Been called to jury duty lately? Even if you haven’t, you might still get phished. Last week, in Ventura County, CA, a phishing scam was going around telling people that they missed their jury duty appointment.
According to the Citizens Journal, “In the calls and emails, recipients are pressured to provide confidential information, potentially leading to identity theft and fraud. These calls and emails, which threaten recipients with fines and jail time if they do not comply are fraudulent and are not connected with the Camarillo Police Department or the Ventura County Sheriff’s Office.”
Phishing Scam in Pakistan
One of the easiest ways to launch a phishing campaign is to promise the target of the phishing campaign some money. The latest example of this is a scam promising a tax refund to people in Pakistan.
According to an article in the Express Tribune, “Sources said that the scam is being used to steal large amounts of money from the bank accounts of victims that follow the instructions in the emails sent by a gang of hackers.” This is the textbook definition of phishing.
LinkedIn Phony Job Listings
Looking for a job? Congratulations, you just got phished. That’s the word from Scamicide. Not unsurprisingly, social media sites in general, and LinkedIn in particular, are being used to scam users via phishing emails. According to Scamicide, “scams connected to LinkedIn involve phony job listings. Security software company Symantec issued a warning about an increase of LinkedIn job scams.” I’d imagine people looking for jobs are the least able to afford to be scammed.
Phishing Phrontier
You always knew that getting hacked could cost you your money if you do not have a proper email security service. But did you know it could cost you your hearing? Apparently it can.
According to Dark Reading, “Research presented at DEFCON shows that attackers can hijack Wi-Fi and Bluetooth-connected speakers to produce damaging sounds. Matt Wixey, research lead for the PwC UK Cyber Security practice and a doctoral student, found that he could access the speaker and volume controls for a number of different devices and use them to produce sounds at volumes that could distract and annoy humans almost instantly, damage human hearing with a relatively short exposure.”
404 Error Phishing Scam
If there’s a clever technique that helps hackers exploit victims, you can be sure that eventually they will use it. Now comes word of a phishing attack that uses custom 404 pages. 404 pages are the pages you see when you try and go to a webpage that doesn’t it exist. They’re error pages.
Usually, these error pages just have a message saying the page you’re trying to reach doesn’t exist. But there’s no reason it has to have a message. It could have anything, including a login box to a fake website. And that’s exactly what Microsoft researchers discovered was happening in a recent phishing campaign. What’s clever about this technique is that it “allows the phishers to have an infinite amount of phishing landing pages URLs” which make it much harder to spot the phishing email.
Body Count
Hackers were at it again recently hitting the healthcare industry. This time two different healthcare providers were hit on opposite sides of the U.S. The first was Grays Harbor Community Hospital and Harbor Medical Group, in Aberdeen, WA. The group was hit with a ransomware attack that encrypted patient information. The goods, if there is any, is that none of the information appears to have been stolen.
The other victim is NCH Healthcare in Naples, FL. According to an article in SC Magazine, “dozens of hospital employees fell for a phishing scam that gave the malicious actors access to the facility’s payroll system. The Naples News reported 73 were victimized by phishing email.” Do you think it might be time for them to invest in some anti phishing software?
City of Saskatoon Scam
It’s not just organizations in the U.S. that got hit recently. According to CTV News in Canada, the City of Saskatoon lost over $1M in a fraud scheme.
“City manager Jeff Jorgenson told media Thursday afternoon that an apparent fraudster had stolen the identity of the chief financial officer of a construction company whom the city deals with. The unidentified scammer then contacted the city, asking to change the company’s banking information, The $1.04-million payment from the city then went to the fraudster’s account, rather than the company’s.” This is a classic example of business email compromise (BEC).
College/University Phishing Scams
They may produce smart citizens, but colleges don’t seem to be very smart when it comes to phishing protection. Last week two colleges were scammed for over $870,000 according to the OCD Tech website. According to a press release from The United States Department of Justice, an arrest had been made “of a cyber-criminal that had stolen $750,000 from the University of California San Diego (UCSD) through a carefully executed spear-phishing campaign.”
The article goes on to say that “another undisclosed school in Pennsylvania was taken for $123,643.77.” I can imagine why they wish to keep it undisclosed.
And that’s the week that was.