Phishing Watchdog “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout

An Updated Feed of All Significant Phishing Attacks

This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack.

The list below is updated instantly with threat details as soon as the attack is verified to be authentic.

Please Sign Up To Get Instant Phishing Attack Alerts by Email

anti phishing service

Canadian Territory Nunavut Suffers Ransomware Attack

4th November 2019 | Target : Nunavut | Reported Here


The Government of Nunavut is the latest victim of a sophisticated ransomware attack. In an official statement, the Premier of Nunavut, Joe Savikataaq, stated he noticed a new and advanced type of ransomware that affected their network systems across the territory on November 2, 2019.

The attack encrypted individual files on various servers and workstations impacting all government online services. “All government services requiring access to electronic information stored on the Government of Nunavut (GN) network are impacted, except Qulliq Energy Corporation,” said Savikataaq.

[above via Cisomag post] – Update 1


Marriott announces exposure of associate’s Social Security numbers

1st November 2019 | Target : Marriott | Reported Here


Marriott has once again suffered a cyber attack. This time, Marriott warns some of its associates about a security breach affecting their Social Security Numbers. What makes this incident tricky is that Marriott is facing trouble contacting some of the victims.

Marriott Security Breach Affects Associates Marriott International Inc.

has recently warned of a security breach affecting some associates. Precisely, the incident exposed the Social Security Numbers of the associates to an unknown attacker. As revealed via a security notice, the incident primarily hit a third party vendor who once collaborated with Marriott.

[above via Latesthackingnews post] – Update 1


North Korean Malware Found at Indian Nuke Plant

31st October 2019 | Target: Nuclear Power Station | Reported Here


The network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today.

News that the Kudankulam Nuclear Power Plant (KNPP) might have been infected with a dangerous strain of malware first surfaced on Twitter on Monday.

Pukhraj Singh, a former security analyst for India’s National Technical Research Organization (NTRO), pointed out that a recent VirusTotal upload was actually linked to a malware infection at the KNPP.

The particular malware sample included hardcoded credentials for KNPP’s internal network, suggesting the malware was specifically compiled to spread and operate inside the power plant’s IT network.

[above via Zdnet post] – Update 1 / Update 2


UN, NGOs targeted by ongoing phishing attack

25th October 2019 | Target: UN, NGOs | Reported Here


Security researchers are warning of an ongoing mobile-aware phishing campaign targeting the United Nations and various NGOs for Okta, Office 365 and Outlook account credentials.

The two domains hosting the phishing content have been live since March 2019, with most of the the SSL certificates used valid in two main date ranges: May 5-August 3, 2019, and June 5-September 3, 2019, according to Lookout.

Interestingly, Javascript on the phishing pages can detect if the user is on a mobile device, and deliver relevant content to them. Lookout warned that mobile browsers typically truncate URLs, which can help phishing attempts by making it harder for users to spot any deception.

[above via Info security post] – Update 1



Stripe Users Targeted in Phishing Attack That Steals Banking Info

17th October 2019 | Target: Bank Data. | Reported Here


A new phishing campaign that targets Stripe users to steal banking information has been uncovered.

Attackers are evading detection by blocking users from viewing the destination of embedded links.

Stripe is an online platform that enables businesses to deal with payments. It handles billions of dollars annually and has a rich client base of reputed brands. This makes Stripe an attractive target for hackers.

[above via It – news post] – Update 1 / Update 2

Malware takes down some Pitney Bowes systems

14th October 2019 | Target: Pitney Bowes. | Reported Here


Global shipping and postage giant Pitney Bowes has had its operations disrupted by ransomware, with customers being unable to access some of its services.

Pitney Bowes acknowledged the attack early this morning Australian time.

SendPro customers currently can’t refill postage or upload transactions on their mailing machines, Pitney Bowes advised.

It is also not possible to access SendPro Online in the UK and Canada, or the ‘Your Account’ page for customers and the Pitney Bowes Supplies webstore.

Mail360 Scans and MIPro Licensing are also down, the company said, with the Software and Data Marketplace being unavailable.

[above via cyware post] – Update 1 / Update 2

Cyber-Attacks Hit Defense Contractors in Europe and North America

27th September 2019 | Target: Rheinmetall AG. | Reported Here


Rheinmetall AG and Defence Construction Canada (DCC), both major defense contractors, were each at the receiving end of disruptive cyberattacks this month. Rheinmetall AG has been hit with what the firm referred to as “malware attacks” since September 24. As a result, the “normal production processes ” at company’s plants in Brazil, Mexico and the US have been significantly disrupted. The company says that it may take between two to four weeks to resolve all issues resulting from the attacks.

Separately, DCC suffered a “cyber incident” on September 11 that disrupted various IT systems. The company has launched in investigation into the attack and is currently still working to fully recover all impacted systems.

[above via Oodaloop post] – Update

Ransomware Attack Disrupts Wyoming Health Services

23rd September 2019 | Target: Campbell County Health.| Reported Here


Campbell County Health (CCH) in Wyoming on Sept. 20 was hit with a ransomware attack that has severely disrupted the facility’s computer network, requiring a return to paper record keeping and the transfer of some patients to non-affected hospitals.

In a Sept. 23 press conference posted on Facebook, CCH officials said the attack’s impact has been widespread, but at this time it is not believed any patient information was compromised. Very few details concerning the attack is known at this time, but an investigation is ongoing and includes a third-party cybersecurity firm along with local, state and federal law enforcement.

A hospital spokeswoman told SC Media that she could not comment on the ransom demand amount, whether or not paying it is being considered, or if the hospital will use backed-up files to recover from the attack.

[above via Sc-magazine post] – Update 1 / Update 2

North Korean Malware Attacks ATMs and Banks

23rd September 2019 | Target: ATM | Reported Here


The infamous Lazarus Group is behind new malware discovered targeting ATMs and back-office systems in Indian banks and research centers, according to Kaspersky.

The Russian AV vendor claimed in a new report that it discovered the ATMDtrack malware back in late summer 2018. It is designed to sit on targeted ATMs and effectively skim the details of cards as they are inserted into the machine.

However, digging a little deeper, the researchers found another 180+ new malware samples similar to ATMDtrack but which were not designed to target ATMs.

[above via Info-Security post] – Update 1 / Update 2

Hackers Steal $4.2m from State Troopers’ Pension Fund

6th September 2019 | Target: Oklahoma | Reported Here


Cyber-thieves targeting a pension fund for law enforcement officers employed by the state of Oklahoma have made off with $4.2 million.

The money was stolen from a fund of more than $1 billion set aside to pay pensions and benefits to around 1,500 retired highway troopers, park rangers, state agents, and other law enforcement officers.

[above via Info-Security post] – Update 1 / Update 2

Scams and Ransomware Cost Kiwis $6.5m in 3 Months

6th September 2019 | Target: Goverment | Reported Here


New Zealand has reported the country’s highest ever recorded quarterly financial losses to cybercrime.

A report published yesterday by the government’s national Computer Emergency Response Team (CERT NZ) revealed that $6.5 million in direct financial losses was reported nationwide in the second quarter of 2019.

CERT NZ’s findings show a marked increase in the number of cybersecurity attacks inflicted on businesses and individuals across the country between quarters one and two of this year.

[above via Nxt Alpha post] – Update 1

New Bedford Hit With $5.3m Ransomware Demand

5th September 2019 | Target: Massachusetts City | Reported Here


After being hit by a ransomware attack, Massachusetts city New Bedford faced a payout demand of more than $5 million – one of the latest known ransoms ever.

After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Mass., the city announced that it is instead opting to pick up the pieces and restore what it can from backups itself.

If the city had opted to pay, the payout would have been the largest known ransom payout for an attack yet.

[above via post] – Update 1

Global Breach Costs Set to Top $5 Trillion By 2024

29th August 2019 | Target: Global | Reported Here


A new report from Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%.

This will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm.

The research noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes.


[above via Help Net Security post] – Update 1

City of London Hit by One Million Cyber-Attacks Per Month

23rd August 2019 | Target: London City | Reported Here


Cyber criminals have their sights set on bigger and bigger targets, hitting the European Central Bank (ECB) twice in the past five years, and now launching a relentless attack on the City of London Corporation.

According to findings released under Freedom of Information (FOI) legislation, the municipal governing body of the City of London was hit with nearly three million attacks in just the first three months of 2019. This war of attrition has put 10,000 residents of the City of London in the line of fire, as well as 10 million annual tourists and 400,000 daily commuters entering the city.


[above via Insurance Business mag post] – Update 1

Alaska is the Most Scammed State in America

21st August 2019 | Target: Alaska | Reported Here


An annual report on cybercrime by the Federal Bureau of Investigation has revealed Alaska to be the most scammed state in America for the second year running.

With more than $450 million stolen, sunny California lost more money than any other state, but at 21.67 victims per 10,000 residents, Alaska had the highest per capita victim count.

Although more people were scammed in The Last Frontier State than in any other US state, Alaskans lost the least amount of money per person, with each victim being conned out of $2,256.30 on average.


[above via Info Security post] – Update 1

Ransomware Attack Hits 22 Texas Town

20th August 2019 | Target: local Goverment| Reported Here


HOUSTON — Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said.

The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide.


[above via Ny Times post] – Update 1 / Update 2 /

Hackers Leave Ransom Note For 700K Records

15th August 2019 | Target: Hotels | Reported Here


Hackers claim to have stolen 700,000 customer records from Choice Hotels thanks to an exposed MongoDB instance, it has emerged.

The US-based chain, which runs franchised outlets in over 40 countries worldwide, is now being held to ransom after the hackers left a note demanding 0.4 Bitcoin (around $3800) in payment for the data, which they claimed to have copied.

Security researcher Bob Diachenko worked with security firm Comparitech to discover the database, which was left completely exposed online. However, hackers had already got there. It was only left online for four days without password protection before attackers found the account.


[above via Info Security post] – Update 1 / Update 2 /

North Korean Hackers Amass $2bn Via Cyber-Attacks

8th August 2019 | Target: Banks | Reported Here


North Korea has turned to cybercrime to steal money and fund its nuclear program following global sanctions, a new report from the UN has claimed.

It seems as the punishments imposed by the UN Security Council on North Korea (DPRK) in 2006 to choke funding for the country’s nuclear program did little good, as a confidential UN report, states that North Korean state-sponsored hackers generated more than $2 billion through a myriad of illegal activities, with the proceedings going to the weapons of mass destruction fund.

[above via IT Proportal post] – Update 1 / Update 2 /

Cybercrime Costs Global Economy $2.9m Per Minute

24th July 2019 | Target: World Economy | Reported Here


The report is based on an analysis of malicious activity on the internet using proprietary global intelligence and third-party research.

The analysis also reveals that every minute, top companies pay £20 because of security breaches, hacks on cryptocurrency exchanges cost £1,550, and phishing attacks cost £14,200.

Every minute, 2.4 phishing sites went live and seven malicious redirectors, 0.32 blacklisted apps, and 0.21 Magecart attacks were detected.

Looking ahead, the report predicts that ransomware will cost the global economy £17,817 a minute in 2019.

[above via Computer Weekly post] – Update 1 / Update 2 / Update 3

Lancaster University students’ data stolen in cyber-attack

23rd July 2019 | University: Lancaster | Reported Here


Lancaster University has confirmed that it was “subject to a sophisticated and malicious phishing attack” which resulted in breaches of student and applicant data.

This has led to undergraduate student applicant data records for 2019 and 2020 being accessed, including names, addresses, telephone numbers and email addresses. Lancaster confirmed in its statement that it was “aware that fraudulent invoices” were being sent to some undergraduate applicants and has warned applicants to be aware of any suspicious approaches.

Also breached was Lancaster’s student records system. “At the present time we know of a very small number of students who have had their record and ID documents accessed,” it confirmed.

[above via Info Security post] – Update 1 / Update 2

Equifax to Pay $575m in Data Breach Settlement

22nd July 2019 | Company: Equifax | Reported Here


In a settlement between Equifax and the United States, the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB), Equifax will pay $575 million for damages related the to 2017 data breach, according to today’s press release.

The allegations against Equifax claimed that the company failed to take “reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people,” the release stated.

“In its complaint, the FTC alleges that Equifax failed to secure the massive amount of personal information stored on its network, leading to a breach that exposed millions of names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

[above via Info Security post] – Update 1 / Update 2

Iranian Hackers attack linkedin users with phishing campaigns

22nd July 2019 | Website : Linkedin | Reported Here


Iranian Hackers attack Iranian hackers have launched a new malware attack. The cyber attack is initiated from social networking site, LinkedIn, and begins with an invitation to connect online. When the recipient accepts the LinkedIn connection, the hacker then attempts to trick the user into downloading malicious files. The malware attack was discovered in June by cyber security research firm FireEye. The cyber attack is being carried out by Advanced Persistent Threat Group APT34 which is an Iranian state sponsored hacking organization.

[above via Askcybersecurity post] – Update 1 / Update 2

‘Wizard’ cybersecurity expert charged with record hack of Bulgarian tax agency

17th July 2019 | Target : Governments agency | Reported Here


A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.

Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria’s capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor’s office.


[above via post] – Update 1

TrickBot malware may have hacked 250 million email accounts

13th July 2019 | Target : Governments | Reported Here


Malicious actors behind the information-stealing malware TrickBot have added a new module that has helped them illicitly gather a database of 250 million legitimate email addresses.

Millions of these harvested addresses are linked to government agencies and employees in the U.S., according to Deep Instinct, whose researchers uncovered the new module and the giant database. In all likelihood, these addresses were collected for the purpose of targeting them in future TrickBot operations, explains a July 12 blog post by Deep Instinct malware and cyber intelligence expert Shaul Vilkomir-Preisman, who was assisted by fellow researcher Tom Nipravski.

[above via Scmagazine post] – Update 1 / Update 2

Hackers Steal $32M Of Crypto From Japanese Exchange

12th July 2019 | Country: Japan | Reported Here


A cryptocurrency exchange in Japan has admitted that it was hacked and lost 3.5 billion yen ($32 million) of digital currency, according to reports.

The company, based in Tokyo, is called Remixpoint, and it runs an exchange called BITPoint. The company also has used car, travel and energy businesses. The company apologized for the hack on Friday (July 12), saying that the losses were confirmed a day before.

The complete picture of the hack and theft is under investigation, and the theft included Bitcoin, Ethereum, Ripple and other well known digital currencies.

Two-thirds of the losses affected customers of the exchange, the company said, and the rest belonged to the company. Transactions have been stopped in the meantime.


[above via PYMNTS post] – Update 1 / Update 2

Hackers Demand $2 Million From Monroe

11th July 2019 | Target: Monroe College | Reported Here


A ransomware attack at New York City’s Monroe College has shutdown the college’s computer systems at campuses located in Manhattan, New Rochelle and St. Lucia.

According to the Daily News, Monroe College was hacked on Wednesday at 6:45 AM and ransomware was installed throughout the college’s network. It is not known at this time what ransomware was installed on the system, but it is likely to be Ryuk, IEncrypt, or Sodinokibi, which are known to target enterprise networks.

Reports indicate that the attackers are asking for 170 bitcoins or approximately $2 million dollars in order to decrypt the entire college’s network. The college has not indicated at this time whether they will be paying the ransom or restoring from backups while gradually bringing their network back online.


[above via Bleeping Computer post] – Update 1 / Update 2

 NHS Faced 11m+ Attacks Over Past Three Years

10th July 2019 | Target: NHS | Reported Here


The National Health Service’s email systems were attacked more than 11 million times in the last three years, according to new information from NHS Digital.

That’s more than 12,000 attacks a day, 500 attacks an hour, more than eight attacks every minute, for three years straight.

The numbers come courtesy of a Freedom of Information request and describes exactly the pressure NHSmail infrastructure system is facing.

NHS Digital says the NHSmail system blocked 11,352,000 email attacks. The highest ranking attacks are IP or domain reputation attacks (more than six million), followed by spam (3.6 million). A total of 852,000 incidents were recorded as anti-virus.


[above via IT Proportal post] – Update 1

Cyber-Attacks Cost Global Firms $45bn in 2018

10th July 2019 | Target: Local Goverment | Reported Here


An estimated two million cyber attacks in 2018 resulted in more than $45 billion in losses worldwide as local governments struggled to cope with ransomware and other malicious incidents.

The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, released its Cyber Incident & Breach Trends Report, which found the financial impact of ransomware rose by 60%, losses from business email compromise (BEC) doubled, and cryptojacking incidents more than tripled, all despite the fact that overall breaches and exposed records were down in 2018.

[above via Security Magazine post] – Update 1 / Update 2 / Update 3

Marriott to face $123 million fine by UK authorities over data breach

9th July 2019 | Company: Marriott | Reported Here


U.S. hotel group Marriott has become the second firm to face a massive GDPR fine as the UK regulator continues on its rampage. The hotel group, which suffered a breach last year, could face a fine of over £99 million ($123 million). It shows the global impact of the regulation, which covers the personal data of EU citizens.

In a statement of the regulator’s intention to fine Marriott International, UK Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

[above via Forbes post] – Update 1 / Update 2

Canonical GitHub account hacked

7th July 2019 | Company: Canonical LTD| Reported Here


Canonical Ltd, the company behind the popular Ubuntu Linux distribution, has had its software repositories on Github hacked by unknown attackers.

The hack appears to be limited to a defacement, with 11 new repos sequentially named CAN_GOT_HAXXD_1, `with no existing data being changed or deleted.

A Canonical spokesperson confirmed the attack to iTnews.

“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities.

[above via IT News post] – Update 1 / Update 2 / Update 3

Hacked forensic firm pays ransom after malware attack

5th July 2019 | Company: Eurofins Scientific | Reported Here


Aleading forensic science firm, which is used by the UK police to help investigate major crimes, has paid a ransom to criminals after being targeted in a cyber attack, it is understood.

Eurofins Scientific, which is based in Belgium but has laboratories all over the world, was hit by a ransomware attack last month, which affected the firm’s IT systems.

The National Crime Agency has been investigating the source of the attack, but sources claimed the company had already paid a ransom to recover its network.

[above via Telegraph post] – Update 1 / Update 2

Thousands Left Vulnerable in Nexus Repository

2nd July 2019 | Company: Sonatype | Reported Here


A recent breach in Nexus Repository left many companies and government agencies vulnerable, as thousands of private artifacts were left unprotected, according to a July 2 blog post from researchers Daniel Shapira and Ariel Zelivansky, with Twistlock Labs.

While this breach was swiftly rectified, Shapira and Zelivansky noted that this type of hack could have had catastrophic consequences and cannot be taken lightly.

A team of dedicated white hats identified these weaknesses within Nexus Repository. In a July 2 blog post, researchers wrote, “During my recent work I have discovered two security vulnerabilities in Nexus Repository that affect all users under default settings.

[above via Infosecurity post] – Update 1 /

Ford, TD Bank Files Found Online in Cloud Data Exposure

28th June 2019 | Target : Ford | Reported Here


Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web.

The incident revealed passwords and network information about Attunity as well as emails and technology designs from some of its high-profile customers. Researchers at UpGuard Inc., a cybersecurity company, found more than a terabyte of data left unsecured by Attunity last month on Amazon Web Services cloud-computer servers, according to a report they published Thursday.


[above via BloomBerg post] – Update 1 / Update 2

Yandex hacked, and likely by Western intelligence agency

27th June 2019 | Internet company : Yandex | Reported Here


Hackers working for Western intelligence agencies reportedly broke into Yandex, a Google competitor based in Russia, to search for technical information that shows how Yandex authenticates user accounts.

The hack occurred in 2018, according to Reuters, which sources the information from four people with knowledge of the event. The hackers used a malware called Regin, the same malware used for intelligence sharing

Regin is known to be used by the “Five Eyes,” an intelligence alliance made up of the United States, Britain, Australia, New Zealand and Canada. The countries are bound by an agreement to cooperate on intelligence.

[above via Mediapost post] – Update 1 / Update 2

Two Florida Cities Paid $1.1 Million to Ransomware Hackers

26th June 2019 | Target : Florida City | Reported Here


For the second time in a week, a Florida city has paid out a digital ransom to hackers in an effort to regain control over their crippled municipal computer systems.

Lake City Mayor Stephen Witt said his small city located in northern Florida agreed to pay hackers a $460,000 ransom in an effort to regain control over their email and other servers, which were shutdown by the attack two weeks ago.

“I would’ve never dreamed this could’ve happened, especially in a small town like this,” Witt told Action News Jax.

The ‘Ransomware’ attack on the Lake City computer systems locked city workers out of their email accounts and make it impossible for residents to make any city payments online. Hackers managed to infect the city’s systems after a city employee clicked an email link that allowed the malware be introduced into their system. Lake City’s town’s insurer was contacted by the hackers who negotiated the ransom payment of 42 bitcoins (or around $460,000). Officials decided the ransom was the quickest way for city employees to regain access to their email accounts.

[above via Iheart post] – Update 1

Hackers Stole Data from NASA’s Robotics Lab

20th June 2019 | Target : NASA | Reported Here


NASA’s Jet Propulsion Laboratory (JPL) systems were reportedly hacked by a Raspberry Pi that helped hackers crack into the weak security and steal data.

As Engadget reports, investigators looking into a security breach found that an unauthorised Raspberry Pi was linked to the JPL network that was targeted by hackers in April 2018, allowing them to steal 500MB of data and also go deeper into JPL’s network.


[above via Business Standard post] – Update 1 / Update 2

Florida city pays $600,000 to hackers who seized its computer system

19th June 2019 | Target : Florida City | Reported Here


A city in Florida has decided to pay $600,000 to the hackers behind a ransomware attack that’s locked down the local government’s data.

On Monday, the city council of Riviera Beach voted unanimously to let the city’s insurer pay 65 bitcoins to the hackers. Why the council authorized the payment wasn’t discussed at the emergency hearing. But the city is hoping to recover municipal files the hackers encrypted during the ransomware attack.

[above via PC Mag post] – Update 1 / Update 2

New WSH RAT Malware Targets Bank Customers with Keyloggers

14th June 2019 | Target : Bank | Reported Here


According to a blog post by researchers at Cofense, the new strain ofmalware, named WSH Remote Access Tool (RAT) by its developer, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created in 2013.

This new iteration comes ported to JavaScript (JS) from HWorm’s original codebase of Visual Basic. WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines.

[above via Scmagazineuk post] – Update 1 / Update 2

City of Burlington falls for Phishing Scam

13th June 2019 | Location: Burlington | Reported Here


The city of Burlington says it has fallen victim to a $503,000 phishing scheme. City staff received a “complex phishing email,” requesting to change banking information for an “established city vendor,” the city said in a press release. About $503,000 was transferred to a falsified bank account for the vendor on May 16, the city said. After realizing the mistake on May 23, the city says it immediately notified their bank and Halton Regional Police. They also put in “additional internal controls” to make sure it doesn’t happen again.

[above via CBC post] – Update 1 / Update 2

Hackers Plant Phishing Links in Google Calendar

11th June 2019 | Website: Google Calendar | Reported Here


A sophisticated scam is targeting Gmail users through fraudulent, unsolicited Google Calendar notifications as well as through other Google services, including Photos and Forms, according to Kaspersky.

In these scams, criminals are exploiting Gmail calendar’s default feature that automatically adds calendar invitations and notifications.

[above via Infosecurity post] – Update 1 / Update 2

Flipboard says hackers stole user details

29th May 2019 | Website: Flipboard | Reported Here


The news aggregation site, Flipboard, has disclosed that their databases had been hacked and unauthorized users have potentially downloaded the data contained within them. This data included the personal account information and digital tokens for some of their over 100 million users.

According to emails seen by BleepingComputer and a security incident notice published on their site, Flipboard stated that hackers gained access to some of their databases during two different time periods.The first time was between June 2nd, 2018 and March 23, 2019 and the second was between April 21st and 22nd, 2019.

It is not known if these were the same users accessing the databases at different periods or two separate data breaches.

[above via BleepingComputer post] – Update 1 / Update 2

Australian ‘unicorn’ Canva hacked

24th May 2019 | Website: Canva | Reported Here


Australian graphic-design-as-a-service company Canva has alerted its users to an attack that has seen “a number of our community’s usernames and email addresses … accessed.”

The attack was detected on Saturday, Australian time. The company’s letter to users also adds “The hackers also obtained passwords in their encrypted form (for technical people: all passwords were salted and hashed with bcrypt). This means that our user passwords remain unreadable by external parties.”

[above via CRN post] – Update 1 / Update 2

WhatsApp Hack – Hackers Installed Spyware By Placing A Phone Call

14th May 2019 | Software: WhatsApp | Reported Here


WhatsApp pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware. The chat app, owned by Facebook Inc., said it had discovered a vulnerability in early May that could enable attackers to insert and execute code on mobile devices.

[above via Bloomberg post] – Update 1 / Update 2

Hackers Steal $40 Million Worth of Bitcoin From Binance Exchange

7th May 2019 | Website: Binance | Reported Here


Hackers have stolen $41m (£31m) worth of Bitcoin in a major crypto-currency heist.

The Binance exchange, which stores Bitcoin and other crypto-currencies for members, said hackers took 7,000 bitcoins in one go. Withdrawals have now been suspended on the platform.

“We beg for your understanding in this difficult situation,” Binance said.

However, the exchange said it would replace the lost cash with the help of its emergency insurance fund.

According to Binance, the attackers used a variety of techniques to break in. They deployed viruses and used phishing attacks to get security information.

[above via BBC post] – Update 1 / Update 2

Phishing Method Which Can Trick Google Chrome Users With Fake Address Bar

29th April 2019 | Application: Google Chrome | Reported Here


Why display the URL bar on a mobile device when you can give users more screen space by hiding it?

Google Chrome for Android does just that after a page has loaded, concealing information about the URL and expanding the screen space available to display content from the web page.

The feature is handy for users, but developer James Fisher is drawing attention to the possibility that phishing attackers can abuse it to catch users off guard when browsing.

[above via Zdnet post] – Update 1 / Update 2

Virgin Media Phishing Email

17th April 2019 | Site: My Virgin Media | First Reported Here


A phishing email sent to Virgin Media customers, telling them their payment for latest Virgin Media bill has failed and asking them to update billing details.

The Nasty List Phishing Scam

15th April 2019 | Site: Instagram | Reported Here


A new phishing scam called the “The Nasty List” is sweeping through Instagram and is targeting victim’s login credentials.

  • If a user falls victim, the hackers will utilize their accounts to further promote the phishing scam.
  • The Nasty List scam is being spread through hacked accounts that send messages to their followers stating that they were spotted on a so-called “Nasty List”.
  • These profile descriptions also include a link that supposedly allows you to see this Nasty List and why you are on it.
  • To avoid falling for an Instagram phishing scam like the Nasty List, if you are at a page that does not belong to the web site, never enter your login credentials.
  • If you have been hacked by the “Nasty List” phishing scam and you still have access to your account, the first thing you should do is verify that your account is using the correct phone number and email address.
[above via Reddit post]

Wells Fargo Bank – Wellsfargo Online Customer Service

10th April 2019 | Site: Wells Fargo Bank | Reported Here


Here is another good example of a phishing email that is presently being circulated. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.

[above via Scamicide post] – Update 1

Fake cancerous nodes in CT scans

3th April 2019 | Target: Hospital | Reported Here


A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.

In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.

The altered images also managed to trick automated screening systems.

The team from Israel developed the malicious software to show how easy it is to get around security protections for diagnostic equipment.

The program was able to convincingly add fake malignant growths to images of lungs taken by MRI and CT scanning machines.

[above via BBC post] – Update 1 / Update 2

American Express – Important Security Message

20th March 2019 | Company: American Express | Reported Here


Microsoft’s Office 365 Threat Research uncovered an active American Express (Amex) email phishing campaign that emerged over the weekend. The Amex phishing campaign is especially dangerous as it prompts the recipient for their credit card numbers, account logins, as well as other common password reset questions.

[above via AskCyberSecurity post] – Update 1

Ransomware Attack Freezes Jackson County, GA Government Systems

9th March 2019 | Place: Jackson County | Reported Here


A little over a week ago government computer systems in Jackson County, Georgia were hit with one of the most sophisticated ransomware attacks attempted in the US. After a week with their entire computer and internet network down, they’ve decided to cough up $400,000 to regain control of their systems and to retrieve stolen files.

[above via TechSpot post] – Update 1/ Update 2

FTC Warns Users Against Online Dating Scams!

13th February 2019 | Application: Tinder | Reported Here


A new notice released Tuesday by the Federal Trade Commission highlights a surge in ‘romance scams,’ or scenarios where scammers trick love-lusting internet users into sending them money, only to later disappear.

The scams cost victims an astonishing $143 million in 2018, up from $33 million the previous year and making it the most costly type of consumer fraud reported to the FTC.

[above via Dailymail post] – Update 1

Optus Email Scam

8th February 2019 | Site: Optus | Reported Here


Optus customers have complained of being caught up in a major security breach after they tried to login to their account and found themselves signed in as Vladimir.

Users say their screen kept refreshing on a loop and one person reported receiving an e-mail with a vastly inflated bill.

[above via post]

Google Translate Phishing Attack

5th February 2019 | Site: Google | Reported Here


This week, a security researcher at Akamai outlined a novel phishing approach that they recently encountered in their inbox that attempts to use Google translate links to mask disreputable links.

In January, the researcher received an email informing them that someone had attempted to access their Google account on an unrecognized Windows device.

[above via post]

Tecnimont Pvt Ltd Attack

10th January 2019 | Site: tecnimont | Reported Here


Attackers forwarded emails to the leader of Tecnimont Private Limited in India which is an Indian subsidiary of the multinational group Tecnimont.
In the emails, the hackers impersonated global C.E.O P. Folgiero and succeeded in convincing the Indian head that a money transfer from Italy was unable to be carried out because of problems with the regulator. They impersonators gave further instructions to make separate transfers to another bank account in Hong Kong.

The money was subsequently transferred from India to the Hong Kong account and withdrawn within moments of the transfer. 18.6 million dollars was lost from the Indian arm of the company due to this simple oversight.

Highly Sophisticated Apple Vishing Scam Detected

8th January 2019 | Company: Apple | Reported Here


A sophisticated Apple vishing scam has been uncovered. In contrast to most phishing attempts that use email, this scam used voice calls (vishing) with the calls appearing to have come from Apple.

The scam starts with an automated voice call to an iPhone that spoofs Apple Inc. The caller display shows that the call is from Apple Inc., increasing the likelihood that the call will be answered. The user is advised that there has been a security breach at Apple and userIDs have been compromised. Users are told they should stop using their iPhone until the problem has been resolved. They are asked to call back Apple support for further information and a different telephone number is provided for this purpose.

[above via Netsec post] Update 1

Netflix Phishing Attacks

26th December 2018 | Site: Netflix | Reported Here


A new bulletin issued by the Federal Trade Commission highlights a fresh wave of Netflix phishing scams that have been landing in email inboxes around the globe.

The scam itself is old. It’s a classic “update your payment information” request that includes a link to a fake Netflix login screen where gullible folks might enter their details, and it’s the kind of thing that we see pretty regularly in our spam filters and junk mail folders, but this particular scam is apparently widespread enough to have drawn the attention of the FTC.

As you can see, it’s a pretty standard phishing attempt that includes several links, but they won’t take you to Netflix’s official website. Instead you’ll be funneled to a fake Netflix front page where login details are harvested and sent back to the scammers.

[above via post]

Office 365 Non-Delivery Email Phishing Attack

13th December 2018 | Platform: Office 365| Reported Here


A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentails.

This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages”. It then prompts you to click on the “Send Again” link in order to try sending the emails again. An example of this phishing email can be seen below.

If a recipient clicks on the Send Again link, they will be brought to a phishing site that impersonates the legitimate Office 365 login. The link will end with #[emailaddress], for example, which will cause the email address to auto-populate

[above via post]

Quora Gets Hacked – 100 Million Users Data Stolen

4th December 2018 | Website: Quora | Reported Here


The World’s most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users.

Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.


[above via Thehackernews post] Update 1 / update 2

Apple ID Phishing Attack

20th October 2018 | Site: Apple | Reported Here


A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account for $30 USD and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.

[above via post]

Czech Republic SMiShing Attack

26th January 2017 | Location: Czech | Reported Here


Reports stated that attackers sent smishing text alerts and the SMS sent seemed to be from the Postal Service of the Czech Republic.
Recipients were lead to click on a link which opened up a website designed to look like the official site of the Czech Postal Service which eventually led victims to download malware in the form of an app which contained a Trojan Horse virus.

Sophisticated social engineering tactics which are the hallmark of phishing were employed by the attackers in convincing them to download an app from a non-trusted site.
From this moment onwards, whenever the victim opened an app, a request that they enter their card details along with other sensitive information would pop up. Such data would be forwarded on to the hacker who would use it to syphon money. The malware could read SMS which enabled the hacker to bypass enhanced security measures like two-factor authentication needed for financial transactions.

Amazon Locky Ransomware Attack

25th May 2017 | Site: Amazon | Reported Here


Comodo Threat Research Labs states that this massive phishing attack began on May 17, 2016, when cybercriminals sent around a hundred million spam messages to customers around the world. The attack lasted for 12 hours and succeeded in causing tremendous damage to the company’s reputation and the finances of several of its customers.
Phishers sent emails to customers of Amazon with a subject line “Your Order Has Dispatched (#code)” with the sender address as “”.

These emails had a word document attached to them which contained image macros. As customers enabled image macros by clicking on the document, a type of virus called ransomware made its way into their computer systems and encrypted all their files. It then threatened the victims with deletion of their files unless the ransom was paid.
Locky’s septicity rate for this attack was estimated to be at 30 devices per minute which is devastating by itself.

The Walter Stephan Case

25th May 2016 | Company: FACC | Reported Here


Cybercriminals faked the email of the CEO of FACC, Walter Stephan and ordered the employees of his company to hand over vast sums of money to a shady bank account by telling them that it was part of a fictional acquisition project. The attack caused losses to the tune or 47 million dollars to the company. Mr Walter Stephan was then found to be guilty of not carrying out his duties by the supervisory board of the company and had to lose his job.

Ubiquiti Networks CEO Fraud

7th August 2015 | Company: Ubiquiti | Reported Here


Ubiquiti is a well-known American technology company and was the unfortunate victim of phishing attacks in June 2015. The attackers were well-prepared and forwarded fraudulent emails requesting wire transfers to the employees of the company.

The unsuspecting employees went on to approve these transactions leading to huge losses of around 40 million dollars for the firm. The firm ended up being able to recover a measly $8.1 million, but the rest of the money ended up in the attacker’s hands.

The RSA Attack

26th August 2011 | Company: RSA | Reported Here


The most significant cybercrime case of 2011 was the hacking of the leading security firm RSA by attackers who managed to break into its decidedly secure networks.

The firm sells security solutions to over 40 million businesses and is considered to be one of the world’s leading computer-security companies.

This makes the fact that its employees fell victim to an email phishing attack titled “2011 Recruitment Plan” all the more ironic. It shows us that we can never be too careful when it comes to cybersecurity and even the very best can fall victim to it if not adequately prepared. The Phishing email led employees to download malware via Adobe Flash, which used FTP to transfer several secured RAR files from RSA’s dedicated server to an external host. These files were then removed from the external host, and no traces were left.

Anthem Server’s Attack

9th February 2015 | Company: Anthem | Reported Here


At around the same time, Ubiquiti was compromised by attackers, and the most massive healthcare breach ever recorded occurred when servers of Anthem was attacked by hackers who succeeded in tricking five employees of the company into opening a phishing mail. This action caused them to download a keystroke-logging malware which in turn led to more than 80 million medical records and files belonging to the Blue Cross and Blue Shield Authority being seized.

These records had immense worth and eclipsed the financial data that might have been compromised. The information which was stolen included names, medical Identification cards, the all-important Social security numbers, addresses, e-mails and financial information such as data on income and employment. Such data can easily be used to impersonate identities.

Operation Phish Phry

10th July 2009 | Operation : Phish Phry | Reported Here


Aside from the funny name, Operation Phish Phry was a serious cybercrime investigation which was conducted as a joint operation between the American FBI and Egyptian authorities. The case is historically significant as having had the largest number of defendants on record in the world of cybercrime.
These attackers had illicitly stolen nearly USD 1.5 Million from thousands of victims and transferred their ill-gotten gains to various phoney accounts around the world. These criminals were part of one of the world’s largest nexus of organized crime online dedicated solely to email phishing attacks.

Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report