- Oklahoma election officials have warned voters to watch out for phishing emails designed to look like they’re coming from the state or county election boards claiming their voter information has changed or need to be verified.
- Customers of National Australia Bank who access their accounts online found themselves the targets of a sophisticated phishing scheme in which they were sent fraudulent emails posing as the bank asking for additional verification in order to avoid their online accounts being suspended.
- Researchers at Proofpoint have identified a new angler phishing scam where attackers monitor the activity of PayPal’s actual Twitter feed and respond via fake PayPal tech support Twitter accounts that are tricking users into clicking on a malicious link embedded in the tweet. PayPal is working with Twitter to have the issue resolved.
- GoDaddy customers were the target of a phishing scam that falsely notified recipients that their email storage had reached capacity. A prompt to upgrade the user’s storage within 24 hours led to an unsecure http page, where their login credentials were stolen.
- A Netflix email scam that utilizes a fake iTunes bill fooled users into giving their credit card details to scammers, attempting to convince the email’s recipients that someone impersonating them gained access to their Apple account to subscribe to Netflix.
- United Services Automobile Association members have been hit with multiple phishing attacks asking recipients to click on links requesting PII to update their account info or notify them of a canceled transaction.
- More than 130 organizations were identified as victims of Operation Ghoul, a series of spear phishing attacks that targeted industrial, manufacturing, and engineering organizations in more than 30 countries.
- Two Utah counties were the victim of spear phishing attacks netting close to $100K, which prompted statewide warnings to public agencies.
- The record-breaking success of Ninantic’s Pokemon GO sparked a very clever phishing scam in which users received an email pretending to be from the game’s developer. The message demanded that players pay $12.99 for the full version in order to compensate for the “overwhelming response” and “the need for more powerful servers,” claiming the user’s account would be frozen within 24 hours if they did not take action.
- A phishing scam posing as a copyright notice for viewers who have pirated Game of Thrones episodes was targeting fans of the popular HBO series.
- Kaspersky Lab security experts uncovered a global Facebook phishing scam that had initially claimed a new victim every 20 seconds. According to Kaspersky, the attack gave hackers the ability to change privacy settings, steal data, and spread the infection through the victim’s Facebook friends.
- A sophisticated phishing scam mimicking Australian telco Telstra has been collecting customer account login and banking details. Recipients were told their bills had been paid twice by mistake via a fake message signed by Telstra executive Gerd Shenkel, and they were prompted to log in to get their money back, leading to an almost identical ‘My Account’ page.
- Emails delivering malware were discovered in the wake of the Brexit vote, capitalizing on recipients’ fears by promising to protect bank accounts and creating a sense of urgency.
Subscribe to the Proofpoint Blog