"A police investigation has been launched after MPs were apparently targeted in a "spear-phishing" attack, in what security experts believe could be an attempt to compromise parliament.
A police force said it had started an inquiry after receiving a complaint from an MP who was sent a number of unsolicited messages last month."
"Gmail users are under attack in a gigantic phishing operation that's spreading like wildfire across the internet right now.
People took to Twitter to report receiving an email that looks like an invitation to join a Google Doc from someone they know.
But when you click on the link to open the file, you are directed to grant access to an app that looks like Google Docs but is actually a program that sends spam emails to everyone you've emailed, according to a detailed outline of the attack on Reddit. "
"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps-four Alexa "skills" and four Google Home "actions"-that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords."
""The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages.""
"Major Wall Street institutions were cracked wide open by a phishing scam from FIN4, a hacker group that, unlike its competition, can write convincingly and employs some basic smarts about why people open attachments."
"After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all the way back to 2008; including SSNs, home addresses and phone numbers, disciplinary files, health information, emergency contact details, health benefits and payroll info, pay information, financial data for direct deposits."
"Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of millions of dollars in damages through dozens of separate spam and phishing campaigns since June 2014.
Dyre stole some US$5.5 million from budget carrier Ryanair and fleeced individual businesses of up to $1.5 million each in substantial wire transfers using stolen online banking credentials."
"Indeed, this scam is far subtler. It works like this: fraudsters are able to register domains with characters plucked from various alphabets other than the default Latin script. When displayed, it's all but impossible to tell apart a Greek "O" from a Cyrillic "O" from a Latin "O," for instance."
"West Midlands Trains emailed about 2,500 employees with a message saying its managing director, Julian Edwards, wanted to thank them for their hard work over the past year under Covid-19. The email said they would get a one-off payment as a thank you after "huge strain was placed upon a large number of our workforce".
However, those who clicked through on the link to read Edwards' thank you were instead emailed back with a message telling them it was a company-designed "phishing simulation test" and there was to be no bonus. It warned: "This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.""
"Google said in a new blog post that hackers linked to the Chinese government have been impersonating antivirus software McAfee to try to infect victims' machines with malware. And, Google says, the hackers appear to be the same group that unsuccessfully targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year. A similar group of hackers based in Iran had tried to target President Trump's campaign, but also was unsuccessful."
"As explained above, filling in the forms in the fake HTML pages above will send off your password to websites controlled by the criminals.
Of course, email passwords are amongst the most valuable credentials for crooks to acquire, simply because many people use their email account for password resets on a multitude of other accounts."
"iTunes phishing scams
Compromised phones or computers
Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack)
Mobile-phone or computer-repair individuals abusing access
Password reset questions guess
Brute force"
"The files were then downloaded through the Bitglass proxy service, in which a unique watermark was applied to each copy, so that the company could track when the data was viewed and/or downloaded from that point forward.
The firm used a basic "phishing" technique to entice criminals on the Dark Web. The data had been viewed over 200 times in just a few days, and in 12 days it had received more than 1,000 clicks, and had spread across the globe in 22 different countries, in five different continents."
""The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address.
"My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat."
She quickly realised it was a scam and did not click on the link."
""History sniffing" promises a nose full of dust or, you're talking about web browsers, a whiff of the websites you've visited.
And that may be enough to compromise your privacy and expose data that allows miscreants to target you more effectively with tailored attacks. For example, a phishing gambit that attempts to simulate your bank login page has a better chance of success if it presents the web page for a bank where you actually have an account."
"
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company's chief financial officer in a video conference call, according to Hong Kong police.
The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.
"(In the) multi-person video conference, it turns out that everyone [he saw] was fake," senior superintendent Baron Chan Shun-ching told the city's public broadcaster RTHK.
Chan said the worker had grown suspicious after he received a message that was purportedly from the company's UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.
However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said."