Email security news & analysis | SC Media

Email Security News and Analysis

Facebook, YouTube used in Brazilian phishing scheme

A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment. Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services…

Authorities arrest 281 alleged BEC scammers in ‘Operation reWired’ campaign

Law enforcement officials at home and abroad have arrested 281 individuals over a span of four months, in a massive crackdown on various business email compromise scams, the Justice Department announced yesterday. Dubbed Operation reWired, the coordinated campaign began in May 2019 and has resulted in 72 arrests in the U.S., and 167 in Nigeria,…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Instagram phishing scam uses fake 2FA code to appear trustworthy

Researchers recently spotted a sneaky phishing scam that uses a phony two-factor authentication request to trick email recipients into entering their Instagram login credentials. “Someone tried to log in to your Instagram account. If this wasn’t you, please use the following code to confirm your identity,” according to the fraudulent email, which provides a six-digit…

Caught in a bad romance: Feds indict 80 alleged members of romance/BEC scam ring

Federal prosecutors today unsealed a 252-count indictment against 80 individuals – mostly Nigerian nationals – who allegedly conspired to bilk at least $46 million from victims via romance scams, business email compromises and other online fraud schemes. The grand jury indictment was filed in the Central District of California back in October 2018 and unsealed…

Virginia State Police recoup $300K stolen in BEC scam

The Virginia State Police were able to recover just over half of the $600,000 that was stolen from Spotsylvania County in a business email compromise scheme. The state police, working with other in and out-of-state law enforcement agencies were able to track down deposits made in multiple banks, Fredricsburgh.com reported. The $347,000 recovered will be…

election hacking

FEC ruling allows political campaign to accept discounted services from security firms

Political campaigns can accept low-cost help from private cybersecurity firms to protect campaigns in the 2020 election cycle, the Federal Election Commission (FEC) ruled Thursday. The commission, which viewed the discounted services as an in kind donation under current rules, had indicated it would reject the initiative but changed course. Because Area 1 Security, the…

emailenvelopeicons_1216035

Exim vulnerability being exploited in the wild

Just one week after a previously patched vulnerability in Exim mail servers was disclosed by Qualys, attackers have begun searching out vulnerable Exim systems prompting the Cybersecurity and Infrastructure Security Agency (CISA) to encourage users to update their systems to the latest version. CISA reported the vulnerability CVE-2019-10149 was detected in exploits in the wild…

emailenvelopeicons_1216035

500,000 email servers running vulnerable Exim software

Qualys researchers went public with a remote command execution vulnerability (CVE-2019-10149) in the Exim mail server versions 4.87 to 4.91 possibly affecting more than half of all email servers now in use. The vulnerability allows a local, or in some cases, a remote attacker to execv as root, with no memory corruption or return-oriented programming…

Next post in Email Security