CatPhishing: Hamas targets the hearts of Israeli forces

Hamas is targeting the hearts of Israeli soldiers using social engineering attacks that are triggered with a simple friend request.

Israel Defense Forces reported the group is scrolling through Facebook for Israeli soldiers to “catfish” using fake accounts created from photos and identities stolen from attractive unsuspecting users, according to a blog post.

Hamas operatives will then add the Israeli soldiers on social media and chat with them before sending a few pictures, in an effort to disarm suspicious and prove they are real before inviting them to a video chat using an app sent to the soldier from the operative.

The app is actually a trojan capable of gleaning contacts, locations, apps, pictures, and any files as well as access the camera and microphone.

Soldiers are advised to not accept friend requests from strangers, keep GPS features off when not in use, and to not side load apps to their device.

SOURCE: Robert Abel | SC Magazine

​Brazilian Cyber criminals using live chat for their phishing schemes

A report by a security advisor for IBM, Limor Kessem showed how cyber criminals are employing a new tactic of using live chats to extract banking and personal information directly from victims in Brazil.
The report describes how the attack begins by sending an email with a link to the target victim. The link takes the victim to a fake webpage that emulates the victim’s bank website. The victim is then social engineered into divulging critical information through a live chat on the fake website.

The criminals can check the information provided since they are online and push an error message to the target if the information provided is not correct.

In the end, the victim is notified that the update was successful but should wait for 24 hours before login into their account. This gives them time for their fraudulent transactions to clear before the user realizes.

Introducing Infy: A Decade-Long Attack Campaign from Iran

target_416x416Security researchers have uncovered a major new targeted attack campaign dating back nearly a decade and likely to have originated from Iran.

Palo Alto Networks named this one “Infy” after the string appeared in multiple file names, C2 strings and C2 folder names.

It’s an incredibly focused campaign, limited in scope – which is why it has managed to stay under cover for so long, according to the US security vendor.

The research team first uncovered its existence after intercepting two emails carrying malicious documents – one Word, one PowerPoint – sent from a compromised Israeli Gmail account to an industrial organization in the same country.

Another email containing a Word doc with an identical hash was spotted heading to a US government inbox.

Those spear phishing emails worked by tricking the user into activating the malicious executable by hiding it behind the ‘Run’ button of a PowerPoint show.

Continue reading

55+ Companies and Counting Fall to W-2 Phishing Scams

target_416x416It’s officially an epidemic: More than 50 organizations have been successfully targeted by W-2 spear phishing attacks since January—and the list continues to grow, with Pivotal Software and Kentucky State University as the latest victims.

Companies in a wide range of industries from healthcare to storage manufacturing have been fooled by attackers into leaking their employees’ tax forms, including Snapchat, Nation’s Lending Corporation, Care.com and Sprouts grocery stores. Some attacks have exposed the confidential information of tens of thousands of people. Overall, the IRS said that it has seen a 400% surge in phishing and malware incidents so far this year, bent on stealing tax information.

In the Pivotal case, an unknown third party last week sent a fraudulent email message impersonating CEO Rob Mee to an employee requesting tax information about Pivotal employees. The company said in a notice [PDF] that the employee bought the ruse and responded to the request. No word on how many were affected, but Pivotal, a joint venture of EMC and VMWare, has less than 2,000 employees. Continue reading

Snapchat Suckered by Payroll Phishing Attack

SnapchatMessaging service Snapchat has admitted that sensitive financial information about some of its employees was phished after a member of staff fell for an email scam.

In a blog post on Sunday, the firm claimed that the phishing attack managed to con one of its employees into revealing payroll information about their colleagues.

“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” it revealed.

“Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.” Continue reading

Dark Web Experiment Shows How Hackers Use Stolen Credentials

shutterstock_121764856A Dark Web experiment shows just how dangerous stolen email credentials can be. With a stolen Gmail username and password combo, hackers showed that they could access bank accounts and more.

In Bitglass’ second annual Where’s Your Data experiment, researchers created a digital identity for an employee of a fictitious bank, a functional web portal for the bank and a Google Drive account. The team then leaked “phished” Google Apps credentials to the Dark Web and tracked activity across the fictitious employee’s online accounts.

Hackers on the Dark Web found they could gain access to the employee’s Google Drive account, and with a little more digging, access the employee’s bank accounts with login credentials that were stolen. Continue reading