Category: Phishing

I just received the message below via email. This is nobody I’ve been into contact with before and I did not download the linked file. Services like Wetransfer is getting popular and now unfortunately the hackers has caught on and is using this as a vehicle to get their trojans and viruses installed so be warned.

The message is a valid Wetransfer email, so the hackers has simply used their service and entered in me as a recipient of their no doubt virus file.

2016-01-14_22-55-42

security1FBI consultant and fraud exert Frank Abagnale said that phishing and cybercriminals are abundant in South Africa today, losing the country billions of dollars a year. Michelle Beetar, MD of Experian South Africa, who confirmed that the country lost R1 billion, backed up Abagnale’s statement.

Frank Abagnale’s biography was featured in the film Catch Me If You Can wherein he deceived the American government and stole millions of dollars by impersonating several identities and forging cheques at the age of 19. He was imprisoned and then taken out to help the bureau in catching other fraud criminals. Abagnale said that with the technology today, it is much easier to copy and steal one’s identity.  He encouraged everyone to protect themselves and avoid disclosing personal information online.

Source: Money Web

 

Security provider Symantec disclosed that it detected a phishing attack using Dropbox as front for hackers to access users’ information. It has been noted as one of the massive attacks since millions of people are using Dropbox storage. The emails sent to users are identical to the Dropbox page that it can make anyone fall for it. The link will then lead to a fake Dropbox login page, but hosted by Dropbox itself, according to a security expert.

The fake login enables hackers to get into users’ pertinent information such as personal account information, photos and files stored therein. The phishing email was detected and immediately shut down.

 

Source: PC Worlds

CybersecurityHuge financial company Fidelity National Financial employees have been targeted by a phishing attack recently. Although the company did not disclose the exact number of employees affected, it said that individual’s personal data like Social Security numbers, banks and card account numbers might have been logged and accessed.

The attack has been reported to the Federal law authorities and the company’s security firm has been drafting plans to ensure that it will not happen again.  Fidelity National Financial is the parent company of several firms like Oregon’s Ticor Title Company, Nevada’s Ticor Title, Lawyers Title Company, and Lawyers Title of Oregon, LLC.

Source: SC Magazine

The Psychology of Phishing

Screen-exclamationA new study conducted by a group of students from University at Buffalo aims to explain the psychology of phishing and why do people keep on falling for it.

The study showed that the people who fall for phishing scams are not basically ignorant about technology. The victims are usually those who immediately accept friend requests in Facebook, who click on links right away and sometimes, those who just want to help.

Experts warn online users that most of these scammers are run by huge gangs who are pertinent information such as password, bank details and money. The study also proved that women are more vulnerable to such scams than men.

Source: New States Man

MailDespite corporate warnings and efforts to educate clients, employees and employers about phishing (the act of obtaining business and personal information through internet), banks are still susceptible to this illegal activity. As the matter of fact, malware attacks become more aggressive than before. It was reported in ‘The Invisible Web Unmasked’ that in the period of July to September 2013, over 200,000 cyber attacks occurred. Online community and privacy advocates point out that employers, employees and stakeholders should develop awareness campaigns and strengthen their online protection to combat these illegal activities. It also pays to be vigilant about unfamiliar links that people see online.

Source: Entrepreneur

Fake Google Docs Out

mail2Google Docs users are in danger for phishing frauds due to phishing emails sent using the google.com domain and making use of the site’s SSL encryption. Malicious subject lines include “Documents.” When you log into the fake Google Docs page, your information will b e submitted on a compromised server. Check out the complete version of the story from the source.

Source: Gizmodo

Spear phishing is a form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for example, refer to their targets by their specific name, rank, or position at the organisation instead of using generic titles common in broader (consumer focused) phishing campaigns.

The most commonly used and shared file types accounted for 70 per cent of the total number of spear phishing email attachments during the period of Trend’s study, between February and September this year.

The main file types were: .RTF (38 per cent), .XLS (15 per cent) and .ZIP (13 per cent).

Executable (.EXE) files were not as popular among cybercriminals, most likely because emails with .EXE file attachments are usually detected and blocked by security products at the edge of corporate networks, long before they reach the in-box of prospective marks.

Source: The Register