreachyour passwords by sendingAttack.Phishingyou links to fake websites that look likeAttack.Phishingthe real deal . It 's how Russians hacked the Democratic National Committee during the presidential election , and it 's a popular attack to use on universities as well . The latest warning , sent Monday , called out malware hidden in a document pretending to beAttack.Phishingfrom Syracuse University 's chancellor . Digging through my old emails , I found about 20 phishingAttack.Phishingwarnings that had gone out during the four years I 'd been there . Syracuse declined to comment on phishing attacksAttack.Phishingagainst the school , but in a 2016 blog post , it said the attacks were `` getting more frequent , cunning and malicious . '' The school is not alone . Duo Security , which protects more than 400 campuses , found that 70 percent of universities in the UK have fallen victim to phishing attacksAttack.Phishing. Syracuse , which uses Duo Security , fights phishing attacksAttack.Phishingwith two-factor authentication , which requires a second form of identity verification , like a code sent to your phone . But it just rolled out the feature last year . Kendra Cooley , a security analyst at Duo Security , pointed out that students are more likely to fall for phishing attacksAttack.Phishingbecause they have n't been exposed to them as frequently as working adults have . Also , cybercriminals know how to target young minds . `` You see a lot of click-bait phishing messages like celebrity gossip or free travel , '' Cooley said . All students at Carnegie Mellon are required to take a tech literacy course , in which cybersecurity is a focus , said Mary Ann Blair , the school 's chief information security officer . The school also runs monthly phishing campaignsAttack.Phishing: If a student or faculty member fallsAttack.Phishingfor the friendly trapAttack.Phishing, they 're redirected to a training opportunity . When your network is being hit with at least two phishing attemptsAttack.Phishinga day , Blair said , it 's a crucial precaution to keep students on guard . `` It 's just constantly jiggling the doorknobs to see if they 're unlocked , '' Blair said . `` A lot of it is automated attacks . '' It 's not just the thousands of new students that have university IT departments bracing for impact , it 's also their gadgets . `` All these kids are coming on campus , and you do n't know the security level of their devices , and you ca n't manage it , because it 's theirs , '' said Dennis Borin , a senior solutions architect at security company EfficientIP . A lot of university IT teams have their hands tied because they ca n't individually go to every student and scan all their computers . Borin 's company protects up to 75 campuses across the United States , and it 's always crunch time at the beginning of the semester . `` If I was on campus , I would n't let anybody touch my device , '' Borin said . `` So if somebody has malware on their device , how do you protect against an issue like that ? '' Instead of going through every single student , Borin said , his company just casts a wide net over the web traffic . If there 's any suspicious activity coming from a specific device , they 're able to send warnings to the student and kick him or her off the network when necessary . Keeping school networks safe is important for ensuring student life runs smoothly . A university that had only two people on its team reached out to EfficientIP after it suffered an attack . All of the school 's web services were down for an entire week while recovering from the attack , Borin said . Scam artists love to take advantage of timing , and the back-to-school season is a great opportunity for them . There was an influx of fake ransomware protection apps when WannaCry hitAttack.Ransom, as well as a spike in phony Pokemon Go apps stuffed with malware during the height of the game 's popularity . If there 's a massive event going on , you can bet people are flooding the market with phony apps to trickAttack.Phishingvictims into downloading viruses . A quick search for `` back to school apps '' in August found 1,182 apps that were blacklisted for containing malware or spyware , according to security firm RiskIQ . Researchers from the company scanned 120 mobile app stores , including the Google Play store , which had more than 300 blacklisted apps . They found apps for back-to-school tools ; themes and wallpapers for your device ; and some apps that promised to help you `` cheat on your exams . '' Though most of the blacklisted apps are poorly made games , others pretend to help you be a better student . Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts , Risk IQ said . For any educational apps , like Blackboard Learn , you should always check the sources and look for the official versions . New students coming to school have enough to worry about . Let 's hope a crash course in cybersecurity is enough to ensure they make it to graduation without getting hit by hacks .
BT MAIL users should be on alert as a new email scamAttack.Phishingis discovered which could be used to gain accessAttack.Databreachto personal details . Users of BT ’ s popular email service should be aware of a new scam which is targeting customers across the UK . The latest threat , which was unleashed over the weekend , suggests that customers ’ bills are overdue and need to be paid as soon as possible . The full message reads , “ Your latest bill is now overdue . You can view it online at My BT or on the app . To log in , you 'll need your BT ID . This is usually your email address . “ You need to pay it as soon as possible to avoid service intreruption ! ” This scam then attempts to trickAttack.Phishingusers by suggesting they should click a link to pay their outstanding bill . There ’ s plenty of warning signs about this message including obvious spelling errors and the fact there ’ s no official BT branding on the email . Another reason why this is clearly a fake is that it 's been sentAttack.Phishingto people who do n't even use BT as their email provider . One person hit by the scam told Express.co.uk that they receivedAttack.Phishingthe email on Sunday and have never had a BT broadband or BT email account . UK Police have also sent out an alert warning BT customers about this latest scamAttack.Phishingand advising them not to be cautious when clicking in links embedded within emails . In a tweet Warwickshire Police said they had “ received an email from BT re an outstanding bill today - there are links on it to pay the bill . `` This is an obvious scam , '' the message on Twitter continued . `` Please if you receive a similar one DO NOT CLICK ON THE LINKS - BT have been made aware . '' Express.co.uk has contacted BT for comment on this latest scam . BT has plenty of advice on its website about staying safe online . The broadband supplier states that internet scams can take many forms , from ' phishingAttack.Phishing' , where a fake email or web site will try to get you to part with your bank account information , to scams pretending to beAttack.Phishingfrom online auction , job or other websites that try to collect your personal data . Not sure if an email you 've received is genuine ? Do n't click on it , and never give out your account or bank details . Stay safe by being aware of `` phishingAttack.Phishing`` and other scams that might find their way into your inbox .
Email is great for keeping in touch with friends and family and quickly conversing with colleagues but it ’ s not without its pitfalls . Scammers approachAttack.Phishingpeople via email to encourage them to hand over private or sensitive information about themselves or the company they work for . “ The most prevalent threats we see targeting consumers today are phishing attacksAttack.Phishingpredominantly via email , where scammers try to trickAttack.Phishingpeople into sharing private information or access to money , ” Jessica Brookes , director of EMEA consumer at McAfee , told the Press Association . “ The first thing you should know about phishingAttack.Phishingis that it almost always involves a form of ‘ social engineering ’ , in which the scammer tries to manipulateAttack.Phishingyou into trusting them for fraudulent purposes , often by pretending to beAttack.Phishinga legitimate person or business . Secondly , if an email doesn ’ t seem legitimate , it probably isn ’ t ; it ’ s always better to be safe than sorry. ” Here are four of the most popular scams circulating today : 1 ) The CEO Scam This scamAttack.Phishingappears asAttack.Phishingan email from a leader in your organisation , asking for highly sensitive information like company accounts or employee salaries . The hackers fakeAttack.Phishingthe boss ’ s email address so it looks likeAttack.Phishinga legitimate internal company email . That ’ s what makes this scam so convincing – the lure is that you want to do your job and please your boss . But keep this scam in mind if you receive an email asking for confidential or highly sensitive information , and ask the apparent sender directly whether the request is real , before responding . 2 ) The Lucky Email How fortunate ! You ’ ve won a free gift , an exclusive service , or a great deal on a trip abroad . Just remember , whatever “ limited time offer ” you ’ re being sold , it ’ s probably a phishing scamAttack.Phishingdesigned to get you to give up your credit card number or identity information . The lure here is something free or exciting at what appears to be little or no cost to you . 3 ) The Urgent Email Attachment Phishing emails that try to trickAttack.Phishingyou into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time . This is because they work . You ’ ve probably received emails asking you to download attachments confirming a package delivery , trip itinerary or prize . They might urge you to “ respond immediately ” . The lureAttack.Phishinghere is offering you something you want , and invoking a sense of urgency to get you to click . 4 ) The Romance Scam This one can happen completely online , over the phone , or in person once initial contact is established . But the romance scam always starts with someone supposedly looking for love . The scammer often poses asAttack.Phishinga friend-of-a-friend via email and contacts you directly . But what starts as the promise of love or partnership , often leads to requests for money or pricey gifts . The scammer will sometimes spin a hardship story , saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch . The lure here is simple – love and acceptance . Brookes added : “ It is everyone ’ s responsibility to be aware and educate each other – we need to share knowledge and collaborate to protect ourselves against the current threats we face as people living in a connected world . ”
Email is great for keeping in touch with friends and family and quickly conversing with colleagues but it ’ s not without its pitfalls . Scammers approachAttack.Phishingpeople via email to encourage them to hand over private or sensitive information about themselves or the company they work for . “ The most prevalent threats we see targeting consumers today are phishing attacksAttack.Phishingpredominantly via email , where scammers try to trickAttack.Phishingpeople into sharing private information or access to money , ” Jessica Brookes , director of EMEA consumer at McAfee , told the Press Association . “ The first thing you should know about phishingAttack.Phishingis that it almost always involves a form of ‘ social engineering ’ , in which the scammer tries to manipulateAttack.Phishingyou into trusting them for fraudulent purposes , often by pretending to beAttack.Phishinga legitimate person or business . Secondly , if an email doesn ’ t seem legitimate , it probably isn ’ t ; it ’ s always better to be safe than sorry. ” Here are four of the most popular scams circulating today : 1 ) The CEO Scam This scamAttack.Phishingappears asAttack.Phishingan email from a leader in your organisation , asking for highly sensitive information like company accounts or employee salaries . The hackers fakeAttack.Phishingthe boss ’ s email address so it looks likeAttack.Phishinga legitimate internal company email . That ’ s what makes this scam so convincing – the lure is that you want to do your job and please your boss . But keep this scam in mind if you receive an email asking for confidential or highly sensitive information , and ask the apparent sender directly whether the request is real , before responding . 2 ) The Lucky Email How fortunate ! You ’ ve won a free gift , an exclusive service , or a great deal on a trip abroad . Just remember , whatever “ limited time offer ” you ’ re being sold , it ’ s probably a phishing scamAttack.Phishingdesigned to get you to give up your credit card number or identity information . The lure here is something free or exciting at what appears to be little or no cost to you . 3 ) The Urgent Email Attachment Phishing emails that try to trickAttack.Phishingyou into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time . This is because they work . You ’ ve probably received emails asking you to download attachments confirming a package delivery , trip itinerary or prize . They might urge you to “ respond immediately ” . The lureAttack.Phishinghere is offering you something you want , and invoking a sense of urgency to get you to click . 4 ) The Romance Scam This one can happen completely online , over the phone , or in person once initial contact is established . But the romance scam always starts with someone supposedly looking for love . The scammer often poses asAttack.Phishinga friend-of-a-friend via email and contacts you directly . But what starts as the promise of love or partnership , often leads to requests for money or pricey gifts . The scammer will sometimes spin a hardship story , saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch . The lure here is simple – love and acceptance . Brookes added : “ It is everyone ’ s responsibility to be aware and educate each other – we need to share knowledge and collaborate to protect ourselves against the current threats we face as people living in a connected world . ”
The IRS , state tax agencies and the nation ’ s tax industry urge people to be on the lookout for new , sophisticated email phishing scamsAttack.Phishingthat could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
The BBC recently uncovered that scammers are attempting to trickAttack.Phishingus through the abuse of multilingual character sets . By creatingAttack.Phishingthese lookalike sites with domain names that are almost identical to the URLs we know and trust , it ’ s made telling the difference between fake and genuine sites – and avoiding phishing scamsAttack.Phishing– increasingly difficult . Research by security company Wandera revealed that people are three times more likely to fall for a phishing scamAttack.Phishingif it is on their phone . As a result , this new scamAttack.Phishingtargets smartphone users , where the lookalike sites are harder to spot . A recent survey that tested the British public ’ s knowledge of scams and online security behaviours found 16 % of British adults have experienced online fraud . For phishing scamsAttack.Phishingspecifically , it ’ s one in ten of us . The most common age group to experience online fraud is 35 – 54 , with almost one-fifth ( 19 % ) of this demographic having fallen victim to a scam . CEO of Get Safe Online , Tony Neate , said : “ While online fraud is common , it becomes less so when you engage common sense . “ It is very easy to cloneAttack.Phishinga real website and does not take a skilled developer long to produce a very professional-looking but malicious site , but if you know what to look for , it ’ s easy to stay safe. ” There are numerous ways to determine whether or not a received email is from a legitimate company trying to help , or a scammer looking to stealAttack.Databreachfinancial details . The initial sender is a good starting point . Take the time to look at the email address you ’ re being contacted by , not just the name . An unfamiliar address , or one that doesn ’ t correspond with the company , is a giveaway that it ’ s a fraudster . Then take a look at the greeting . If the email opens with ‘ Dear loyal customer ’ or ‘ Hello ( followed by your email address ) ’ then it ’ s another telltale sign . The real company would address you by your full name and make it personal to you . Careless slip-ups in the copy of the email are also giveaways . Does any of the grammar or spelling not sit quite right ? This is a big indicator that it ’ s a phishing scamAttack.Phishing. You wouldn ’ t expect poor language by someone from a legitimate company .
Scammers taking advantage of tax time are trying to trickAttack.PhishingAustralians into handing over their personal details with the promise of a tax refund through a fake myGov form . Stay Safe Online issued a high alert for the latest scam on Wednesday . `` It 's tax time and the common scam email informing that you 're eligible for a tax refund is doing the rounds again , '' the warning said . `` Scammers have long used the promise of a tax refund to trickAttack.Phishingpeople into sharing their personal information or to download malware . '' The phishing email claims to come fromAttack.PhishingmyGov and has the subject line , `` Important information regarding your account '' , as well as the myGov logo . It asks you to click on a link to claim your refund . The link leadsAttack.Phishingto a fake tax refund claim formAttack.Phishing, asking for personal details such as email , password , and credit card details . `` After you supply this information and click the continue button , you 'll be automatically redirected to the myGov website . By then it 's too late and the scammer has your details . '' Stay Safe Online said scammers can use that information to commit credit card fraud and identity theft . `` The ATO and myGov will never send an email or SMS asking you to click on a link and provide login , personal or financial information , download a file or open an attachment . '' Earlier this month scammers used a cloned version of myGov website in an attempt to lureAttack.Phishingin victims with a phishing email . Australian Taxation Office assistant commissioner Kath Anderson said tax time was a popular time for scammers to prey on unsuspecting Australians , busily preparing their tax returns or even waiting on a refund .
Scammers taking advantage of tax time are trying to trickAttack.PhishingAustralians into handing over their personal details with the promise of a tax refund through a fake myGov form . Stay Safe Online issued a high alert for the latest scam on Wednesday . `` It 's tax time and the common scam email informing that you 're eligible for a tax refund is doing the rounds again , '' the warning said . `` Scammers have long used the promise of a tax refund to trickAttack.Phishingpeople into sharing their personal information or to download malware . '' The phishing email claims to come fromAttack.PhishingmyGov and has the subject line , `` Important information regarding your account '' , as well as the myGov logo . It asks you to click on a link to claim your refund . The link leadsAttack.Phishingto a fake tax refund claim formAttack.Phishing, asking for personal details such as email , password , and credit card details . `` After you supply this information and click the continue button , you 'll be automatically redirected to the myGov website . By then it 's too late and the scammer has your details . '' Stay Safe Online said scammers can use that information to commit credit card fraud and identity theft . `` The ATO and myGov will never send an email or SMS asking you to click on a link and provide login , personal or financial information , download a file or open an attachment . '' Earlier this month scammers used a cloned version of myGov website in an attempt to lureAttack.Phishingin victims with a phishing email . Australian Taxation Office assistant commissioner Kath Anderson said tax time was a popular time for scammers to prey on unsuspecting Australians , busily preparing their tax returns or even waiting on a refund .
PhishingAttack.Phishingtakes place when a fraudster tricksAttack.Phishingan individual into sharing sensitive information ( account numbers , Social Security numbers , login credentials , etc . ) by way of fraudulent emails , texts , or counterfeit websites . PhishingAttack.Phishingcan also enable a scammer to gain access to a computer or network so that they can install malware , such as ransomware , on a victim 's computer . Phishers are able to achieve this by spoofingAttack.Phishingthe familiar , trusted logos of established , legitimate companies . Or , they may pose asAttack.Phishinga friend or family member and are often successful in completely deludingAttack.Phishingtheir targets . In carrying out attacks , Dark Caracal uses trojanized WhatsApp and Facebook apps to try to lureAttack.Phishingusers into clicking malicious links and downloading Android malware , called Pallas , which can collect vast amounts of data . Dark Caracal targets include governments , military organizations , utilities , financial institutions , manufacturing companies and defense contractors . Stealth Mango ( Android ) and Tangelo ( iOS ) , discovered by Lookout Security Intelligence , are surveillanceware tools that target government officials , diplomats , activists and military personnel , specifically in Pakistan , Afghanistan , Iraq , India and the UAE . According to Lookout Security , “ data from U.S. , Australian , and German officials and military have been swept up in the campaign we believe is being run by members in the Pakistani military. ” Fake eFax email deceivesAttack.Phishingemail recipients by telling them they have received ‘ a new eFax ’ and that they need to click on a link button in the email to retrieve the document . The link goes to a phishing page . This is not a new attack , but has recently been spotted in emails again . Email filtering company , Mailguard , has picked upAttack.Phishinga fake E-Toll notification containing an infected .doc file . According to Mailguard , the file contains a malicious macro that will download malware to the victim ’ s computer . The notification also includes the logos of Microsoft Office and Mailguard in order to appearAttack.Phishingauthentic . It even goes as far as to claim that , “ this document is protected by MailGuard '' . DHL branding was mimickedAttack.Phishingand fake shipping notifications were sent outAttack.Phishing, asking recipients to download an attached file that contained highly destructive trojan malware . “ MEWKitAttack.Phishing” is a phishing attackAttack.Phishingthat directly steals Ethereum from users of MyEtherWallet . Using MyEtherWallet as baitAttack.Phishing, it attempts to trickAttack.PhishingEthereum investors into logging in to the bogus , cloned version of the website in order to steal their credentials . Gmail ’ s new Confidential Mode may invite link-baiting phishing attacksAttack.Phishing. According to analysis by ComputerWorld , “ Confidential Mode works by storing your email in a secure space on Google servers in the cloud . When both sender and recipient use Gmail , the email appears normal . But recipients who do not use Gmail get a link for viewing the email in a browser . The messages you send or receive via Confidential Mode are not actually email . The link is an email , but the message is an email-looking page on the internet that ’ s password-protected . Emails containing the link can , in fact , be forwarded , but only the intended recipient can successfully open the link . When someone gets one of these forwarded mails , they ’ re prompted for their Google login username and password to determine whether or not they ’ re the intended recipient . This is problematic , because it invites link-baiting phishing attacksAttack.Phishing, which could con people into revealing their login information . ” A phishing campaignAttack.Phishingtargeting Apple users seeks to dupeAttack.Phishingvictims into updating their profiles in preparation for the EU ’ s General Data Protection Regulation ( GDPR ) policies , which go into effect on May 25 . This is just one of many scams exploiting the coming implementation of GDPR policies .
Scammers are flooding the United States with Chinese-language robocalls , causing major headaches from coast to coast . These new robocalls are a lot like the ones you ’ ve already gotten on your phone at all hours of the day and night : Your phone rings , you pick up , and after a brief pause or maybe a quiet click or beep , a prerecorded voice message meets your ears . The recording , which often sounds like a young woman , usually delivers a message about lowering credit-card rates or buying into cheap health insurance . If you fall for the baitAttack.Phishing, you ’ re transferred to a live human who will try anything to get you to hand over your credit-card or bank account info . The important thing to remember is that sales robocalls are illegal in the United States . So , don ’ t expect the person on the other end of the line to follow through on whatever deal they claim to offer . You ’ re much more likely to fall victim to an identity theft scam or credit-card fraud than to score a deal from one of these spam callers . The new Chinese-language version of these calls targets immigrants . The robocalls deliver a recorded message claiming to beAttack.Phishingfrom the Chinese consulate , saying the recipient is in trouble with Chinese officials , or sometimes that a package is waiting at the Chinese consulate that needs to be picked up . Then , the robocall asks for a deposit or fee , demanding a credit-card number or bank information . Sometimes the robocall or live operator who follows it makes a threat , suggesting that more trouble will come if the person doesn ’ t willingly hand over their financial info , according to the Federal Trade Commission . In New York City alone , police estimate at least 30 residents had been scammed out of $ 3 million , according to National Public Radio . The Chinese Consulate General in New York says it has posted dozens of alerts on its website warning about the scams . `` We would like to restate that the Consulate General in New York would not ask for personal information , deliver parcel pick-up notice or ask people to answer inquiries from police department by way of phone calls . The Consulate General would not ask for bank account information , '' it warned . The scammers are also upping the ante with a tech trickAttack.Phishingcalled “ spoofingAttack.Phishing. ” Spoofed calls can fakeAttack.Phishingcaller ID numbers , making them look likeAttack.Phishingthey ’ re coming fromAttack.Phishinga familiar number , nearby area code , your hometown or in this case , the Chinese consulate , according to the Federal Communications Commission , which also issued an alert . So , even if you do n't speak Chinese , why would you get so many calls ? The scammers don ’ t know who they ’ re calling , and it costs virtually nothing to place a phone call , so if they hit a few thousand English-speaking phones for every one Chinese speaker that ’ s totally fine with them . This scam uses many of the same ploys used on unsuspecting English speakers , say in the scam where the caller pretends to beAttack.Phishingfrom the IRS and is demanding payments on back taxes that don ’ t really exist .
PhishingAttack.Phishingis one of the most devious scams for filching your personal information , but experts say it is possible to avoid them if you know what you 're looking for . At its essence , phishingAttack.Phishingis the act of pretending to beAttack.Phishingsomeone or something you trust in order to trickAttack.Phishingyou into entering sensitive data like your user name and password . The goal -- of course -- is to take your money . Some of the most common phishing scamsAttack.Phishingare bogus emails purportedly from trustworthy institutions like the U.S.Internal Revenue Service or major banks . The more sophisticated scams are crafted to look very much likeAttack.Phishinga legitimate message from a site you do business with . “ Many popular phishing scamsAttack.Phishingpurport to beAttack.Phishingfrom shipping companies , e-commerce companies , social networking websites , financial institutions , tax-preparation companies and some of the world ’ s most notable companies , ” said Norton by Symantec senior security response manager Satnam Narang via email . One of the worst cases on record was an aircraft parts CEO who was trickedAttack.Phishinginto handing over more than $ 55 million – which shows that phishing scamsAttack.Phishingcan dupeAttack.Phishingeven smart people . Fox News asked Symantec about the top phishing scamsAttack.Phishingand how to avoid them . 1 . Your account has been or will be locked , disabled or suspended . `` Scare tactics are a common theme when it comes to phishing scamsAttack.Phishing, '' said Narang . `` Claiming a users ’ account has been or will be locked or disabled is a call to action to the user to enticeAttack.Phishingthem to provide their login credentials . '' 2 . Irregular/fraudulent activity detected or your account requires a `` security '' update . `` Extending off of # 1 , scammers will also claim irregular or fraudulent activity has been detected on your account or that your account has been subjected to a compulsory 'security update ' and you need to login to enable this security update , '' Narang said . 3 . You ’ ve received a secure or important message . `` This type of phishing scamAttack.Phishingis often associated with financial institutions , but we have also seen some claiming to beAttack.Phishingfrom a popular e-commerce website , '' said Narang . `` Because financial institutions don ’ t send customer details in emails , the premise is that users will be more inclined to click on a link or open an attachment if it claims to beAttack.Phishinga secure or important message . '' 4 . Tax-themed phishing scamsAttack.Phishing. `` Each year , tax-themed phishing scamsAttack.Phishingcrop up before tax-time in the U.S. and other countries , '' Narang added . `` These tax-related themes can vary from updating your filing information , your eligibility to receive a tax refund or warnings that you owe money . One thing that ’ s for sure is that the IRS doesn ’ t communicate via email or text message , they still send snail mail . '' 5 . Attachment-based phishingAttack.Phishingwith a variety of themes . `` Another trend we have observed in recent years is that scammers are using the luresAttack.Phishingmentioned above , but instead of providing a link to an external website , they are attaching an HTML page and asking users to open this 'secure page ' that requests login credentials and financial information , '' according to Narang . Avast , which also develop antivirus software and internet security services , offered advice on what to look for . Ransomware , which encrypts data ( i.e. , makes it inaccessible to the user ) , tries to tap into the same fears that phishingAttack.Phishingdoes . The hope that the “ attacked person will panic , and pay the ransomAttack.Ransom, ” Jonathan Penn , Director of Strategy at Avast , told Fox News .
Prize scams are as old as the hills , but people keep falling for them — sending the fraudsters hundreds , sometimes thousands of dollars to claim their cash , luxury cars or other non-existent prizes . Sweepstakes , lottery and prize scams “ are among the most serious and pervasive frauds operating today , ” according to a new report from the Better Business Bureau . And along with phone calls , letters and email , the crooks are now using text messages , pop-ups and phony Facebook messages to lureAttack.Phishingtheir victims . In fact , social media is now involved in a third of the sweepstakes fraud complaints received by the FBI ’ s Internet Crime Complaint Center ( IC3 ) . “ Scammers are like viruses . They mutate and adapt and find things that work , ” said Steve Baker , former director of the Federal Trade Commission ’ s Midwest region and author of the BBB report . “ The crooks have discovered social media big time and since social media is free to use , they can easily do a whole lot of damage from other countries. ” The BBB study found that : Nearly 500,000 people reported a sweepstakes , lottery or other prize scam to law enforcement agencies in the U.S. and Canada in the last three years . Monetary losses totaled $ 117 million last year . Facebook Messenger Lottery Fraud Scammers are creatingAttack.Phishingbogus websites that look likeAttack.Phishinga legitimate lottery or sweepstakes site . Or they are reaching out to potential victims who don ’ t properly set their privacy settings on social media platforms such as Facebook . The BBB report says Facebook Messenger , the private messaging app , is a favorite way for fraudsters to find victims . They can use Messenger — with or without a Facebook profile — and contact people who are not Facebook friends . In many cases , the bogus message appears to beAttack.Phishingfrom Publishers Clearing House ( PCH ) congratulating you on winning a big prize . To claim that prize , it says , you need to send them money . “ That ’ s a red flag warning , ” said Chris Irving , a PCH assistant vice president . “ If anybody asks you to send money to collect a prize , you know it 's a scam and it 's not from the real Publishers Clearing House . At Publishers Clearing House or any legitimate sweepstakes , the winning is always free — no purchase , no payment , no taxes or customs to pay. ” The crooks also impersonateAttack.PhishingFacebook founder Mark Zuckerberg in some of their phony Messenger messages . “ They postAttack.Phishinga fake profile of Zuckerberg on Facebook , ” Baker said . “ Then they sendAttack.Phishingyou a message through the Facebook messenger system saying : ‘ Hi this is Mark Zuckerberg . I 'm delighted to be able to tell you that you have won the Facebook Lottery and here is the person you need to contact to get the money . ’ ” Take the baitAttack.Phishingand click the link , and you ’ ll be told to send money to claim your winnings . Of course , there is no Facebook Lottery and Zuckerberg is not sending prize notices to anyone . In a recent story on social media scams , the New York Times reported it found 208 accounts that impersonated Zuckerberg or Facebook COO Sheryl Sandberg on Facebook and Instagram . At least 51 of the impostor accounts , including 43 on Instagram , were lottery scams . ( In 2012 , Facebook purchased Instagram for $ 1 billion . ) Facebook says it ’ s working to stop the scammers who use its platform to trickAttack.Phishingpeople out of their money . In March , the company announced it was using new machine learning techniques that helped it detect more than a half-million accounts related to fraudulent activity . “ These ploys are not allowed on Facebook and we 're constantly working to better defend against them , ” said Product Manager Scott Dickens . “ While we block millions of fake accounts at registration every day , we still need to focus on the would-be scammers who manage to create accounts . Our new machine learning models are trained on previously confirmed scams to help detect new ones. ” The company has also posted a warning on how to avoid Facebook scams . The BBB report calls on Facebook and other social media platforms to make “ additional efforts ” to prevent fake profiles and to make it easier for users to contact them about fraud .
Staff are still falling for phishing scamsAttack.Phishing, with social media friend requests and emails pretending to come fromAttack.Phishingthe HR department among the ones most likely to foolAttack.Phishingworkers into handing over usernames and passwords . Phishing scamsAttack.Phishingaim to trickAttack.Phishingstaff into handing over data -- normally usernames and passwords -- by posing asAttack.Phishinglegitimate email . It 's a technique used by the lowliest criminals as part of ransomware campaigns , right up to state-backed hackers because it continues to be such an effective method . In a review of 100 simulated attack campaigns for 48 of its clients , accounting for almost a million individual users , security company MWR Infosecurity found that sendingAttack.Phishinga bogus friend request was the best way to get someone to click on a link -- even when the email was being sentAttack.Phishingto a work email address . Almost a quarter of users clicked the link to be taken through to a fake login screen , with more than half going on to provide a username and password , and four out of five then going on to download a file . A spoof email claiming to beAttack.Phishingfrom the HR department referring to the appraisal system was also very effective : nearly one in five clicked the link , and three-quarters provided more credentials , with a similar percentage going on to download a file . Some might argue that gaining accessAttack.Databreachto a staff email account is of limited use , but the security company argues that this is a handy for an assault . A hacker could dumpAttack.Databreachentire mailboxes , accessAttack.Databreachfile shares , run programs on the compromised user 's device , and access multiple systems , warned MWR InfoSecurity . Even basic security controls , such as two-factor authentication or disabling file and SharePoint remote access , could reduce the risk . The company also reported bad news about the passwords that users handed over : while over 60 percent of passwords were found to have a length of 8 to 10 characters -- the mandatory minimum for many organizations -- the company argued that this illustrates how users stick to minimum security requirements . A third of the passwords consisted of an upper-case first letter , a series of lower-case letters , and then numbers with no symbols . It also found that 13.6 percent of passwords ended with four numbers in the range of 1940 to 2040 . Of those , nearly half ended in 2016 , which means one-in-twenty of all passwords end with the year in which they were created .
The Indiana Department of Revenue and the Internal Revenue Service is warning individuals and businesses about emails that use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open attachments . These scams are problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It ’ s been described as one of the most costly and destructive malware to date . Both the DOR and IRS have several tips to help individuals and businesses stay clear of these scams : - The DOR and IRS do not contact customers via email to share sensitive documents such as a tax transcript - Use security software to protect against malware and viruses , and make sure it ’ s up-to-date - Never open emails , attachments , or click on links when you ’ re not sure of the source If you receiveAttack.Phishingan email claiming to beAttack.Phishingthe IRS , delete it or forward the email to phishing @ irs.gov < mailto : phishing @ irs.gov > . If the email claims to beAttack.Phishingfrom the DOR forward it to investigations @ dor.in.gov < mailto : investigations @ dor.in.gov > . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online ” . The scam email includes an attachment , with the subject line often including “ tax transcript ” .
Social media scams such as blackmail , identity theft , money laundering and dating scams are expected to gain popularity in SA this year . This is according to Kovelin Naidoo , chief cyber security officer at FNB , who explains that although social media scams in SA are not yet as prevalent as global counterparts ; the reality is that they do exist . As social media continues to gain prominence among South African consumers , Naidoo believes platforms like Instagram , Youtube , Facebook and Twitter have also become a platform where fraudsters attempt to catch unsuspecting consumers off guard . `` Given that the popularity of social media is set to remain for the coming years , consumers are encouraged to constantly educate themselves and their loved ones about the latest methods that fraudsters use to get hold of their victims ' personal information , '' adds Naidoo . Naidoo warns consumers to look out for money laundering scams - when scammers trickAttack.Phishingpeople through social media platforms by claiming to have large sums of cash that they need to deposit urgently through a foreign bank account and identity theft - when fraudsters stealAttack.Databreachinformation and use it illegally by impersonating victims . `` Social media blackmail is another scam to watch out for - never share personal photos or videos on social media that portray you in a compromising position as scammers can use these against you by threatening to send them to close family members or upload them on public platforms . Another scam to gain traction is a social media phishing scamAttack.Phishing, where fraudsters pretend to representAttack.Phishingthe victim 's bank on social media platforms , '' advises Naidoo . Manuel Corregedor , COO of Telspace Systems , says consumers who use social media platforms to meet companions or their life partners should also look out for dating or romance scams . `` In these scams , criminals play on the emotions of victims in order to scam them out of money i.e . they target certain profiles based on age , gender and marital status . Once connected , the criminal starts to 'build a relationship ' , with the victim as a means to get them to like or love them . Once this happens , the criminal plays on the victim 's emotions as a means to get money from the client . '' It is necessary to create an awareness around such scams and educate people , advises Corregedor . However , it should be noted , that these scams are not new - they existed before social media . Additional things users can do to protect themselves online is to only add people on social media sites , in particular Facebook , that they have met in person before ; restrict who can see your photos , posts , and look out for the following signs that it might be a scam . Denis Makrushin , security researcher at Kaspersky Lab , says that social media chain letters and phishingAttack.Phishingis also expected to gain traction this year . `` Some social media messages ask recipients to send a small sum of money to certain addressees . Cyber criminals use chain letters to distribute malware - a letter may contain a link to a malicious Web site . A recipient is luredAttack.Phishinginto visiting the site on some pretext or other , for example they are warned about a virus epidemic and are offered the possibility to download an 'antivirus program ' . `` Furthermore phishing scamsAttack.Phishingvia social media messages are also markedly more detailed and sophisticated than the average phishing e-mail . For example , one might be a security alert saying that someone just tried to sign into your account from such and such address using such and such browser - all you have to do is click the link to check that everything 's OK , '' he explains . Naidoo advises social media users to never share their banking details with strangers and to think twice before sending money to someone you recently met online or have n't met in person yet .
It ’ s tax season , and that means con artists and scammers are out in full force trying to capitalize on people ’ s financial anxieties . The IRS puts out strong warnings each year—often republishing its “ ’ Dirty Dozen ’ list of tax scams ” several times between January and April . This year , phishing schemesAttack.Phishing—in which scammers sendAttack.Phishingemails pretending to beAttack.Phishingfrom the IRS in order to trickAttack.Phishingpeople into divulging sensitive information—topped the list . “ We urge taxpayers to watch out for these tricky and dangerous schemes , ” acting IRS Commissioner David Kautter said in a March 5 warning to consumers . “ PhishingAttack.Phishingand other scams on the ‘ Dirty Dozen ’ list can trapAttack.Phishingunsuspecting taxpayers . Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data. ” Threat researchers at Zscaler published a blog on March 15 outlining four new phishing schemesAttack.Phishingthey identified during this tax season , most of which used fake IRS websites to steal taxpayers ’ information . “ Cybercriminals have long used social engineering and phishing techniques to lureAttack.Phishingunsuspecting users into giving away private information , ” the researchers wrote . “ They track current trends and events to make their attacks more effective , and tax season offers a rich opportunity for attackers to disguise themselves asAttack.Phishingwell-known brands and even government agencies in an effort to exploit users. ” This tendency is on display with the “ chalbhai ” phishing attackAttack.Phishing, which uses a spoof of an outdated IRS form to trickAttack.Phishingusers into giving up their tax identification information , which can then be used to file false returns . While studying this campaign , researchers noticed the term “ chalbhai ” used in the source code . “ We have typically seen this tag associated with phishing pages that look likeAttack.PhishingMicrosoft Office 365 , Apple ID , Dropbox or DocuSign , ” Zscaler wrote . “ This is a good example of criminals adapting their phishing content to reflect current trends , ” i.e. , tax season . Another similar scheme directed users to a fake IRS page for unlocking expired passwords . Researchers noted this campaign was particularly tricky , as users were redirectedAttack.Phishingto a legitimate IRS page after giving up their information . “ With this page , ” they wrote , “ the attacker is attempting to prevent user suspicion by redirecting the user from this phishing page to a legitimate e-policy statement hosted on the actual IRS page… At this point , the victims believe they have completed the account unlock process and they proceed to log in on the legitimate page unaware that their information has been stolen. ” Researchers also found similar tactics used to get taxpayers ’ logins for tax preparer sites like TurboTax . In a fourth example , Zscaler researchers found an encrypted phishing page designed to mask their ill-intent from security measures . After a user downloads the page , it is decrypted within the browser , skirting some security checks . In all these examples , users could have avoided the scam by double-checking the URL in the browser , which all included additional characters before the .gov domain , indicating users were not actually at an official IRS site .
It ’ s tax season , and that means con artists and scammers are out in full force trying to capitalize on people ’ s financial anxieties . The IRS puts out strong warnings each year—often republishing its “ ’ Dirty Dozen ’ list of tax scams ” several times between January and April . This year , phishing schemesAttack.Phishing—in which scammers sendAttack.Phishingemails pretending to beAttack.Phishingfrom the IRS in order to trickAttack.Phishingpeople into divulging sensitive information—topped the list . “ We urge taxpayers to watch out for these tricky and dangerous schemes , ” acting IRS Commissioner David Kautter said in a March 5 warning to consumers . “ PhishingAttack.Phishingand other scams on the ‘ Dirty Dozen ’ list can trapAttack.Phishingunsuspecting taxpayers . Being cautious and taking basic security steps can help protect people and their sensitive tax and financial data. ” Threat researchers at Zscaler published a blog on March 15 outlining four new phishing schemesAttack.Phishingthey identified during this tax season , most of which used fake IRS websites to steal taxpayers ’ information . “ Cybercriminals have long used social engineering and phishing techniques to lureAttack.Phishingunsuspecting users into giving away private information , ” the researchers wrote . “ They track current trends and events to make their attacks more effective , and tax season offers a rich opportunity for attackers to disguise themselves asAttack.Phishingwell-known brands and even government agencies in an effort to exploit users. ” This tendency is on display with the “ chalbhai ” phishing attackAttack.Phishing, which uses a spoof of an outdated IRS form to trickAttack.Phishingusers into giving up their tax identification information , which can then be used to file false returns . While studying this campaign , researchers noticed the term “ chalbhai ” used in the source code . “ We have typically seen this tag associated with phishing pages that look likeAttack.PhishingMicrosoft Office 365 , Apple ID , Dropbox or DocuSign , ” Zscaler wrote . “ This is a good example of criminals adapting their phishing content to reflect current trends , ” i.e. , tax season . Another similar scheme directed users to a fake IRS page for unlocking expired passwords . Researchers noted this campaign was particularly tricky , as users were redirectedAttack.Phishingto a legitimate IRS page after giving up their information . “ With this page , ” they wrote , “ the attacker is attempting to prevent user suspicion by redirecting the user from this phishing page to a legitimate e-policy statement hosted on the actual IRS page… At this point , the victims believe they have completed the account unlock process and they proceed to log in on the legitimate page unaware that their information has been stolen. ” Researchers also found similar tactics used to get taxpayers ’ logins for tax preparer sites like TurboTax . In a fourth example , Zscaler researchers found an encrypted phishing page designed to mask their ill-intent from security measures . After a user downloads the page , it is decrypted within the browser , skirting some security checks . In all these examples , users could have avoided the scam by double-checking the URL in the browser , which all included additional characters before the .gov domain , indicating users were not actually at an official IRS site .
A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaignAttack.Phishingdesigned to trickAttack.Phishingvictims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuadeAttack.Phishingthe victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacksAttack.Phishinginvolves attackers sendingAttack.Phishingstatus updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacksAttack.Phishingto look authentic and crucially , from someone the target might trust . In one example of this attackAttack.Phishing, the target receivesAttack.Phishingan email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to beAttack.Phishingsomeone the recipient knows . MimickingAttack.Phishingsomeone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to containAttack.Phishinginformation from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouragedAttack.Phishingto click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attractAttack.Phishingvictims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .
Conmen are taking phishing scamsAttack.Phishingto the next level , targeting Apple users with emails and calls to a fake Apple Care service . While emails are a fairly common way of luringAttack.Phishingvictims , it ’ s not every day that you hear about calls being involved to dupeAttack.Phishingfolks . Ars Technica reports that the attackAttack.Phishingbegins with an email which is designed to look likeAttack.Phishingan official iCloud account warning . It claims a sign-in attempt was blocked on their account since someone tried to use their password . There ’ s a “ Check Activity ” button which opens up a page on a compromised site for a men ’ s salon in South India . The webpage immediately redirectsAttack.Phishingthe victim to another site , followed by another redirection to a fake Apple Support page asking them to contact support since their iPhone has been locked due to illegal activity . If they fall for the baitAttack.Phishing, the site launches a “ scanning ” box which eventually gives way to a pop-up box prompting the victim to call a number . If the email is opened in an iPhone , the number can be called straightaway . iPads and Macs can ’ t do the same , so the system will ask if they want to open it in FaceTime . The publication actually dialed the number and got in touch with someone who described themselves as “ Lance Roger from Apple Care. ” It seems the elaborate scheme is targeting email addresses associated with iCloud . The end game is to trickAttack.PhishingiPhone users into enrolling in a rogue mobile device management service . This allows the attackers to push infected apps onto the victim ’ s device , all the while pretendingAttack.Phishingthis is a part of Apple ’ s security service . The phishing site is still live right now , but both Google and Apple have marked it as deceptive . Ars Technica has additionally passed on the technical details of the scam to an Apple security team member . The company told Engadget that it has resources on its support website to help people tell right from wrong . Everyday iOS users could still easily get fooled though .
Criminals are attempting to trickAttack.Phishingconsumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .
The app is still active at the time of writing and sends collectedAttack.Databreachuser details to an AOL email address . Discovered today by MalwareHunter , this application goes above and beyond of what other card stealers have attempted , most of which are half-baked efforts , often easy to recognize as malicious applications thanks to their quirky graphics and misaligned designs . This app , named `` Betaling - Google Chrome.exe '' , tries to pass as the Google Chrome browser and does a good job at it . Betaling is n't a perfect Google Chrome , though , as there are a few clues that experienced users can spot . For starters , the malicious app requires users to have installed a minimum version of .NET Framework 4.0 or higher , a requirement the real Google Chrome never had . Second , the app also uses the standard Windows 8/8.1/10 Metro style , even when running on a Windows 7 PC . Third , while Betaling tries to trickAttack.Phishingusers into thinking it 's the real Chrome , outside of the lock icon and the address bar , the rest of the Chrome UI is missing , such as the tab bar , the menu , Chrome buttons , and others . Users ca n't resize the window , ca n't minimize it , ca n't make it fullscreen , ca n't drag it , and ca n't enter a new URL . Nevertheless , much less sophisticated malware has been able to infect hundreds or thousands of users in the past , which means Betaling and its UI can be quite effective . Several security researchers who 've taken a look at Betaling were impressed by its carefully crafted design . Non-infosec people thought Betaling was a phishing page loadedAttack.Phishinginside a Chrome browser , and only some time later realized they were n't looking at a Chrome window to begin with . Currently , Betaling 's interface is only available in Dutch , which reveals the malware 's current target . The form displayed inside the fake Chrome window is n't blind to user input like most phishing pages , and some data validation takes place , yielding two sorts of errors . If correct the data is entered , Betaling collectsAttack.Databreachall information and sends it to an AOL email address at whatsapp.hack @ aol.com . This email address was discovered when security researchers analyzed the application 's source code . Accessing its inbox , they 've discovered recent logs , including the test data entered during Bleeping Computer 's tests , meaning the app works just fine . Besides recent logs from Betaling , researchers also found logs from an unidentified keylogger . These logs went back as far as January 2016 and included details from victims from all over the world . `` It 's been long since he got any [ keylogger ] logs , '' said a security researcher that goes by the name of Guido , who also analyzed the malware . Guido , who already reported the malware to authorities , says the initial entries for the keylogger logs contained a series of recurring email addresses . Common sense dictates these are the author 's own emails , which he used for testing , during the keylogger 's development and subsequent rollout . These two emails , patrick * * * @ live.nl and patrick * * * * * * * @ gmail.com , are also linked to accounts on the Spokeo social network . Furthermore , Betaling 's PDB file includes a compilation path of `` C : \Users\Patrick\ '' , and the Betaling EXE file is also self-signed by an invalid certificate authority named `` CN = DESKTOP-PC\Patrick '' . Both mentions of the `` Patrick '' name are consistent with the two email addresses found in the keylogger 's first log entries . It 's now up to authorities to investigate and determine if the owner of the two email addresses is behind Betaling or not . Furthermore , Guido told Bleeping Computer that in August 2016 , `` Patrick '' sent an email from the AOL account to ankit * * * * * * @ speedpost.net asking for help with a `` stealer '' that was having several bugs
A spam campaign targeting German users has increased its chances of successfully tricking users into installing malware , by embedding several pieces of the victim 's personal information into its poisoned email messages . The campaign , which has been active since at least January 2017 , begins when a user receives an email written entirely in German . Its message informs the recipient they 've attempted to pay for something online but that the transaction did not complete successfully The user must re-submit payment , the email demands , otherwise they could be penalized by a collection agency or even law enforcement . Sample of spam message seen targeting German users . Most of us know better than to fall for this type of scam , and the attackers know it . Which is why they 've outfittedAttack.Phishingtheir attack emails with a technique that 's designed to convinceAttack.Phishingthe recipient the notice is legitimate . Andrew Brandt , director of threat research at Symantec , elaborates on this point in a blog post : `` The key detail of each message was the fact that the recipient ’ s full name , mailing address , and telephone number were embedded in the middle of the message . '' Brandt does n't elaborate on how the attackers obtainAttack.Databreachusers ' personal information . Technically , bad actors can use Google and other tools to easily find these details . Seeing your personal information is enough to sway most users , so much so that a recipient would probably open the double-zipped attachment and thereby expose themselves to Nymaim.B . For its command and control ( C & C ) server , this banking trojan uses afegesinge [ dot ] com . At one point in time , 13 other malware executables communicated with it . Back in April 2016 , for instance , BBC News reporter Shari Vahl and ZDNet journalist Zack Whittaker separately spotted malicious emails in their inboxes that said they owed money to a collection agency , and included their real-life address information to make the messages appear more convincing . Unlike the German campaign , however , the UK attackAttack.Phishingsought to trickAttack.Phishingusers into clicking on links that led them to Maktub ransomware . No matter how convincing an email seems to be , it always pays to double check these kinds of claims by calling the company purportedly making the claim to confirm the message ’ s authenticity ( or to prove that it is false ) . '' Aside from confirming with the alleged sender , users should maintain an up-to-date security solution on their computers , implement software updates as soon as they become available , and delete any suspicious emails .
Business Email Compromise (BEC) attacksAttack.Phishingjumped 45 % in the final quarter of 2016 , compared to the previous three months , according to new stats from Proofpoint . The security vendor claimed such attacks have grown both in volume and sophistication . Also known as “ CEO fraud ” and “ whaling ” , these attacksAttack.Phishingtypically involve fraudsters spoofingAttack.Phishingthe email addresses of company CEOs to trickAttack.Phishingstaff members into transferring funds outside the company . However , Proofpoint also includes attempts to target HR teams for confidential tax information and sensitive employee data , as well as engineering departments which may have access to a wealth of lucrative corporate IP . In its analysis of over 5000 global enterprise customers , it claimed that in two-thirds of cases the attacker spoofedAttack.Phishingthe “ from ” email domain to display the same as that of the targeted company . These attacksAttack.Phishingcan thwart some systems , because they don ’ t feature malware as such – just a combination of this domain spoofingAttack.Phishingand social engineering of the victim to force them to pay up . Part of the trick is to harry the target , rushing them so they have less time to think about what they ’ re doing . That ’ s why over 70 % of the most common BECAttack.Phishingsubject line families appraised by Proofpoint featured the words “ Urgent ” , “ Payment ” and “ Request ” . The vendor claimed that firms in the manufacturing , retail and technology sectors are especially at risk , as cyber-criminals repeatedly look to take advantage of more complex supply chains and SaaS infrastructures . Vice-president of products , Robert Holmes , argued that although employee education was important , it needs to be complemented by the right set of tools to weed out fraudulent emails . “ When it comes to BEC attacksAttack.Phishing, employees should never be an organization ’ s first line of defense . It is the organization ’ s responsibility to ensure that security technologies are in place , so that BEC attacks are stopped before they can reach their intended target , ” he told Infosecurity Magazine . BECAttack.Phishinghas become so popular among the black hats that the FBI warned organizations last year the scams had cost billions since 2013 . Trend Micro predicted that 2017 would see more and more cyber-criminals turn to BECAttack.Phishinggiven the potential rich pickings – claiming the average pay-out is $ 140,000 , versus just $ 722 for a typical ransomware attackAttack.Ransom. However , Holmes argued that ransomware and BEC actors are likely “ two distinct types of criminal ” . “ While ransomware attacksAttack.Ransomrequire technical infrastructure to launch campaigns at scale , BEC attacksAttack.Phishingare socially engineered and highly targeted in nature , conducted by a single actor rather than teams , and generally launched from shared email platforms , ” he explained . “ While cyber-criminals will always go where the money is , we do not envision a drastic change in tactics such as traditional purveyors of ransomware transitioning to BECAttack.Phishing. As long as ransomware and trojans continue to pay , cyber-criminals with technical skillsets are unlikely to down tools and pivot towards such a fundamentally different type of attack vector . ”