- Private schools in the UK with subpar security infrastructures are being targeted by cybercriminals whose objective is to steal parents’ info and hit them with phishing emails containing fake invoices and other trickery. An SC Magazine article interviewed NuData Security vice president Ryan Wilk on the matter, stating “This kind of thought-out, organized and targeted cyber-crime is the perfect example of how cyber-crime has developed from opportunistic to highly organized in recent years.” The article warns parents to remain “extra vigilant” and be careful before making payments to the schools.
- As the new year approaches, the IRS is gearing up for another season of fraudulent tax returns. Suspicious emails requesting W-2 or other tax-related information should be forwarded to email@example.com. The National Law Review has compiled some tips for avoiding W-2 phishing scams, which are a common type of business email compromise (BEC) attack. Use our infographic to raise awareness among your end users and help protect your organization from BEC.
- While the price of Bitcoin continues to rise, scammers are eyeing Bitcoin wallets more aggressively than they have in years past. Bleeping Computer has profiled a few services and security researchers that track phishing pages, identifying Blockchain and LocalBitcoins as two targets, with many more likely.
- Ukrainian scammers targeting Canadian banks have shifted their focus to SMBs in the country with a clever spear phishing scheme. The attackers pose as the security or customer service department of the victim’s bank in an attempt to take control of an account and transfer money into their control. An article from IT World Canada details the scam, stating, “The email says victims need to re-synchronize their security token devices used for multifactor authentication, warning that their existing device for payment processing can’t be used until it is synched again.” According to IBM researchers on the case, this is a fairly common and successful tactic used in attacks.
- Healthcare IT News reports banking Trojans that have primarily targeted the finance industry are now reaching healthcare by way of attacks that reply to an organization’s stored emails, sending fake emails with malicious attachments. Research from security firm Barkly claims these types of attacks are hard to detect, and suggests trying to block them before they can penetrate an organization.
- A sophisticated phishing and social engineering scheme is targeting organizations’ financial departments in an attempt to steal credentials. Emails that contain “updated invoices” appear to come from someone the recipient knows, but once clicked, a Word attachment downloads malicious software onto the victim’s system. ZDNet’s coverage of the attack details research from Barracuda Networks.
- A new phishing campaign takes a three-pronged approach to stealing banking information. The scam employs Marcher malware, credit card data theft, and credential phishing, and was discovered by Proofpoint researchers in early November. First, a bit.ly link is sent to the potential victim; when clicked, the link resolves to a fake Bank Austria login page. Users are then asked to enter their email address and phone number; then, a message is sent instructing the subject to download the new Bank Austria app. A ZDNet article detailing the scheme states, “The fake app requires extensive permissions including writing and reading external storage, access to precise location, complete control over SMS messages, the ability to read contact data, the ability to read and write system settings, the ability to lock the device and more.” This malicious software allows the theft of credit card information and other credentials. It is believed that close to 20,000 people have already fallen for the attack.
- Phishing scams involving Netflix aren’t anything new, but a recent one making the rounds has reached close to 110 million subscribers with a phony account suspension notification. The email utilizes a personalized subject line and claims that the recipient’s billing info needs to be updated, ultimately requesting credit card and bank info via a fake landing page. It is unknown how many people actually fell for the attack.
- Security researcher Wesley Neelen discovered a phishing attack aimed at users of the less common cryptocurrency known as Ethereum after receiving the phishing email himself. Scammers posing as Myetherwallet, the site used to manage Etherum wallets, sent emails requesting users sign into their accounts and sync their wallets in order to avoid disruption of service or loss of currency. Users who clicked the link were routed to a phishing site that utilized Unicode characters in the domain, which can easily deceive an unobservant eye. More than $15,000 in Ethereum coins was stolen in approximately two hours.
Subscribe to the Proofpoint Blog