Reports released this past week by U.S. security officials and private cybersecurity researchers suggest hacking of energy facility computers is on the rise , and happens far more often than the public assumes . The Department of Homeland Security said it received reports of 59 cyber incidents at energy facilities last year , up nearly a third from the year before . The agency responsible for protecting the nation from cybercrime said it worked to mitigate 290 incidents last year across more than a dozen industries that rely on computer controls to run industrial sites , including manufacturing sites , power generation facilities , refineries , chemical plants and nuclear facilities . It found more than a quarter of these intrusions originated from so-called spear phishing emails that hackers use to trick Attack.Phishing people into downloading infected attachments or clicking on virus-laden links . More than one in 10 came from network probing and scanning . `` Every year , adversaries develop increasingly sophisticated attacks against control system networks , '' Homeland Security 's Industrial Control Systems Cyber Emergency Response Team said . The increased number of intrusions into energy computer controls last year brings the number of such incidents in the industry to more than 400 since 2011 , Homeland Security data show . Security specialists say that 's likely a conservative number because energy companies are n't required to report cyberattacks to the U.S. government . In another report , cybersecurity researchers believe computer controls at industrial facilities , including in the oil business , get infected by non-targeted malware at least 3,000 times a year . Dragos Security , a cybersecurity firm in San Antonio , arrived at what it believes is a conservative estimate of worldwide industrial cyberattacks after studying 30,000 samples of infected control system files submitted over the past decade and a half to a publicly available database called VirusTotal , a web service owned by Google . The findings show malware that is n't even tailored to industrial controls finds its way into critical technology far more often than the public assumes . Some of the malware can spread through these systems with ease , and some were designed many years ago . `` If you have really bad cyber hygiene and you 're not paying attention to basic things , you 're more likely to get impacted by a virus that was written nine years ago , '' said Ben Miller of Dragos . For example , Miller found thousands of industrial files compromised by Sinowal , a Trojan horse first discovered in 2006 . Even more common , though , were strains of malware that spread from computer to computer , created at least five years ago . It 's not clear how many of these industrial facilities were tied to the energy industry , because the VirusTotal data only provided the country of origin of the independently uploaded files . But it 's yet another grim revelation for oil companies that rely on automated computer controls to run refineries , pipelines and offshore platforms . Miller said these breaches could begin during the equipment upgrades that happen when power plants , refineries and other energy facilities are taken offline for repairs . Crews of engineers , equipment contractors and information technology specialists flowing in and out of the facilities could , for example , fail to follow security protocols and accidentally plug in infected USB drives into facility systems . And they might only discover they 've infected operational computers after they use the same thumb drives in corporate computers outfitted with antivirus alert systems , Miller said .

Real estate transactions are some of the higher value transactions performed by individuals and organizations . They often exceed hundreds of thousands of dollars in value , and for commercial properties , millions of dollars are quite normal . Many buyers and sellers are not familiar with what is normal when it comes to real estate transactions . Over the last few years , we have seen this exploited in a specific form of `` Business E-Mail Compromise Attack.Phishing , '' where an attacker is injecting e-mails into conversations to trick Attack.Phishing the victim to transfer money to the wrong account .

“ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” said Asaf Cidon , vice president , content security services at Barracuda Networks . Attachments , he said , are documents rigged with malware or are designed to download it from a command and control server . Cidon said other aviation-themed phishing attacks Attack.Phishing contain links to spoofed Attack.Phishing airline sites . In these types of attacks , adversaries go to great lengths to spoof Attack.Phishing the airline ’ s site . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon said . Recent phishing campaigns Attack.Phishing , he said , are targeting logistic , shipping and manufacturing industries . Barracuda ’ s warning comes a week after the U.S. Computer Emergency Readiness Team issued an alert of similar attacks targeting airline consumers . It warned email-based phishing campaigns Attack.Phishing were attempting to obtain credentials as well . “ Systems infected through phishing campaigns act as an entry point for attackers to gain access Attack.Databreach to sensitive business or personal information , ” according to the US-CERT warning . Delta said some victims were sent Attack.Phishing emails that claimed to contain invoices or receipts inside attached documents . When asked about the warning , Delta declined to comment . More troubling to Barracuda researchers was the success rate adversaries are having with phishing campaigns Attack.Phishing it is tracking Attack.Phishing . “ Our analysis shows that for the airline phishing attack Attack.Phishing , attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” Cidon wrote in a research note posted Thursday . “ This is one of the highest success rates for phishing attacks Attack.Phishing ” . In June , Microsoft Malware Protection Center reported a resurgence in the use of Office document macro attacks . Researchers say crooks attempting to install malware and perpetrate credential-harvesting attacks Attack.Databreach are more likely to use social engineering to trick Attack.Phishing people into installing malware than to exploit vulnerabilities with tools such as exploit kits .

Financial institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before . The report further cautions that a slight mistake could cause great cash loss to the financial institutions like what happened to a Bangladesh Bank Central Bank . The Sophos report indicates that financial infrastructure is at greater risk of attack . `` The use of targeted phishing Attack.Phishing and 'whaling ' continues to grow . These attacks Attack.Phishing use detailed information about company executives to trick Attack.Phishing employees into paying fraudsters or compromising accounts . `` We also expect more attacks on critical financial infrastructure , such as the attack involving SWIFTconnected institutions which cost the Bangladesh Central Bank $ 81 million in February , '' reveals the report . The caution comes in following a Cybersecurity giant Sophos report published recently shows that the attacks are expected to increase this year . Expounding further , the report indi - cates that the year 2016 saw a huge number and variety of cyber-attacks , ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election , according to a report by a Cybersecurity giant Sophos . The Sophos report shows that they also saw a rising tide of data breaches Attack.Databreach from big organisations and small and significant losses of people 's personal information . `` Since the year 2016 is over , we 're pondering how some of those trends might play out in 2017 , '' it notes . The report indicates that the current and emerging attack trends include the destructive DDoS IOT attack which is expected to rise . `` In 2016 , Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT ( Internet of Things ) devices . Mirai 's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques , '' part of the report indicates . However , the report claims that cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities . `` Expect IoT exploits , better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network , '' it notes . It shows there is a shift from exploitation to targeted social attacks . `` Cybercriminals are getting better at exploiting the ultimate vulnerability - humans . Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves . For example , it 's common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect , '' explains part of the report . It further states that shock , awe or borrowing authority by pretending to be Attack.Phishing law enforcement are common and effective tactics , saying that the email directs them to a malicious link that users are panicked into clicking on , opening them up to attack . `` Such phishing attacks Attack.Phishing can no longer be recognised by obvious mistakes , '' it states . SWIFT recently admitted that there have been other such attacks and it expects to see more , stating in a leaked letter to client banks , stating that the threat is very persistent , adaptive and sophisticated - and it is here to stay . The Sophos report notes that there is increasing exploitation of the Internet 's inherently insecure infrastructure . All Internet users rely on ancient foundational protocols and their ubiquity makes them nearly impossible to revamp or replace

LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trick Attack.Phishing job seekers into sharing their personal details . Scammers have spammed out email messages posing as Attack.Phishing communications from LinkedIn , claiming that a company is “ urgently seeking ” workers matching your qualifications in “ your region ” . It would be nice to think that recipients of the bogus message would spot a number of warning signals as soon as they open the communication in their email inbox . But there ’ s always a chance that someone eager to find new employment might – in their haste – not notice that the messages As HelpNetSecurity describes , if anyone was careless enough to follow Attack.Phishing the email ’ s advice and click on the link contained within the message – they would be taken Attack.Phishing to a third-party website where they are instructed to upload their CVs , making it child ’ s play for scammers to harvest the information . Just think of some of the personal information that you include in your CV or resume . Before you know it , a scammer might have your full name , date of birth , work and home email addresses , work and home telephone numbers , and all manner of other personal information that could be abused by scammers . At the simplest level such data breaches Attack.Databreach could lead to a rise in targeted spam attacks , or scam phone calls . But it could also be a stepping stone to more damaging business email compromise Attack.Phishing ( also often known as “ CEO fraud ” ) which has resulted , in some cases , in companies losing tens of millions of dollars . Anything which gives online criminals inside information about you and your position within a company could give them the head start they need to launch a targeted attack that could lead to a significant data breach Attack.Databreach or a substantial financial loss . In short , being careless with your personal information – such as your CV – might not just put your career in jeopardy , it could also ultimately endanger the company you work for . And that ’ s certainly not going to ever look good on your CV .

Check your security with our instant risk assessment , Security Preview Get insight into the most topical issues around the threat landscape , cloud security , and business transformation . See how Zscaler enables the secure transformation to the cloud . Zscaler is the preferred choice of leading organizations . Watch how Jabil achieved security at scale with Zscaler . Nintendo recently released Super Mario Run for the iOS platform . In no time , the game became a sensational hit on the iTunes store . However , there is not yet an Android version and there has been no official news on such a release . Attackers are taking advantage of the game 's popularity , spreading malware posing as Attack.Phishing an Android version of Super Mario Run . The ThreatLabZ team wrote about a similar scam that occurred during the release of another wildly popular Niantic game , Pokemon GO . Like that scam , the new Android Marcher Trojan is disguised as Attack.Phishing the Super Mario Run app and attempts to trick Attack.Phishing users with fake finance apps and a credit card page in an effort to capture banking details . Once the user 's mobile device has been infected , the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details . Unsuspecting victims will provide the details that will be harvested and sent out to to the malware 's command and control ( C & C ) server . We have seen this malware evolve and take advantage of recent trends in order to target a large number of users . We have covered similar campaigns in the past related to Marcher malware here and here . Technical details In this new strain , the Marcher malware is disguised as Attack.Phishing the Super Mario Run app for Android . Knowing that Android users are eagerly awaiting this game , the malware will attempt Attack.Phishing to present a fake web page promoting its release . In previous variants of Marcher , we observed this malware family targeting well-known Australian , UK , and French banks . The current version is targeting account management apps as well as well-known banks . Like previous Marcher variants , the current version also presents Attack.Phishing fake credit card pages once an infected victim opens the Google Play store .

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into Attack.Databreach email accounts , not only by tricking Attack.Phishing victims into giving up passwords , but by stealing Attack.Databreach access tokens too . It 's sneaky hack that 's particularly worrisome , because it can circumvent Google 's 2-step verification , according to security firm Trend Micro . The group , known as Fancy Bear or Pawn Storm , has been carrying out the attack Attack.Phishing with its favored tactic of sending out Attack.Phishing phishing emails , Trend Micro said in a report Tuesday . The attack Attack.Phishing works by sending out Attack.Phishing a fake email , pretending to be Attack.Phishing from Google , with the title “ Your account is in danger. ” An example of a phishing email that Fancy Bear has used Attack.Phishing . The email claims that Google detected several unexpected sign-in attempts into their account . It then suggests users install a security application called “ Google Defender. ” However , the application is actually a ruse . In reality , the hacking group is trying to dupe Attack.Phishing users into giving up a special access token for their Google account , Trend Micro said . Victims that fall for the scheme will be redirected to an actual Google page , which can authorize the hacking group 's app to view and manage their email . Users that click “ allow ” will be handing over what ’ s known as an OAuth token . Although the OAuth protocol does n't transfer over any password information , it 's designed to grant third-party applications access to internet accounts through the use of special tokens . In the case of Fancy Bear , the hacking group has leveraged the protocol to build Attack.Phishing fake applications that can fool Attack.Phishing victims into handing over account access , Trend Micro said . “ After abusing the screening process for OAuth approvals , ( the group ’ s ) rogue application operates Attack.Phishing like every other app accepted by the service provider , ” the security firm said . Even Google 's 2-step verification , which is designed to prevent unwarranted account access , ca n't stop the hack , according to Trend Micro . Google 's 2-step verification works by requiring not only a password , but also a special code sent to a user 's smartphone when logging in . Security experts say it 's an effective way to protect your account . However , the phishing scheme Attack.Phishing from Fancy Bear manages to sidestep this security measure , by tricking Attack.Phishing users into granting access through the fake Google security app . Google , however , said it takes many steps to protect users from such phishing attacks Attack.Phishing . `` In addition , Google detects and reviews potential OAuth abuse and takes down thousands of apps for violating our User Data Policy , such as impersonating Attack.Phishing a Google app , '' the company said in a statement . `` Note that a real Google app should be directly accessed from a Google site or installed from the Google Play or Apple App stores , '' it added . According to Trend Micro , victims were targeted with this phishing attack Attack.Phishing in 2015 , and 2016 . In addition to Google Defender , Fancy Bear has used other apps under names such as Google Email Protection and Google Scanner . They ’ ve also gone after Yahoo users with apps called Delivery Service and McAfee Email protection . The attack Attack.Phishing attempts to trick Attack.Phishing users into handing over access to their email through fake Google third-party applications . “ Internet users are urged to never accept OAuth token requests from an unknown party or a service they did not ask for , ” Trend Micro said . Although a password reset can sometimes revoke an OAuth token , it 's best to check what third-party applications are connected to your email account . This can be done by looking at an email account 's security settings , and revoking access where necessary . Fancy Bear is most notorious for its suspected role in hacking the Democratic National Committee last year . However , the group has also been found targeting everything from government ministries , media organizations , along with universities and think tanks , according to Trend Micro .

French presidential candidate Emmanuel Macron 's campaign team confirmed on Wednesday that his party had been the target of a series of attempts to steal Attack.Databreach email credentials since January but that they had failed to compromise Attack.Databreach any campaign data . Macron 's party , known as `` En Marche ! '' or `` Onwards '' , said it had been hit Attack.Phishing by at least five advanced "phishing" attacks Attack.Phishing that involved trying to trick Attack.Phishing a broad number of campaign staff members to click on professionally-looking fake web pages . The latest attacks were confirmed by security firm Trend Micro , whose researchers found links to a cyber espionage group it has dubbed Pawn Storm , the Macron team noted . Other experts link the group , also known as `` Fancy Bear '' or `` APT 28 '' , to Russian military intelligence agency GRU . Russia has denied involvement in attacks on Macron 's campaign . Macron , an independent centrist who has been critical of Russian foreign policy , faces far-right leader Marine Le Pen in France 's presidential runoff on May 7 . Le Pen has taken loans from Russian banks and has called for closer ties with Moscow . `` Emmanuel Macron is the only candidate in the French presidential campaign to be targeted ( in phishing attacks Attack.Phishing ) , '' his party said in a statement , adding this was `` no coincidence '' . In mid-February , an En Marche ! official told a news conference the party was enduring `` hundreds if not thousands '' of attacks on its networks , databases and sites from locations inside Russia and asked the French government for assistance . The Macron campaign said on Wednesday it had carried out counter-offensive actions against the fake web sites , which were designed to trick Attack.Phishing campaign workers into divulging their user credentials . As a further precaution , it also said En Marche ! does not use email to share confidential information .

French presidential candidate Emmanuel Macron 's campaign team confirmed on Wednesday that his party had been the target of a series of attempts to steal Attack.Databreach email credentials since January but that they had failed to compromise Attack.Databreach any campaign data . Macron 's party , known as `` En Marche ! '' or `` Onwards '' , said it had been hit Attack.Phishing by at least five advanced "phishing" attacks Attack.Phishing that involved trying to trick Attack.Phishing a broad number of campaign staff members to click on professionally-looking fake web pages . The latest attacks were confirmed by security firm Trend Micro , whose researchers found links to a cyber espionage group it has dubbed Pawn Storm , the Macron team noted . Other experts link the group , also known as `` Fancy Bear '' or `` APT 28 '' , to Russian military intelligence agency GRU . Russia has denied involvement in attacks on Macron 's campaign . Macron , an independent centrist who has been critical of Russian foreign policy , faces far-right leader Marine Le Pen in France 's presidential runoff on May 7 . Le Pen has taken loans from Russian banks and has called for closer ties with Moscow . `` Emmanuel Macron is the only candidate in the French presidential campaign to be targeted ( in phishing attacks Attack.Phishing ) , '' his party said in a statement , adding this was `` no coincidence '' . In mid-February , an En Marche ! official told a news conference the party was enduring `` hundreds if not thousands '' of attacks on its networks , databases and sites from locations inside Russia and asked the French government for assistance . The Macron campaign said on Wednesday it had carried out counter-offensive actions against the fake web sites , which were designed to trick Attack.Phishing campaign workers into divulging their user credentials . As a further precaution , it also said En Marche ! does not use email to share confidential information .

Researchers have discovered over 300 cybersquatting domains masquerading as Attack.Phishing real UK banking sites , many of which are designed to trick Attack.Phishing customers into handing over personal details . DomainTools used its PhishEye tool to search for domains registered by individuals to mimic Attack.Phishing those of Barclays , HSBC , Natwest , Lloyd ’ s and Standard Chartered . It found a whopping 324 registered domains abusing the trademarks of these lenders , including lloydstbs [ . ] com , standardchartered-bank [ . ] com and barclaysbank-plc [ . ] co.uk . “ Imitation has long been thought to be the sincerest form of flattery , but not when it comes to domains , ” explained DomainTools senior security researcher , Kyle Wilhoit . “ While domain squatters of the past were mostly trying to profit from the domain itself , these days they ’ re often sophisticated cyber-criminals using the spoofed domain names for more malicious endeavors. ” Cybersquatting can be used for a variety of ends , including redirecting the user to pay-per-click ads for the victim company ’ s competitors ; for-profit survey sites , or ransomware and other forms of drive-by malware . However , one of the most common is to create Attack.Phishing a phishing page similar to the spoofed bank ’ s original , which will ask for log-ins or other banking and personal information . This years ’ Verizon Data Breach Investigations Report ( DBIR ) claimed phishing Attack.Phishing has soared in popularity , present in a fifth ( 21 % ) of attacks , up from just 8 % last year . “ Many [ cybersquatters ] will simply add a letter to a brand name , such as Domaintoools.com , while others will add letters or an entire word such as ‘ login ’ to either side of a brand name . Users should remember to carefully inspect every domain they are clicking on or entering in their browser . Also , ensure you are watching redirects when you are going from site to site , ” advised Wilhoit . “ Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants . It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain , this is a relatively cheap insurance policy . ”

Google Docs was pulled into a sneaky email phishing attack Attack.Phishing on Tuesday that was designed to trick Attack.Phishing users into giving up access to their Gmail accounts . The phishing emails , which circulated Attack.Phishing for about three hours before Google stopped them , invited Attack.Phishing the recipient to open what appeared to be Attack.Phishing a Google Doc . The teaser was a blue box that said , “ Open in Docs. ” In reality , the link led to a dummy app that asked users for permission to access their Gmail account . An example of the phishing email that circulated Attack.Phishing on Tuesday . Users might easily have been fooled Attack.Phishing , because the dummy app was actually named “ Google Docs. ” It also asked for access to Gmail through Google ’ s actual login service . The hackers were able to pull off the attack by abusing the OAuth protocol , a way for internet accounts at Google , Twitter , Facebook and other services to connect with third-party apps . The OAuth protocol doesn ’ t transfer any password information , but instead uses special access tokens that can open account access . However , OAuth can be dangerous in the wrong hands . The hackers behind Tuesday’s attack Attack.Phishing appear to have built Attack.Phishing an actual third-party app that leveraged Google processes to gain account access . The dummy app will try to ask for account permission . Last month , Trend Micro said a Russian hacking group known as Fancy Bear was using a similar email attack method that abused the OAuth protocol to phish Attack.Phishing victims . However , security experts said Tuesday's phishing attack Attack.Phishing probably was n't from Fancy Bear , a shadowy group that many experts suspect works for the Russian government . `` I do n't believe they are behind this ... because this is way too widespread , '' Jaime Blasco , chief scientist at security provider AlienVault , said in an email . On Tuesday , many users on Twitter , including journalists , posted screen shots of the phishing emails , prompting speculation that the hackers were harvesting Attack.Databreach victims ' contact lists to target more users . The attack Attack.Phishing was also sent Attack.Phishing through an email address at `` hhhhhhhhhhhhhhhh @ mailinator.com . '' Mailinator , a provider of a free email service , denied any involvement . Fortunately , Google moved quickly to stop the phishing attacks Attack.Phishing , after a user on Reddit posted about them . “ We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again , ” Google said in a statement . Security experts and Google recommend affected users check what third-party apps have permission to access their account and revoke any suspicious access . Users can do so by visiting this address , or performing a Google security check-up . Tuesday's phishing scheme Attack.Phishing will probably push Google to adopt an even stricter stance on apps that use OAuth , said Robert Graham , CEO of research company Errata Security . However , the internet giant has to strike a balance between ensuring security and fostering a flourishing app ecosystem . `` The more vetting you do , the more you stop innovation , '' Graham said . `` It 's a trade-off . ''

Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonating Attack.Phishing Google Docs . The emails , at the outset , targeted journalists primarily and attempted to trick Attack.Phishing victims into granting the malicious application permission to access the user ’ s Google account . It ’ s unknown how many accounts were compromised Attack.Databreach , or whether other applications are also involved . Google advises caution in clicking on links in emails sharing Google Docs . The messages purport to be from Attack.Phishing a contact , including contacts known to the victim , wanting to share a Google Doc file . Once the “ Open in Docs ” button is clicked , the victim is redirected to Google ’ s OAUTH2 service and the user is prompted to allow the attacker ’ s malicious application , called “ Google Docs , ” below , to access their Google account and related services , including contacts , Gmail , Docs and more . “ We have taken action to protect users against an email impersonating Attack.Phishing Google Docs , and have disabled offending accounts , ” a Google spokesperson told Threatpost . “ We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail. ” OAUTH is an authentication standard that allows a user to authorize third party applications access to an account . The attempt to steal OAUTH tokens is a departure from traditional phishing attacks Attack.Phishing that target passwords primarily . Once the attacker has access Attack.Databreach to the victim ’ s account , the phishing message is sent Attack.Phishing along to the compromised contact list . While this attack is likely the work of a spammer , nation-state attackers including APT28 , aka Fancy Bear or Sofacy , have made use of this tactic . APT28 has been linked to last summer’s attacks Attack.Phishing attempting to influence the U.S. presidential elections . The group has long been targeting political entities , including NATO , and uses phishing emails , backdoors and data-stealing malware to conduct espionage campaigns against its targets . “ I don ’ t believe they are behind this though because this is way too widespread , ” said Jaime Blasco , chief scientist at AlienVault . “ Many people and organizations have received similar attempts , so this is probably something massive and less targeted . ”

When it comes to phishing scams Attack.Phishing , the general concept is that cyber criminals will only send Attack.Phishing a link to trick Attack.Phishing users into logging in with their social media or email credentials . But since that is an old school trick , the malicious threat actors are aiming at much more than your Facebook or Gmail password . Recently , we discovered a sophisticated phishing campaign Attack.Phishing targeting Apple users . The aim of this attack Attack.Databreach is to steal Attack.Databreach their Apple ID , credit card data , a government issued ID card , and or passport . That ’ s not all , the scam also asks users to provide it with access to their device webcam to take their snap for verification purposes . It all starts with users receiving Attack.Phishing an email in which the sender poses as Attack.Phishing one of the officials from Apple Inc . The email alerts the user that their iCloud account is on hold because of an unusual sign in activity through an unknown browser and in case they didn ’ t log in from the device mentioned in the email they need to click on a link to change the password . Those who understand how phishing scams Attack.Phishing work will know how to ignore it , but unsuspecting users may fall for it and be tricked Attack.Phishing into clicking the link and giving away their personal and financial information . Upon clicking the link users are taken Attack.Phishing to the phishing page which looks exactly like Attack.Phishing the official Apple ID login page . The users then are then asked to enter their Apple ID and its password to proceed . Once the users are logged in , they are taken to another page which asks users for their credit card details including cardholder name , card number , expiration date , CVV code and ED secure password . Upon giving this info , the users are asked to click the next tab . Remember by now the scammers have got your Apple ID login credentials and credit card information . Because criminals will remain criminals , the more you feed them the more they will ask for . Once the “ next ” tab is clicked , users are invited to enter their personal information including full name , date of birth , country , state , city , address , Zip code and phone number . This is done to use user information for further scams like identity theft and social engineering frauds . Once your personal information is handed over to the criminals , the page asks users to click the “ finish ” tab , but they aren ’ t done yet . Upon clicking the Finish tab users are taken to another page asking them to upload their password , a government issued identity card or the driver license – both sides . The users can click skip to avoid uploading their government issued documents but then they need to allow the website to access their device ’ s camera and microphone to take a snap of them . The users can also click the “ Skip ” tab , and the page will redirect them to the official Apple ID website . Good news is that Google Chrome has already detected the scam and marked the phishing domain as “ Deceptive. ” However , the bad news is that Firefox , Opera , and Safari browsers didn ’ t show any warning messages to their users therefore if you are using these browsers be vigilant .

A Twitter user by the name @ EugenePupov is trying to take credit for the massive phishing attack Attack.Phishing that hit Attack.Phishing Gmail users last night , and which attempted to trick Attack.Phishing users into granting permission for a fake Google Docs app to access their Gmail inbox details . While Google intervened and stopped the self-spreading attack about an hour after it started — which is a pretty good response time — questions still linger about who was behind it . If there 's one thing we know for sure , is that the fake Google Docs app was registered using the email eugene.pupov @ gmail.com . The owner of the aforementioned @ EugenePupov Twitter account , who took credit for the attacks , claimed in a series of tweets [ assembled below ] it was only a test . While some might think this is an open & close case , it is not quite so . For starters , the Twitter account was registered yesterday , on the same day of the attack , which is n't necessarily suspicious , but it 's odd . Second , if you would try to reset that Twitter account 's password , you 'll see that the Twitter account is n't registered with the same address used in the phishing attacks Attack.Phishing . Registering a Twitter account with the eugene.pupov @ gmail.com email would n't haven been possible either way , as this Gmail address is n't registered at all . Furthermore , a Coventry University spokesperson told Bleeping Computer today that no person with the name Eugene Pupov is currently enrolled at their institution . Later they confirmed it on Twitter . If things were n't shady enough , the Twitter account used a profile image portraying a molecular biologist named Danil Vladimirovich Pupov , from the Institute of Molecular Genetics , at the Russian Academy of Sciences . When other users called out [ 1 , 2 ] the Twitter account for using another person 's image , the man behind the @ EugenePupov account simply changed it to a blank white image . To clarify what exactly is going on with the Twitter account images , we 've reached out to the real Danil Pupov hoping for some answers , as we were n't able to find any good reasons for why a molecular biologist would fiddle around with Gmail spam campaings and fake Google Docs apps . As things are looking right now , it appears that someone is either in the mood for a prank , or the real person behind the attack is trying to plant a false flag and divert the attention of cyber-security firms investigating the incident [ 1 , 2 ] . As for Google , after a more thorough investigation , the company says that only 0.1 % of all Gmail users received Attack.Phishing the phishing email that contained the link to Pupov 's fake Google Docs app that requested permission to access users ' inboxes . That 's around one million users of Gmail 's one billion plus userbase .

Google has stopped Wednesday ’ s clever email phishing scheme Attack.Phishing , but the attack may very well make a comeback . One security researcher has already managed to replicate it , even as Google is trying to protect users from such attacks . “ It looks exactly like Attack.Phishing the original spoof Attack.Phishing , ” said Matt Austin , director of security research at Contrast Security . The phishing scheme Attack.Phishing -- which may have circulated Attack.Phishing to 1 million Gmail users -- is particularly effective because it fooled Attack.Phishing users with a dummy app that looked like Attack.Phishing Google Docs . Recipients who received Attack.Phishing the email were invited to click a blue box that said “ Open in Docs. ” Those who did were brought to an actual Google account page that asks them to handover Gmail access to the dummy app . While fooling Attack.Phishing users with spoofed emails is nothing new , Wednesday ’ s attack involved an actual third-party app made with real Google processes . The company ’ s developer platform can enable anyone to create web-based apps . In this case , the culprit chose to name the app “ Google Docs ” in an effort to trick Attack.Phishing users . The search company has shut down the attack by removing the app . It ’ s also barred other developers from using “ Google ” in naming their third-party apps . More traditional phishing email schemes Attack.Phishing can strike by tricking Attack.Phishing users into giving up their login credentials . However , Wednesday ’ s attack takes a different approach and abuses what ’ s known as the OAuth protocol , a convenient way for internet accounts to link with third-party applications . Through OAuth , users don ’ t have to hand over any password information . They instead grant permission so that one third-party app can connect to their internet account , at say , Google , Facebook or Twitter . But like any technology , OAuth can be exploited . Back in 2011 , one developer even warned that the protocol could be used in a phishing attack Attack.Phishing with apps that impersonate Attack.Phishing Google services . Nevertheless , OAuth has become a popular standard used across IT . CloudLock has found that over 276,000 apps use the protocol through services like Google , Facebook and Microsoft Office 365 . For instance , the dummy Google Docs app was registered to a developer at eugene.pupov @ gmail.com -- a red flag that the product wasn ’ t real . However , the dummy app still managed to fool Attack.Phishing users because Google ’ s own account permission page never plainly listed the developer ’ s information , unless the user clicks the page to find out , Parecki said . “ I was surprised Google didn ’ t show much identifying information with these apps , ” he said . “ It ’ s a great example of what can go wrong. ” Rather than hide those details , all of it should be shown to users , Parecki said . Austin agreed , and said apps that ask for permission to Gmail should include a more blatant warning over what the user is handing over . “ I ’ m not on the OAuth hate bandwagon yet . I do see it as valuable , ” Austin said . “ But there are some risks with it. ” Fortunately , Google was able to quickly foil Wednesday ’ s attack , and is introducing “ anti-abuse systems ” to prevent it from happening again . Users who might have been affected can do a Google security checkup to review what apps are connected to their accounts . The company ’ s Gmail Android app is also introducing a new security feature to warn users about possible phishing attempts Attack.Phishing . It 's tempting Attack.Phishing to install apps and assume they 're safe . But users and businesses need to be careful when linking accounts to third-party apps , which might be asking for more access than they need , Cloudlock 's Kaya said . `` Hackers have a headstart exploiting this attack , '' she said . `` All companies need to be thinking about this . ''

Yesterday we wrote about a “ Google Docs ” phishing campaign Attack.Phishing that aimed to trick Attack.Phishing you into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam out Attack.Phishing another wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to send Attack.Phishing out another wave of emails , and another , and so on . Technically , that made it more than just a “ phish Attack.Phishing ” , which we ’ ll define very loosely here as an email that aims to trick Attack.Phishing , coerce or cajole Attack.Phishing you into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phish Attack.Phishing is an email that tells you that you have lost money to fraud Attack.Phishing , or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishing Attack.Phishing is generally understood much more broadly , describing any sort of misdirection Attack.Phishing that gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phish Attack.Phishing for access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .