Cybercrooks who stole federal payments by hacking contractor accounts on a GSA website used sophisticated spear phishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop. It’s unclear how much the scammers have netted through their scheme, which is being […]
BREAKING NEWS: Under Armour’s health- and fitness-tracking app, MyFitnessPal, has been hit by a data breach. Roughly 150 million MyFitnessPal users are affected, Under Armour says. Under Armour says an “unauthorized party” gained information like usernames and email addresses, but not payment details. “Under Armour is working with leading data security firms to assist in […]
Over the past few months, there has been an increase of attacks that follow this 5-step pattern and are very hard to beat; A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account. They start by changing the […]
The FBI has joined the IRS in warning that W2 tax form phishing is on the rise. The US tax filing deadline is now less than a month-and-a-half away, and tax-themed phishing is trending up. Compromised or spoofed emails alleging to be from a company executive are received by the human resources department. Those emails request W2 information. The […]
“Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease,” said Zeljka Zorz at Help Net Security. Zeljka had a great summary of Wombat’s latest State of the Phish report: For one thing, employees come and go (and change […]
Cyber criminals are trying to benefit from the Florida Parkland school shootings. They are sending out phishing campaigns with topics and hashtags like Parkland, guncontrolnow, Florida, guncontrol, and Nikolas Cruz that try to trick you into clicking on a variety of links about blood drives, charitable donations, “inside” information or “exclusive” videos. Anything you receive […]
According to researchers at McAfee, a new malware campaign is targeting organizations associated with the upcoming 2018 Winter Olympics in Pyeongchang, South Korea. The attack is being delivered via phishing emails disguised as alerts from country’s National Counter-Terrorism Center, with malicious Word documents attached. Once opened, the Word document encourages readers to enable content. If they do, […]
This Scam of the Week covers a new Direct Deposit phishing scam that is affecting employers nationwide without regard to their payroll portals or payroll service providers. Here is the scenario: An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a […]
This Scam of the Week covers a phishing campaign that hijacked the Netflix brand. This phish tries to trick you into handing over your login details, your credit card data, and your photo ID. Here is how the lure looks: (Note the simple trick, right there in the subject line, of not spelling out the brand-theft […]
You may be aware of the warnings and advisories that were recently discovered that practically all computer systems worldwide have a hardware bug called “Meltdown and Spectre”. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a […]