Email security news & analysis | SC Media

Email Security News and Analysis

Researchers detail BEC scams

Texas school district phished for $2.3 million

The Manor Independent School District fell victim to an apparent phishing scam to the tune of $2.3 million. Officials for the Texas school system did not release many details other than to say in a January 10 statement posted on Facebook that the incident was caused by a phishing email and that the local police…

Hospital

Breach of email accounts impacts 50,000 patients of Minnesota hospital

Minnesota-based hospital operator Alomere Health this month began notifying patients of a data breach affecting 49,351 individuals, after a malicious actor gained access to two employee email accounts in late October and early November. The first incident took place between Oct. 31 and Nov. 1, 2019, while the second account hijacking happened days later on…

Attackers improving BEC skills

Business email compromise or impersonation attacks overall rose during the second quarter of 2019 by 25 percent with some types of attacks becoming more common and better executed. During this period FireEye has noted attackers are increasingly impersonating executives and attempting to involve a company’s supply chain vendors as part of the attack to make…

WhatsApp 320px

WhatsApp bug allows access to content, users should update

A “double-free” bug in WhatsApp lets attackers exploit it using a malicious GIF to access user content, according to a blog post by a self-described technologist and information security enthusiast that goes by the handle Awakened on GitHub. An attacker would need to send the GIF via a messaging platform to a victim’s device where…

Researchers detail BEC scams

Scammers using Google Alerts to spread malware, fraud

Cybercriminals have found a way to use Google Alerts to hook victims into scams or push malware. Bleeping Computer CEO Lawrence Abrams found that malicious actors are creating malicious sites into Google so they will be emailed to people who have alerts set for that particular subject matter. The malicious pages are created using popular…

Scammers using Google Alerts to spread malware, fraud

Cybercriminals have found a way to use Google Alerts to hook victims into scams or push malware. Bleeping Computer CEO Lawrence Abrams found that malicious actors are creating malicious sites into Google so they will be emailed to people who have alerts set for that particular subject matter. The malicious pages are created using popular…

Facebook, YouTube used in Brazilian phishing scheme

A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment. Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services…

Authorities arrest 281 alleged BEC scammers in ‘Operation reWired’ campaign

Law enforcement officials at home and abroad have arrested 281 individuals over a span of four months, in a massive crackdown on various business email compromise scams, the Justice Department announced yesterday. Dubbed Operation reWired, the coordinated campaign began in May 2019 and has resulted in 72 arrests in the U.S., and 167 in Nigeria,…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Instagram phishing scam uses fake 2FA code to appear trustworthy

Researchers recently spotted a sneaky phishing scam that uses a phony two-factor authentication request to trick email recipients into entering their Instagram login credentials. “Someone tried to log in to your Instagram account. If this wasn’t you, please use the following code to confirm your identity,” according to the fraudulent email, which provides a six-digit…

Caught in a bad romance: Feds indict 80 alleged members of romance/BEC scam ring

Federal prosecutors today unsealed a 252-count indictment against 80 individuals – mostly Nigerian nationals – who allegedly conspired to bilk at least $46 million from victims via romance scams, business email compromises and other online fraud schemes. The grand jury indictment was filed in the Central District of California back in October 2018 and unsealed…

Next post in Legal