Phishing news & analysis | SC Media

Phishing

Open redirect on Dept. of HHS website benefits COVID-19 phishing scam

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…

Canon breach exposes personal data of current, former GE employees, beneficiaries

A February breach at service provider Canon Business Process Services exposed the personal information of current and former GE employees and their beneficiaries. “While I’m usually a bit numb to the latest data breach, the sheer variety of exposed information is unique,” said Roger Grimes, data driven defense evangelist at KnowBe4. “GE and Canon haven’t…

FBI warns of COVID-19 phishing scams promising stimulus checks, vaccines

The FBI’s Internet Crime Complaint Center (IC3) has issued a public service announcement warning citizens to watch out for email-based fraud and malware schemes that take advantage of the coronavirus pandemic. Among the scams to look out for are emails purporting to contain helpful information from the Centers for Disease Control and Prevention (CDC) and…

Don’t get fooled again: Fake coronavirus emails impersonate the WHO to deliver FormBook trojan

Fears over the novel coronavirus have triggered mass quarantines, Purell and Clorox shortages and financial market turmoil. As global concerns continue to mount with the latest headlines – just today, it was reported that the head of the Port Authority of New York and New Jersey was infected – cyber fraudsters and threat actors continue…

Coronavirus sparks phishing, disinformation, tabletop exercises and handwashing

It’s hard to tell who’s benefitting most from the coronavirus – Russia, hackers or hand sanitizer vendors, the latter of whom are at least trying to help stop the spread of the dangerous disease. A State Department official told Congress Thursday that Russian operatives are behind coronavirus conspiracy theories popping up on social media while…

Choppy waters: Data breach impacts Princess and Holland America cruise lines

The personal information of cruise passengers, crew and employees were compromised last year after an unauthorized party gained access to the email accounts of employees working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc. According to a disclosure notification posted on both cruise lines’ websites [1, 2], as…

FBI tallied 467K cybercrime complaints in 2019, totaling $3.5B in losses

The FBI’s Internet Crime Complaint Center (IC3) last year fielded 467,361 complaints related to cybercrime activity that collectively cost victims $3.5 billion in losses, according the agency’s just released 2019 Internet Crime Report. The 2019 complaint count represents a nearly 33 percent increase from the 2018 total of 351,937, and the $3.5 billion figure also…

Phishing emails lure victims with news of coronavirus’ impact on shipping

Looking to capitalize on the current coronavirus scare, malware distributors have launched a new phishing campaign that targets global companies with emails that suggest that virus could disrupt shipping operations. According to a Feb. 10 research blog post authored by Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, the malicious actors have…

TA505 phishing campaign uses HTML redirectors to spread info stealer

The cybercriminal group TA505 has reportedly changed up its tactics again, now engaging in phishing campaigns that leverage attachments with HTML redirectors in order to deliver Excel documents containing malware. Following a short period of inactivity, the group, resumed activities last month with a scheme designed to get victims to install the information-stealing Trojan GraceWire,…

Next post in Phishing