LinkedIn Now Considered as Front Door For Phishing Attacks

A recent web seminar by Computing revealed that LinkedIn now is being considered a front door access for potential phishing attacks in order to encourage careless users to open malicious emails and their links. Now LinkedIn isn’t in itself the issue here, it is more the way people act that is and in combination with already available information.

We mostly see DDoS and similar attacks make the headlines, but phishing is now considered to be the top threat to businesses and it is constantly increasing in severity. The attacks use novel methods to make potential victims feel comfortable before they send their malicious payload. LinkedIn is now being used in a big fashion as that entry point. This is where hackers make the first contact with potential victims. After an initial trust has been built, it is far more likely for a victim to click a malicious link without double checking what it will do. Another reason that phishing has grown as a method of attack is that it doesn’t take any skill at all to do so. Anyone with bad intentions can do it.

One of the examples given at the seminar was from the law firm BLM that continuously is a target of phishing attempts. For example, they have had both email and phone calls attempting to extort money by someone purporting to be the CFO, and they very often originate from LinkedIn contacts.

Not all phishing attacks are as sophisticated, but they’re still very effective because people have developed a click mentality for their inbox. An example for this was given too. In one day they received 2500 copies on the same email in 10 minutes that seemed to come from the department of motor vehicles, and people just clicked the included link, no questions asked. Even though the email had a specific registration number listed, people still clicked it despite not being one they own. One person even clicked it not owning a car at all. Luckily BLM runs everything in a sandbox and these things are caught, but there are still a lot of companies that don’t take this threat seriously.

In most instances phishing can be combated with common sense, but in a world as busy as ours, common sense is often turned off in exchange for productivity.

Personally, I’ve seen a big rise in SMS fishing lately and I regularly get suspicious messages from numbers and names that appear to be genuine – but on close inspection they never are.

Image courtesy of Hotspot Shield

Seagate Sends Employees’ Payroll Information After Phishing Scam

Seagate is known for many things, but most of all they are known for their hard drives. I would recommend you look elsewhere if you are looking for something a little more secure I would say avoid them for now as it’s been revealed that employees’ payroll information was sent out after a phishing scam.

Phishing is the act of pretending to be someone else, asking for details (normally bank details or contact information) in order to gain access to information you normally couldn’t. From Nigerian Princes to Sergeant in the Army, they use anyone to obtain information. This time, the email claimed to be from Seagate’s CEO Stephen Luczo requesting data about current and former Seagate employees.

Believing the email to be genuine, the employee responded with the W-2 (Wage and Tax statement) documents. With the scope currently set at “several thousand” employees, the company has been working with federal law enforcement agencies since the incident on the 1st March. To help support their employees, two years of credit protection has been provided on the off chance that their data is used.

With most details of this nature being used in returning fraudulent tax returns with the IRS (something which is made all that much easier by being hacked recently), it could cost the government thousands if they don’t catch the culprits involved.

eBay Vulnerability Exposes Users to Data Theft and Phishing Attacks

The eBay site is used by millions of people and as a result, has a level of trust with its users buying and selling countless items each day. Imagine then, how lucrative a target this massive user base could be for an attacker. Check Point’s security researchers have found just such a vulnerability in eBay that allows malicious users to bypass the code validation that is in-place and remotely control the vulnerable code to execute malicious Javascript code on the browsers of targetted users.

Check Point warn that leaving the flaw unpatched will expose the online marketplace’s huge userbase to the risk of data theft and phishing attacks while eBay believes that the actual risk of a malicious attack is very low. eBay was made aware of the vulnerability on December 15th, but they are yet to issue a complete patch for the weakness, instead claiming to have implemented additional security filters based on the report to reduce the risk.

eBay told Security Week “eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.”

One of the ways that an attacker could target eBay users is by first sending them to a legitimate page which contains the malicious code. By setting up an eBay store and adding malicious code to the description section of items, users can be tricked by attackers into visiting pages containing harmful code. This code could do a number of things once opened, from phishing for data or even downloading binaries to the computer or device. eBay report that as few as two in a million items listed on their site use active content, making the chance of being targeted by malicious content is low. Despite this, Check Point stated that they have demonstrated a proof-of-concept for the attack to the eBay security team, with them able to bypass restrictions and deploy malicious code to their seller page without any difficulty.

The finding was made public by Check Point public on Tuesday, hoping that it may push the e-commerce site to patch the vulnerability quickly. This is a good example of how even the sites that seem the most trustworthy can hide potential danger. Until a patch is released, taking care when using eBay may just be the best bet.

Gmail to Warn Users About Unencrypted Emails

In recent years, Google has been working hard to improve privacy and security on their services, with the majority of emails sent and received on Gmail now being encrypted. However, to Google, this is not enough, and there are still large volumes of emails that are sent unencrypted. To keep their users safer and more aware of their privacy, Google plans to implement warnings for its users about any unencrypted mail they receive.

For a long time, emails were generally sent unencrypted, which left them open to interception and snooping of their contents. In the world we now live in, where safety and security online are almost constantly under threat, this is no longer acceptable. And while email providers can do little to ensure the safety and trustworthiness of emails they receive, is would be unreasonable to discard unencrypted emails that were received as until encryption is a required standard, it could cause users to lose important mail. And while unencrypted mail itself cannot harm a user or their privacy, the rise of techniques such as setting up malicious DNS servers to snoop on and redirect email to the attackers.

Google’s step to ensure users are aware of any emails they receive are unencrypted is a step in the right direction. It allows users to take care around unencrypted mail, as they have no assurance that its contents are private or unaltered. I will certainly sleep easier being aware of my email security and knowing which could be at risk.

Google’s study on trends in email security can be found here.

Minecraft Players Hit by Phishing Scam

Over one thousand Minecraft players have been hit by a phishing scam, Mojang has revealed. Mojang reset 1,800 user passwords after log-in details were posted online. All affected users have been notified by e-mail.

Owen Hill of Mojang posted on the company’s official blog that users had been fooled into entering their log-in details on web pages posing as genuine Mojang sites.

A spokesperson for Microsoft, owner of Mojang, told newspaper The Guardian, “We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts.”

“When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary.”

Source: Rock, Paper, Shotgun

5 Million Gmail Passwords and Usernames Leaked

First Apple had their iCloud fiasco, and now the business giant Google has seen 5 million of its users have their usernames and passwords published online.

The evidence of this has been seen on Russian forum boards, incorporating a comprehensive list of all the people affected and are now seencirculating around file sharing websites. But according to Google, this issue is not due to a direct leak of Gmail services, with experts claiming that this list was most likely compromised over a long period of time with the information being stolen from other websites.

Thanks to The Next Web, we were able to read the direct statement from a Google spokesperson which reads:

We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.”

Since the leak, the forum linked above has purged the passwords in the original text file, with only the login information remaining. But, if you’re a cyber-criminal looking to take advantage of the situation, the original poster claims that at least 60% of the uncovered account passwords are valid and functional.

We suggest that you change your password just to be safe – and don’t go searching for the document yourself as you never know what you’ll find. Google also suggests you enable their 2-step verification process.

Image courtesy of Create New Gmail Account

JPMorgan Customers Target in Huge Phishing Campaign

JPMorgan, the No. 1 U.S. bank by assets, has confirmed that spammers have launched a phishing campaign targeting its customers. The spam-campaign is dubbed Smash and Grab and was launched on Tuesday by an unknown group. It however bears the resemblance of Eastern European cybercrime gangs and most of the infrastructure used in the campaign is located in Russia and Ukraine.

“It looks like they sent it out to lots of people in hopes that some of them might be JPMorgan Chase customers,” said bank spokeswoman Trish Wexler.

Most of the spam was stopped by filters in place by the large providers, but some will always manage to get through. And the phishing mail looks very realistic as it uses original email parts to fake it. The attack is somewhat unusual as it doesn’t just try to grab the credentials of unknowing users, it also tries to infect the PC’s with malware at the same time.

Users who click on the included malicious link are asked to enter credentials for accessing accounts with JPMorgan. Even if they do not comply with this request, the site attempts to automatically install the Dyre banking Trojan on their PCs, according to Proofpoint. Dyre is a recently discovered piece of malware that seeks credentials from customers of Bank of America Corp, Citigroup Inc and the Royal Bank of Scotland Group Plc.

Proofpoint saw about 150,000 emails from the group on Tuesday, the first day it noticed the campaign among its customers in the Fortune 500 and higher education. That makes it a moderately large campaign, but the largest attempts involve sending more than 1 million pieces of spam over a few days to Proofpoint clients, said Proofpoint’s VP of Threat Research Mike Horn.

The firm manages over 100 million email accounts. Horn said that Proofpoint quickly identified the spam and was able to stop it from infecting its customers, but was not sure how effective it was at infecting others.

Thank you Reuters for providing us with this information.

Image courtesy of Reuters.

Luis Suárez World Cup ‘Petition’ Phishing Scam Making The Rounds

A clever phishing website is using the popularity of the 2014 FIFA World Cup, compromising users with a website that mimics FIFA’s official website.

Asking football fans to sign a petition in defense of Luis Suarez, a player from Uruguay now notorious for biting Italian national player Giorgio Chiellini.  The website adds each person, required to enter an email address, and could lead users to be added to a spam emailing list, suffer targeted attacks, or receive emails with malicious attachments.

The spoofed website closely matches the design of the official website, and any links redirect to FIFA’s official website, security researchers note.  The domain was created on June 27, 2014 and is tied to a person operating out of London.

Here is what Nadezhda Demidova, Kaspersky Lab Content Analyst, in a statement:

“Armed with users’ email addresses and telephone numbers, cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices.  This technique is used to get round two-factor authentication in online banking systems in cases where a one-time password is sent via SMS.”

Cybercriminals have found great success using social engineering tactics – simply tricking users into turning over their own personal information – and the problem persists.

Thank you to Kaspersky Lab providing us with this information

Image courtesy of Secure List

‘Copyright Infringement’ Notice With Trojan Software Hits 30,000 Users

Cybercriminals are targeting users with an email that looks like a copyright warning from popular music and movie studios, but instead has an attached Trojan designed to infect users.

It might look like an email from music labels Sony or EMI – or movie studios Paramount and Dreamworks – but it’s not a legitimate email.  Instead, Internet users in Germany are being targeted by emails that demand payment within 48 hours.

The final line of the email reads: “For details see the attached document XXXXXXXXX.zip” – and features an attachment that compromises users and steals personal information.

Interestingly, the criminals use a rather unique social engineering technique, including contact information of legitimate law firms.  Typically phishing emails are completely made up and do not have real contact information, though this has led to one law firm, Sasse & Partner, to release a statement that it is not involved with these emails.

Attorney Christian Solmecke had this to say:

“It is very likely that the zip file contains a virus, designed to spy on credit card and account information.  The floodgates would then be opened to online banking fraud and identity theft.  For this reason, all users that have opened the ZIP file attachment should check their PC immediately with a virus scanner and install the security updates for their anti-virus software.”

Thank you to Torrent Freak for providing us with this information

Irish Netflix Users Warned of Growing Phishing Security Issues


Netflix users in Ireland have been warned of a phishing scam that asks users to update their payment information or their accounts will be suspended.  There are around 175,000 Irish Netflix users, and it’s unknown how many customers received the phishing email.

If users click on the fraudulent link, they are taken to dummy page that requires financial information to be entered.

Here is what Ronan Murphy, IT security firm Smarttech.ie, said in a recent statement:

“Phishing scams like the Netflix one, pray on people’s tendency to trust the authenticity of message and the company logo.  Once the criminals carrying out the scam have collected enough information from the unsuspecting victims, they can use it for credit card fraud or identity theft.  As a general rule, one should always be wary of any unsolicited emails or messages looking for your personal information or credit card details, no matter how genuine they look.”

Murphy said users should immediately delete the email – and shouldn’t provide any financial details if they did click the link.  Netflix subscribers with any account questions should contact Netflix directly: 0843 506 9267 or https://www.facebook.com/NetflixUK

Phishing remains a serious threat to Internet users, with security specialists warning everyone to be careful on emails they open, links that are clicked, and to be careful not to provide any personal or payment information to suspicious websites.  If in doubt, contact the company or bank directly to resolve any problems.

Thank you Irish Times for providing us with this information

Image courtesy of Digital TV Europe

German Security Provider Says 750 PayPal Phishing Sites Are Created Daily

PayPal phishing schemes drive me mad. I probably get about 5-10 emails everyday across my various work and personal email accounts from phishing sites trying to trick me into handing over PayPal details. A German email security provider has shed light on why this is such a frequent occurrence. Apparently everyday an average of 750 new PayPal phishing sites are set up. By simple math that means we see 22,000 of these rotten things every month and 270,000 in the average year.

Most of these Phishing pages are hosted on legitimate websites that have been compromised by cybercriminals so spotting a phishing site may not often be as obvious as you think, although if it isn’t on PayPal.com then it should be pretty obvious.

“The online payment service PayPal is not only one of the most popular online payment methods, but also a preferred target for phishers: PayPal regularly tops the lists of phishing topics worldwide. Every day, an average of 750 newly compromised websites are targeted primarily at PayPal users, according to numbers from Commtouch’s GlobalView URL filtering database – resulting in more than 22,000 new sites per month and 270,000 sites per year. The sites are usually legitimate websites that are compromised through security flaws. The findings highlight the need for hosters and website owners to protect their sites and for users to deploy an effective Web security solution.” Stated Eleven Research.

Image courtesy of Eleven Research