We start this week with a repeat offender. From the Daily Mail, news comes that “Scammers have targeted Netflix customers in Australia with an email scam aimed at getting their bank account details. The emails included a link for people to reactive their subscription, which takes them to a Netflix branded phishing page. Once the user logs into their account, they are taken to what appears to be a Netflix account page, with a notification at the top stating their account has been suspended and payment information needs to be updated.”
Chase Bank Phishing
It wouldn’t be a week if some hacker somewhere wasn’t targeting a bank with phishing emails. This week’s target? Chase.
According to Scamacide, “Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Chase logo.”
Venmo Phishing Scam
If old banks can be phishing targets, certainly new banks can be too. The newest form of banking is peer-to-peer payments being headed up by the company Venmo. News comes this week a Venmo phishing scam making the rounds through text messages.
According to the report, “people will receive a text message on their phone saying their account is about to be charged. Victims are advised to log on and decline the charge if they’d like. The included link in the message takes you to a log-on page, which asks for your phone number and password. Once logged in, you are asked to verify your identity with your bank and personal information.”
When it comes to advanced phishing tactics, hackers seem to have developed a pattern. They figure out what technology people are using to authenticate themselves and they go after it. For example, single sign-on (SSO) is a way for users to authenticate themselves once and be able to access several websites.
Now news comes Cyware that attackers are using single sign-on phishing pages to steal users’ credentials. “Malicious pages have been reported to pretend to be the sign-in pages of applications such as Dropbox. When users enter their credentials, the data is harvested instead of logging them into the intended application. Before the popularity of SSO, hackers would create a separate page for each service to steal credentials. But now, they’re able to create a single phishing page.”
In keeping with a theme, hackers are now using OAuth for phishing attacks. OAuth is a way to grant users access without passwords. So, it shouldn’t come as a surprise to you if hackers go after that.
According to Cyberwarzone, “Amnesty International has reported that OAuth Phishing attacks targeted dozens of Egyptian human rights defenders since the beginning of this year. Through the course of our investigation, we discovered that these emails were attempts to access the email accounts of their targets through a particularly insidious form of phishing known as OAuth Phishing. We estimate the total number of targeted individuals to be in the order of several hundreds.”
Another bad week for the healthcare industry. SPAMfighter reports a phishing attack on a New Mexico hospital. “The Artesia General Hospital based in Artesia, New Mexico, has discovered that PHI (Protected Health Information) of 13,905 patients was compromised as a result of a phishing attack. Artesia is one of the cities in Eddy County of New Mexico in the United States. The breach was first detected by the officials when an email account of one of their employees was found to have been used for sending the unauthorized emails.” Doesn’t take much, does it?
Phishing Attack at Magellan Health Subsidiaries
Not to be outdone, news comes this week of 56,225 Presbyterian Health plan members affected by phishing attacks at Magellan Health Subsidiaries. “The Scottsdale, AZ-based managed care company, Magellan Health, has discovered two of its subsidiaries have experienced phishing attacks that exposed the protected health information of members of Albuquerque, NM-based Presbyterian Health Plan.”
How many employee accounts were breached that lead to this phishing attack? Just two. That’s all it takes if you do not have email security service. Two clicks. Fifty thousand compromised accounts. Doesn’t seem fair.
Ramsey County in Minnesota admitted that their 2018 phishing attack didn’t have 599 victims. Instead it had, 117,905 victims. Two hundred times more than originally reported. How many employee accounts were breached that lead to this phishing attack? Two. See a theme here?
And that’s the week that was.