Group items tagged

"A police investigation has been launched after MPs were apparently targeted in a "spear-phishing" attack, in what security experts believe could be an attempt to compromise parliament. A police force said it had started an inquiry after receiving a complaint from an MP who was sent a number of unsolicited messages last month."

"The alleged cybercriminals are thought to have carefully planned out an elaborate and hyper-targeted phishing scam that went after employees of large companies like MGM and Twilio. In fact, Scattered Spider's breach at MGM, which involved a phone call to the company's help desk, resulted in a temporary shut down of the company's hotel and casino operations, costing the company $100 million. The Scattered Spider plan of attack involved sending text messages to employees at the targeted companies while pretending to be part of their employer's IT department. The texts urged the employees to login to a link provided in the text message, otherwise, the text message claimed, their employee accounts would be deactivated."

"Gmail users are under attack in a gigantic phishing operation that's spreading like wildfire across the internet right now. People took to Twitter to report receiving an email that looks like an invitation to join a Google Doc from someone they know. But when you click on the link to open the file, you are directed to grant access to an app that looks like Google Docs but is actually a program that sends spam emails to everyone you've emailed, according to a detailed outline of the attack on Reddit. "

"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps-four Alexa "skills" and four Google Home "actions"-that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords."

""The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages.""

"Major Wall Street institutions were cracked wide open by a phishing scam from FIN4, a hacker group that, unlike its competition, can write convincingly and employs some basic smarts about why people open attachments."

"After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all the way back to 2008; including SSNs, home addresses and phone numbers, disciplinary files, health information, emergency contact details, health benefits and payroll info, pay information, financial data for direct deposits."

"Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of millions of dollars in damages through dozens of separate spam and phishing campaigns since June 2014. Dyre stole some US$5.5 million from budget carrier Ryanair and fleeced individual businesses of up to $1.5 million each in substantial wire transfers using stolen online banking credentials."

"Indeed, this scam is far subtler. It works like this: fraudsters are able to register domains with characters plucked from various alphabets other than the default Latin script. When displayed, it's all but impossible to tell apart a Greek "O" from a Cyrillic "O" from a Latin "O," for instance."

"West Midlands Trains emailed about 2,500 employees with a message saying its managing director, Julian Edwards, wanted to thank them for their hard work over the past year under Covid-19. The email said they would get a one-off payment as a thank you after "huge strain was placed upon a large number of our workforce". However, those who clicked through on the link to read Edwards' thank you were instead emailed back with a message telling them it was a company-designed "phishing simulation test" and there was to be no bonus. It warned: "This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.""

"Google said in a new blog post that hackers linked to the Chinese government have been impersonating antivirus software McAfee to try to infect victims' machines with malware. And, Google says, the hackers appear to be the same group that unsuccessfully targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year. A similar group of hackers based in Iran had tried to target President Trump's campaign, but also was unsuccessful."

"As explained above, filling in the forms in the fake HTML pages above will send off your password to websites controlled by the criminals. Of course, email passwords are amongst the most valuable credentials for crooks to acquire, simply because many people use their email account for password resets on a multitude of other accounts."

"iTunes phishing scams Compromised phones or computers Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack) Mobile-phone or computer-repair individuals abusing access Password reset questions guess Brute force"

"The files were then downloaded through the Bitglass proxy service, in which a unique watermark was applied to each copy, so that the company could track when the data was viewed and/or downloaded from that point forward. The firm used a basic "phishing" technique to entice criminals on the Dark Web. The data had been viewed over 200 times in just a few days, and in 12 days it had received more than 1,000 clicks, and had spread across the globe in 22 different countries, in five different continents."

""The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address. "My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat." She quickly realised it was a scam and did not click on the link."

""History sniffing" promises a nose full of dust or, you're talking about web browsers, a whiff of the websites you've visited. And that may be enough to compromise your privacy and expose data that allows miscreants to target you more effectively with tailored attacks. For example, a phishing gambit that attempts to simulate your bank login page has a better chance of success if it presents the web page for a bank where you actually have an account."