If it’s making headlines, you can be sure it’ll be used in a phishing scam. What’s the big news this week? Jeffrey Epstein suicide in jail. Queue the phishing emails.

According to KnowBe4, “a series of scams are underway using the Epstein death as social engineering tactic.” Maybe something to the effect of “See Jeffrey Epstein Last Words on Video.” Admittedly it’s hard not to click on that, but don’t.

This week came a report of a phishing scam targeting recipients of SNAP and TANF. If you’re not familiar with those terms, SNAP is food stamps and TANF is welfare. Hackers are now targeting the poorest people in society. And to make matters worse, “It has been reported these scams may include threatening people with an arrest.” Despicable.

 

Apple Phishing Scam Warning

Apple users warned of phishing scam. “Apple users are being warned to avoid a devious phishing scam which claims to be a purchase confirmation email from the Apple App Store. Once the details are entered, the user receives an error message stating ‘This Apple ID has been locked for security reasons. You must unlock your account before signing in.'” Don’t fall for it.

 

Phishing Phrontier

Do you recall the idiom kill two birds with one stone? Hackers sure do, because that’s the approach they’ve taken in their latest phishing scam.

According to an article on SC Magazine website, IBM’s Incident Response and Intelligent Service (IRIS) encountered a malware attack that “combined ransomware’s malicious encryption capabilities with disk wiper functionality, in order to create even more dire consequences for victims who fail to pay the ransom demand. Malware strains exhibiting these dual functionalities include LockerGoga and MegaCortex.”

How bad is it? “Now you have to not only recover the data that you lost, but you have to recover the entire operating system along with that and that’s a larger effort for a company to work with.” What will they think of next? You’re computer disappears.

 

PDF Attacks

From a hacker’s perspective, it’s always good if you can steal something without having to spoof a domain or rely on the user to click on a malicious link. And that’s exactly what the hackers hope to accomplish with the latest “PDF” attack.

The approach is pretty straight forward. Send a spoofed email with a PDF attachment claiming it’s an invoice. Once opened, the JavaScript-enabled document asks the reader for a username and password, which is not an uncommon way to protect a PDF. One the user enters their credentials, they’re immediately sent back to the bad guy’s web server. Instant phish—no clicking required.

 

Body Count

Accountants took one on the chin recently when “A ransomware outbreak hit QuickBooks cloud hosting firm iNSYNQ,” according to KrebsonSecurity. It “appears to have started with an email phishing attack that snared an employee working in sales for the company. It also looks like the intruders spent roughly ten days rooting around iNSYNQ’s internal network to properly stage things before unleashing the ransomware.”

Did iNSYNQ pay the ransom? Nope, and they’re still working to fix the issue.

 

High School in Virginia Hacked

According to Athletic Business, hackers made off with $600,000, from a high school in Virginia, meant to replace the turf on the football stadium.

“The Fredericksburg Free Lance-Star reports that a scammer sent school officials a phony invoice for the installation of the field, part of a $1.2 million overall investment for the project. The school wound up wiring money to the fraudster instead of to the company that had actually performed the installation. Officials reportedly notified authorities immediately after learning they’d been had.”

 

Lancaster University Hacked

According to the website IT Governance, “Students and undergraduate applicants to Lancaster University had their personal details stolen in a pair of breaches. The first incident was a relatively straightforward scam involving a bogus invoice. The second attack targeted the university itself, with criminal hackers accessing the student records system and the details of a ‘very small number’ of current students.”

According to the same article, “employees receive an average of 4.8 phishing emails every week. Almost a third of these make it past default security systems, leaving your organisation in a permanently perilous situation.” Those are some pretty scary statistics.

 

Surprising Stat of the Week

When it comes to phishing, almost nothing surprises us anymore. How many phishing emails are sent each week. How many phishing emails get through email security services. How much cyber-attacks costs companies. We’ve heard it all.

This week though we came across a stat that shocked us. According to Daniela Oliveria from the University of Florida, “45% of users don’t understand what phishing is. After surveying Internet users, we found that 45% of them do not  understand what phishing is or the risk associated with it.” Now you know why phishing is so successful.

And that’s the week that was.

Pin It on Pinterest

Share This