- Indianapolis-based Monarch Beverage was the victim of a phishing scam in which copies of employees’ W-2 forms were sent to an attacker two years in a row. The company plans on providing three years of credit protection services to those affected.
- A phishing exploit involving viewing other users’ profiles on the popular online gaming platform Steam was discovered. Whispers of the vulnerability first emerged via Reddit, where users claimed that viewing the profiles of other Steam members who were abusing the exploit could result in stolen credentials. Parent company Valve has since fixed the issue.
- The IRS has issued a warning as W-2-related phishing scams begin to ramp up while the U.S. moves towards the height of tax season. As of February 6, the latest round of attacks has already claimed close to 30,000 victims. The IRS added that this year, scammers have begun attempting more sophisticated attacks involving wire transfers, and the agency has instructed organizations to be on high alert.
- Multiple employees of North Carolina’s Davidson County School System fell victim to a phishing scam, which resulted in the breach of Social Security numbers for employees and independent contractors. This scam is reported to have targeted multiple school districts across the country, using the names of school officials in an effort to gain access to sensitive data.
- A newspaper phishing scheme is making the rounds in Australia, Europe, the Middle East, and (most recently) New Zealand. Scammers posing as representatives from V Cases — a mobile phone repair company offering bulk, discounted electronics for purchase — have been posting fake ads in an effort to obtain sensitive financial information. They have even gone so far as to use the company’s ABN (Australian Business Number) to appear legitimate. The proper authorities have been notified, but V Cases may have to change its ABN to thwart future attempts.
- Certain KeyBank customers have found themselves the target of a smishing attack claiming there’s an issue with their account. Recipients of the message are prompted to click on a malicious link or call a number that does not belong to KeyBank. The company was made aware of the scam and responded quickly in an effort to curb any substantial impact to customers.
- A sophisticated Gmail phishing scam which serves up a fake login page to steal users’ credentials has been reported on by several outlets. The email takes advantage of compromised accounts in an attempt to get recipients to click on an attachment, granting the actor full access to the victim’s account. It is rumored the attack can even bypass two-factor authentication. Although there is no way to check if an account has been compromised, Gmail users have been urged to change their passwords and pay close attention to their browser’s location bar.
- British police have issued a warning regarding a phishing scam posing as the charity Migrant Help. The email contains the recipient’s real name and phone number with a fake receipt. The attack utilizes Ramnit malware, a banking Trojan “designed to steal bank customer login credentials for theft and fraud,” which has evolved to become highly dangerous.
- Despite the UK’s HM Revenue and Customs (HMRC) department reporting last December that it had reduced the number of phishing emails its customers receive by 300 million, this threat vector remains a focus for its cybersecurity team. Residents were warned that a number of fraudulent emails are still in circulation, including one that poses as the recipient’s refund payment confirmation number, and the HMRC has urged citizens to be mindful this tax season.
- A vulnerability in multiple web browsers was discovered by Finnish developer Viljami Kuosmanen in which autofill may provide a website with more information than the user has bargained for. Kuosmanen has created a website that illustrates the dangers of enabling this feature. Users of Chrome, Safari, and Opera have been urged to turn it off immediately.
- An Amazon Marketplace scam has been making the rounds, capitalizing on those looking for deals during the post-holiday shopping season. The scammers post “used, like new” electronics that point to a fraudulent payment site. When the customer reaches out after realizing their order wasn’t fulfilled, they are directed to a non-Amazon site to complete their purchase. Amazon has issued a statement and taken some action to remove the listings, but they persistently appear due to their success rate.
Subscribe to the Proofpoint Blog