A new phishing attack hops from one Gmail account to the next by searching through compromised users' previous emails for messages with attachments, then replies them from the compromised account, replacing the link to the attachment with a lookalike that sends you to a fake Google login page (they use some trickery to hide the fake in the location bar); the attackers stand by and if you enter your login/pass, they immediately seize control of your account and attack your friends. Read the rest
A fraudster's term of art, "whaling" refers to phishing attempts targeted at "C-level corporate executives, politicians and celebrities" -- it's a play on "phishing" (attacks that trick users into downloading dangerous files or visiting attack sites by impersonating known sources) and "whales" (a term of art from casinos, referring to high-stakes gamblers). Read the rest
In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their own malware, which captured their keystrokes and files and uploaded them to a file-server from which the researchers were able to monitor their activities and methodologies. Read the rest
At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan. Read the rest
Former Syrian National Council vice-president Nour Al-Ameer fled to Turkey after being arrested and tortured by the Assad regime -- that's when someone attempted to phish her and steal her identity with a fake Powerpoint attachment purporting to be about the crimes of the Assad regime. Read the rest
Arriving in my inbox at a steady clip this morning: a series of phishing emails aimed at Bitcoiners, promising that the sender has found a bug in "the Bitcoin client" and promising "Pay 0.07 BTC today, get 10 BTC for 15 hours." Read the rest
Last spring, in the chaos following the firing of Mattel's CEO (who presided over a disastrous slide in Barbie sales), a Mattel finance executive got an email from his new boss, replacement CEO Christopher Sinclair, ordering the transfer of $3 million to a new Chinese supplier. Read the rest
If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. Read the rest
Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest
The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit. Read the rest
Aza Raskin's Tabnapping is a proof-of-concept for a fiendish attack: a tab that waits until you're not watching, then turns itself into a convincing Google login screen that you assume you must have opened. Read the rest
Netcraft reports on a rising tide of automated phishing deployed against online dating sites; crooks steal accounts, strike up romantic relationships with their victims, then run 419-style cons on them. Using dating sites as part of a con isn't new, but using stolen accounts to do it is, especially at scale. The phishing kits are easy to deploy and are used to capture credentials for dating sites including match.com, Christian Mingle, POF (PlentyOfFish), eHarmony, Chemistry.com, SeniorPeopleMeet, Zoosk and Lavalife. Interestingly, the phishing kits found in the wild now disproportionately seek logins for dating sites, as compared to banking sites and other traditional fraud targets.
Criminals launch mass phishing attacks against online dating sites [Paul Mutton/Netcraft]
Bruce Sterling received a phishing email purporting to be a followup to a report of a phishing email. Coming soon: a phishing email purporting to be a phishing email purporting to be a followup to a report of a phishing email.
US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing.
Please check attached report for the details and email source
US-CERT has opened a ticket and assigned incident number PH0000005007349. As your investigation progresses updates may be sent at your discretion to firstname.lastname@example.org and should reference PH0000002359885.