phishing
Latest
Suspect arrested for cyber bank heists that amassed $1.2 billion
Europol announced today that the suspected leader of an international bank heist scheme has been arrested. The arrest was a result of an investigation that involved a number of cooperating law enforcement groups including the Spanish National Police, Europol, the FBI and the Romanian, Belarusian and Taiwanese authorities. The person was arrested in Alicante, Spain.
Florida phishing attack exposes data for 30,000 Medicaid recipients
Large-scale medical hacks are horrible in themselves, but sometimes it's the ease of the hacks that's scary -- and Florida knows this first-hand. The state's Agency for Health Care Administration has warned that a phishing attack compromised data for as many as 30,000 Medicaid recipients. One of its staffers fell for a "malicious phishing email" on November 15th, giving hackers access not only to identifying info like names, addresses and Medicaid ID numbers, but also diagnoses and medical conditions. A would-be fraudster would theoretically have almost everything they could want.
Russian hackers have been targeting journalists since 2014
The hacker group called Fancy Bear (which has been linked to Russian intelligence agency GRU) has been accused of the leaking of the Democratic National Convention emails, the distribution of malware that hijaked Ukranian artillery guns, phishing campaign that used a combination of two zero-day exploits found in Adobe Flash and Windows and an attack not only on German parliament but also the recent German and French elections. So no one should be surprised by the latest report that Fancy Bear has been targeting journalists.
Facebook lists all the security emails it sends to fight phishing
Your Facebook account might not have your credit card or bank details, but it could have everything a crook needs to get them. To protect you from phishing schemes designed to steal Facebook log-ins, the platform is arming you with information that can be easily accessed in the settings page. The social network now lists the latest security emails it sends out. Every time you get message in your inbox asking you to change your password or email -- and it smells fishy for some reason -- you can check the list first and verify that it's really from the company.
North Korea hackers steal bitcoin by targeting currency insiders
Bitcoin values are skyrocketing, and North Korea appears to be trying to profit from that virtual gold rush. Secureworks reports that the Lazarus Group (a team linked to the North Korean government) has been conducting a spearphishing campaign against cryptocurrency industry workers in a bid to steal bitcoin. The attacks have tried to trick workers into compromising their computers by including a seemingly innocuous Word file that claims they need to enable editing to see the document. If they fell prey, it installed a rogue macro that quietly loaded a PC-hijacking trojan while staffers were busy looking at the bogus document.
Google study shows how your account is most likely to be hijacked
Security threats like phishing, keylogging and third-party breaches are pretty common knowledge. Google wanted to gain a better understanding of how hijackers steal passwords and other sensitive data in the wild, though, so it conducted an analysis of online black markets from March 2016 to March 2017. The result? It found that among the three, phishing poses the biggest threat to your online security. Together with credential leaks, the two represent a threat "orders of magnitude larger than keyloggers."
AI’s latest application: wasting email scammers’ time
Schadenfreude is one of life's simplest pleasures -- especially when the victim in question is an email scammer. That's the service Netsafe's Re:scam provides. Simply forward your Nigerian prince emails to the service and it'll use machine learning to generate conversations to waste the nefarious Nancy's time. The idea is that any time jerks spend engaging with the bots is time that can't be used to target hapless victims. People have passed some 6,000 emails Re:scam's way this week alone, and apparently there were 1,000 concurrent conversations at one point. So far the longest email chain has involved 20 exchanges, according to The Guardian.
Russian hackers had hundreds of US targets in addition to the DNC
Various US agencies continue to look into the role Russia played in last year's presidential election, and targets of those investigations include interactions between Trump advisors and Russian officials, ads purchased by Russian agents through social media sites like Facebook and Twitter and whether the Kremlin was involved in the DNC email hacks of last year. In regards to the latter, Russia has been suspected of being behind the hacks for quite some time and just this week, reports have surfaced that the US Department of Justice has pinpointed six Russian officials it believes to have been involved in the hacks. However, a report released today by the Associated Press suggests that the group behind the DNC email breaches actually had a much wider range of targets.
Justice Department takes aim at Hurricane Harvey scammers
This week a number of federal and state law enforcement agencies teamed up to prosecute any scammers taking advantage of the Hurricane Harvey aftermath. Texas-based agencies along with the SEC, FBI, FTC and others have created a working group that will investigate any fraud, theft and price gouging related to the hurricane. "Under the lessons learned from Hurricane Katrina, we bring a comprehensive law enforcement focus to combat any criminal activity arising from the tragedy of Hurricane Harvey and the rebuilding efforts underway," said acting US Attorney Abe Martinez in a statement.
IRS warns that tax-related phishing scams are on the rise
According to the IRS, the amount of phishing scams targeting W-2 forms rose sharply this year compared to last. In 2016, around 50 companies and organizations fell victim to such scams while during this year's tax season, that number increased to around 200. They were aimed at businesses, public schools, universities and nonprofits among others and several hundred thousand employees' data were stolen.
Gmail for iOS will warn you about visiting phishing links
A few months ago, Google introduced an anti-phishing feature for Gmail on Android after a widespread attack affected millions of users. Now, Mountain View is adding the extra security measure to Gmail for iOS. Sometime within the next 15 days, a warning message will pop up when you click on a suspicious link. It will let you know that the URL you want to access leads to an untrusted site, and it will ask if you're absolutely sure you want to continue.
Pros weigh in on phishing the White House
Just before Anthony Scaramucci's 15 minutes -- er, I mean 10 days -- of White House fame were up, a man in the UK (who imaginatively calls himself "Email Prankster") had some choice words with him via email. Nothing weird there you think? Except that he did it while posing as former White House Chief of Staff Reince Priebus. Not that getting "the Mooch's" metaphorical goat was expected to be difficult. Especially after he went ballistic on New Yorker reporter Ryan Lizza for merely mentioning his enemies. No, the remarkable thing was that Scaramucci was one of many the prankster fooled among Trump's totally cyber-savvy and not-chaotic White House cabinet of curiosities.
CNN: Email 'prankster' catfished White House personnel
Ready for another story about political emails? CNN reports tonight that a person described as a "prankster" from the UK emailed several White House officials and successfully fooled them into believing he was a colleague. That included a message claiming to be from senior adviser Jared Kushner to Homeland Security advisor Tom Bossert, which teased out a response from Bossert that included his personal email address. The emailer tweets under the handle SINON_REBORN, where he has posted screenshots of the emails.
Russian hackers target the US nuclear industry
The New York Times and Bloomberg both claim that Russian hackers have been attempting to infiltrate America's nuclear power industry. The infiltrations themselves have been public knowledge since last week, but now fingers are being pointed towards the usual suspects. Unlike Stuxnet, a worm that specifically targeted nuclear facilities, this program was not intended to take down the plants themselves. Instead, malware was used in an attempt to infiltrate the corporate networks of the companies that run the power plants.
Google makes its office apps even more secure
It's been two months since Google Docs was hit by a major phishing scam targeting Gmail users. The company reacted by ramping up protections for those apps. And now, Google is adding security controls to G Suite that let admins block employees from accessing untrustworthy apps.
Google is using games to teach kids about online safety
With the rise of phishing, malware and fake news, it can be hard for adults, let alone children, to identify what's safe and what's not. Parents can teach internet best practices, but companies like Google want to share the load. With its new project, Be Internet Awesome, the search giant has created a new program that helps young people make "smart decisions online." It includes a clever online learning game for kids, a 48-page curriculum for teachers and schools, and a video series for parents to watch alongside their children.
Google beefs up Gmail security to fight phishing attempts
Google has just added a bunch of new security features in order to protect Gmail users from spam and phishing messages. Though they didn't say as much, the bumped-up protection is likely in response to the phishing scam that went around earlier this month. The attack peddled a bogus Google Docs file in attempts to gain access to users' Gmail accounts. Google took measures to boost its security shortly after the incident, but the features announced today go even further.
Phishing campaign alerts DocuSign to customer data breach
A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn't what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company's branding. Being in the business of secure document management, it's not uncommon for DocuSign's name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It'd been hacked.
Google revises app review process following phishing attacks
In the wake of the Google Docs phishing debacle last week, Google has added a few new safeguards to better protect us from these types of attacks. The Gmail app for Android scans for suspect links and Google has tightened up its policies on third party authentication to help keep phishing scams from even getting to you. Today, the company has come out with more guidelines and systems at the developer level that should help prevent even more of these attempts.
Google explains how it's preventing future email phishing scams
That massive Google Docs phishing attack from May 3rd was more than a little disconcerting, but Google is trying to set minds at ease. It just outlined how it responds to this email trickery -- including how it intends to prevent incidents like the one that just wreaked havoc. It's shoring up its defenses by tightening its policies on third party authentication (the Docs attack steered users toward a bogus app using a Google sign-in), refining its spam filtering to target Docs-style campaigns, and more closely monitoring apps that ask for your data.
