Phishing news & analysis | SC Media

Phishing

Going stealth: Bad guys embrace the power of branding

By Stu Sjouwerman Since the very dawn of organized phishing attacks, the bad guys have recognized the power of exploiting trusted brands and online services. Our original experience with phishing was defined by spoofed emails purporting to hail from popular banks. Their objective was simple: trick users into coughing up their online banking credentials with…

Scammers exploit interest in NBA finals to spread Facebook spam

Indiana Pacers basketball team falls for phishing attack

The Indiana Pacers franchise, Pacers Sports & Entertainment (PSE), fell victim to a phishing attack which resulted in unauthorized gaining access to emails containing personal information related to a limited number of individuals. The threat actors accessed emails containing  names, addresses, dates of birth, passport numbers, medical and/or health insurance information, driver’s license/state identification numbers,…

Scammers phish promising ‘Avengers: Endgame’ download

Scammers are promising full movie downloads for the Marvel blockbuster “Avengers: Endgame.” The scam is similar to others that promise users free content and begins with eager fans who are promised either a download or a full viewing of the film. Streaming begins without incident but then users are prompted to create an account to…

ghostlyskullmobilemalware_826540

Retefe Revisited: Banking trojan reemerges, adopts new set of tools

Researchers have noticed a recent upswing in attacks against banks featuring the Retefe banking trojan, following what was apparently a fairly quiet 2018 for the malware. The trojan is historically known for targeting the banking industry in countries like Austria, Sweden, Switzerland and the UK. Rather than using malicious web injects to execute man-in-the-browser attacks…

Further details on Wipro phishing attack revealed

The motivation behind phishing attack that struck the Indian IT consultancy firm Wipro in April may surprisingly be gift card fraud, according to a new Flashpoint report. Flashpoint researchers Jason Reaves, Joshua Platt and Allison Nixon said the far-ranging attack that hit dozens of Wipro employees gave the malicious actors access to more than 100…

Unauthorized party muscles its way into Bodybuilding.com’s systems

Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data. According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident in February 2019, roughly seven months after the phishing email was received in July 2018.…

Instagram main

You’re on ‘The Nasty List’ scam looks to steal Instagram credentials

A phishing scam is circulating Instagram claiming that users have made “The Nasty List” with the goal of stealing account credentials. The scam is spread via messages sent through hacked accounts claiming the recipients were spotted on the so called NastyList stating something like “OMG your actually on here, @TheNastyList_34, your number is 15! its…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

Wipro clients hit after firm falls for phishing attack

The Indian information technology consultancy firm Wipro has confirmed to the Economic Times that it is investigating a phishing attack that may have allowed its systems to be used to attack many of its clients. Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow…

Two Romanians convicted for roles in Bayrob malware operation

Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…

Next post in Security News