PhishProtection.com “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout
An Updated Feed of All Significant Phishing Attacks
This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack.
The list below is updated instantly with threat details as soon as the attack is verified to be authentic.
Alaska is the Most Scammed State in America
21th August 2019 | Target: Alaska | Reported Here
An annual report on cybercrime by the Federal Bureau of Investigation has revealed Alaska to be the most scammed state in America for the second year running.
With more than $450 million stolen, sunny California lost more money than any other state, but at 21.67 victims per 10,000 residents, Alaska had the highest per capita victim count.
Although more people were scammed in The Last Frontier State than in any other US state, Alaskans lost the least amount of money per person, with each victim being conned out of $2,256.30 on average.
Ransomware Attack Hits 22 Texas Town
20th August 2019 | Target: local Goverment| Reported Here
HOUSTON — Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said.
The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide.
Hackers Leave Ransom Note For 700K Records
15th August 2019 | Target: Hotels | Reported Here
Hackers claim to have stolen 700,000 customer records from Choice Hotels thanks to an exposed MongoDB instance, it has emerged.
The US-based chain, which runs franchised outlets in over 40 countries worldwide, is now being held to ransom after the hackers left a note demanding 0.4 Bitcoin (around $3800) in payment for the data, which they claimed to have copied.
Security researcher Bob Diachenko worked with security firm Comparitech to discover the database, which was left completely exposed online. However, hackers had already got there. It was only left online for four days without password protection before attackers found the account.
North Korean Hackers Amass $2bn Via Cyber-Attacks
8th August 2019 | Target: Banks | Reported Here
North Korea has turned to cybercrime to steal money and fund its nuclear program following global sanctions, a new report from the UN has claimed.
It seems as the punishments imposed by the UN Security Council on North Korea (DPRK) in 2006 to choke funding for the country’s nuclear program did little good, as a confidential UN report, states that North Korean state-sponsored hackers generated more than $2 billion through a myriad of illegal activities, with the proceedings going to the weapons of mass destruction fund.
Cybercrime Costs Global Economy $2.9m Per Minute
24th July 2019 | Target: World Economy | Reported Here
The report is based on an analysis of malicious activity on the internet using proprietary global intelligence and third-party research.
The analysis also reveals that every minute, top companies pay £20 because of security breaches, hacks on cryptocurrency exchanges cost £1,550, and phishing attacks cost £14,200.
Every minute, 2.4 phishing sites went live and seven malicious redirectors, 0.32 blacklisted apps, and 0.21 Magecart attacks were detected.
Looking ahead, the report predicts that ransomware will cost the global economy £17,817 a minute in 2019.
Lancaster University students’ data stolen in cyber-attack
23rd July 2019 | University: Lancaster | Reported Here
Lancaster University has confirmed that it was “subject to a sophisticated and malicious phishing attack” which resulted in breaches of student and applicant data.
This has led to undergraduate student applicant data records for 2019 and 2020 being accessed, including names, addresses, telephone numbers and email addresses. Lancaster confirmed in its statement that it was “aware that fraudulent invoices” were being sent to some undergraduate applicants and has warned applicants to be aware of any suspicious approaches.
Also breached was Lancaster’s student records system. “At the present time we know of a very small number of students who have had their record and ID documents accessed,” it confirmed.
Equifax to Pay $575m in Data Breach Settlement
22nd July 2019 | Company: Equifax | Reported Here
In a settlement between Equifax and the United States, the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB), Equifax will pay $575 million for damages related the to 2017 data breach, according to today’s press release.
The allegations against Equifax claimed that the company failed to take “reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people,” the release stated.
“In its complaint, the FTC alleges that Equifax failed to secure the massive amount of personal information stored on its network, leading to a breach that exposed millions of names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”
Iranian Hackers attack linkedin users with phishing campaigns
22nd July 2019 | Website : Linkedin | Reported Here
Iranian Hackers attack Iranian hackers have launched a new malware attack. The cyber attack is initiated from social networking site, LinkedIn, and begins with an invitation to connect online. When the recipient accepts the LinkedIn connection, the hacker then attempts to trick the user into downloading malicious files. The malware attack was discovered in June by cyber security research firm FireEye. The cyber attack is being carried out by Advanced Persistent Threat Group APT34 which is an Iranian state sponsored hacking organization.
‘Wizard’ cybersecurity expert charged with record hack of Bulgarian tax agency
17th July 2019 | Target : Governments agency | Reported Here
A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.
Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria’s capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor’s office.
TrickBot malware may have hacked 250 million email accounts
13th July 2019 | Target : Governments | Reported Here
Malicious actors behind the information-stealing malware TrickBot have added a new module that has helped them illicitly gather a database of 250 million legitimate email addresses.
Millions of these harvested addresses are linked to government agencies and employees in the U.S., according to Deep Instinct, whose researchers uncovered the new module and the giant database. In all likelihood, these addresses were collected for the purpose of targeting them in future TrickBot operations, explains a July 12 blog post by Deep Instinct malware and cyber intelligence expert Shaul Vilkomir-Preisman, who was assisted by fellow researcher Tom Nipravski.
Hackers Steal $32M Of Crypto From Japanese Exchange
12th July 2019 | Country: Japan | Reported Here
A cryptocurrency exchange in Japan has admitted that it was hacked and lost 3.5 billion yen ($32 million) of digital currency, according to reports.
The company, based in Tokyo, is called Remixpoint, and it runs an exchange called BITPoint. The company also has used car, travel and energy businesses. The company apologized for the hack on Friday (July 12), saying that the losses were confirmed a day before.
The complete picture of the hack and theft is under investigation, and the theft included Bitcoin, Ethereum, Ripple and other well known digital currencies.
Two-thirds of the losses affected customers of the exchange, the company said, and the rest belonged to the company. Transactions have been stopped in the meantime.
Hackers Demand $2 Million From Monroe
11th July 2019 | Target: Monroe College | Reported Here
A ransomware attack at New York City’s Monroe College has shutdown the college’s computer systems at campuses located in Manhattan, New Rochelle and St. Lucia.
According to the Daily News, Monroe College was hacked on Wednesday at 6:45 AM and ransomware was installed throughout the college’s network. It is not known at this time what ransomware was installed on the system, but it is likely to be Ryuk, IEncrypt, or Sodinokibi, which are known to target enterprise networks.
Reports indicate that the attackers are asking for 170 bitcoins or approximately $2 million dollars in order to decrypt the entire college’s network. The college has not indicated at this time whether they will be paying the ransom or restoring from backups while gradually bringing their network back online.
NHS Faced 11m+ Attacks Over Past Three Years
10th July 2019 | Target: NHS | Reported Here
The National Health Service’s email systems were attacked more than 11 million times in the last three years, according to new information from NHS Digital.
That’s more than 12,000 attacks a day, 500 attacks an hour, more than eight attacks every minute, for three years straight.
The numbers come courtesy of a Freedom of Information request and describes exactly the pressure NHSmail infrastructure system is facing.
NHS Digital says the NHSmail system blocked 11,352,000 email attacks. The highest ranking attacks are IP or domain reputation attacks (more than six million), followed by spam (3.6 million). A total of 852,000 incidents were recorded as anti-virus.
Cyber-Attacks Cost Global Firms $45bn in 2018
10th July 2019 | Target: Local Goverment | Reported Here
An estimated two million cyber attacks in 2018 resulted in more than $45 billion in losses worldwide as local governments struggled to cope with ransomware and other malicious incidents.
The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, released its Cyber Incident & Breach Trends Report, which found the financial impact of ransomware rose by 60%, losses from business email compromise (BEC) doubled, and cryptojacking incidents more than tripled, all despite the fact that overall breaches and exposed records were down in 2018.
Marriott to face $123 million fine by UK authorities over data breach
9th July 2019 | Company: Marriott | Reported Here
U.S. hotel group Marriott has become the second firm to face a massive GDPR fine as the UK regulator continues on its rampage. The hotel group, which suffered a breach last year, could face a fine of over £99 million ($123 million). It shows the global impact of the regulation, which covers the personal data of EU citizens.
In a statement of the regulator’s intention to fine Marriott International, UK Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
Canonical GitHub account hacked
7th July 2019 | Company: Canonical LTD| Reported Here
Canonical Ltd, the company behind the popular Ubuntu Linux distribution, has had its software repositories on Github hacked by unknown attackers.
The hack appears to be limited to a defacement, with 11 new repos sequentially named CAN_GOT_HAXXD_1, `with no existing data being changed or deleted.
A Canonical spokesperson confirmed the attack to iTnews.
“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities.
Hacked forensic firm pays ransom after malware attack
5th July 2019 | Company: Eurofins Scientific | Reported Here
Aleading forensic science firm, which is used by the UK police to help investigate major crimes, has paid a ransom to criminals after being targeted in a cyber attack, it is understood.
Eurofins Scientific, which is based in Belgium but has laboratories all over the world, was hit by a ransomware attack last month, which affected the firm’s IT systems.
The National Crime Agency has been investigating the source of the attack, but sources claimed the company had already paid a ransom to recover its network.
Thousands Left Vulnerable in Nexus Repository
2nd July 2019 | Company: Sonatype | Reported Here
A recent breach in Nexus Repository left many companies and government agencies vulnerable, as thousands of private artifacts were left unprotected, according to a July 2 blog post from researchers Daniel Shapira and Ariel Zelivansky, with Twistlock Labs.
While this breach was swiftly rectified, Shapira and Zelivansky noted that this type of hack could have had catastrophic consequences and cannot be taken lightly.
A team of dedicated white hats identified these weaknesses within Nexus Repository. In a July 2 blog post, researchers wrote, “During my recent work I have discovered two security vulnerabilities in Nexus Repository that affect all users under default settings.
Ford, TD Bank Files Found Online in Cloud Data Exposure
28th June 2019 | Target : Ford | Reported Here
Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web.
The incident revealed passwords and network information about Attunity as well as emails and technology designs from some of its high-profile customers. Researchers at UpGuard Inc., a cybersecurity company, found more than a terabyte of data left unsecured by Attunity last month on Amazon Web Services cloud-computer servers, according to a report they published Thursday.
Yandex hacked, and likely by Western intelligence agency
27th June 2019 | Internet company : Yandex | Reported Here
Hackers working for Western intelligence agencies reportedly broke into Yandex, a Google competitor based in Russia, to search for technical information that shows how Yandex authenticates user accounts.
The hack occurred in 2018, according to Reuters, which sources the information from four people with knowledge of the event. The hackers used a malware called Regin, the same malware used for intelligence sharing
Regin is known to be used by the “Five Eyes,” an intelligence alliance made up of the United States, Britain, Australia, New Zealand and Canada. The countries are bound by an agreement to cooperate on intelligence.
Two Florida Cities Paid $1.1 Million to Ransomware Hackers
26th June 2019 | Target : Florida City | Reported Here
For the second time in a week, a Florida city has paid out a digital ransom to hackers in an effort to regain control over their crippled municipal computer systems.
Lake City Mayor Stephen Witt said his small city located in northern Florida agreed to pay hackers a $460,000 ransom in an effort to regain control over their email and other servers, which were shutdown by the attack two weeks ago.
“I would’ve never dreamed this could’ve happened, especially in a small town like this,” Witt told Action News Jax.
The ‘Ransomware’ attack on the Lake City computer systems locked city workers out of their email accounts and make it impossible for residents to make any city payments online. Hackers managed to infect the city’s systems after a city employee clicked an email link that allowed the malware be introduced into their system. Lake City’s town’s insurer was contacted by the hackers who negotiated the ransom payment of 42 bitcoins (or around $460,000). Officials decided the ransom was the quickest way for city employees to regain access to their email accounts.
Hackers Stole Data from NASA’s Robotics Lab
20th June 2019 | Target : NASA | Reported Here
NASA’s Jet Propulsion Laboratory (JPL) systems were reportedly hacked by a Raspberry Pi that helped hackers crack into the weak security and steal data.
As Engadget reports, investigators looking into a security breach found that an unauthorised Raspberry Pi was linked to the JPL network that was targeted by hackers in April 2018, allowing them to steal 500MB of data and also go deeper into JPL’s network.
Florida city pays $600,000 to hackers who seized its computer system
19th June 2019 | Target : Florida City | Reported Here
A city in Florida has decided to pay $600,000 to the hackers behind a ransomware attack that’s locked down the local government’s data.
On Monday, the city council of Riviera Beach voted unanimously to let the city’s insurer pay 65 bitcoins to the hackers. Why the council authorized the payment wasn’t discussed at the emergency hearing. But the city is hoping to recover municipal files the hackers encrypted during the ransomware attack.
New WSH RAT Malware Targets Bank Customers with Keyloggers
14th June 2019 | Target : Bank | Reported Here
According to a blog post by researchers at Cofense, the new strain ofmalware, named WSH Remote Access Tool (RAT) by its developer, is a variant of the VBS (Visual Basic Script) based Houdini Worm (H-Worm) first created in 2013.
City of Burlington falls for Phishing Scam
13th June 2019 | Location: Burlington | Reported Here
The city of Burlington says it has fallen victim to a $503,000 phishing scheme. City staff received a “complex phishing email,” requesting to change banking information for an “established city vendor,” the city said in a press release. About $503,000 was transferred to a falsified bank account for the vendor on May 16, the city said. After realizing the mistake on May 23, the city says it immediately notified their bank and Halton Regional Police. They also put in “additional internal controls” to make sure it doesn’t happen again.
Hackers Plant Phishing Links in Google Calendar
11th June 2019 | Website: Google Calendar | Reported Here
A sophisticated scam is targeting Gmail users through fraudulent, unsolicited Google Calendar notifications as well as through other Google services, including Photos and Forms, according to Kaspersky.
In these scams, criminals are exploiting Gmail calendar’s default feature that automatically adds calendar invitations and notifications.
Flipboard says hackers stole user details
29th May 2019 | Website: Flipboard | Reported Here
The news aggregation site, Flipboard, has disclosed that their databases had been hacked and unauthorized users have potentially downloaded the data contained within them. This data included the personal account information and digital tokens for some of their over 100 million users.
According to emails seen by BleepingComputer and a security incident notice published on their site, Flipboard stated that hackers gained access to some of their databases during two different time periods.The first time was between June 2nd, 2018 and March 23, 2019 and the second was between April 21st and 22nd, 2019.
It is not known if these were the same users accessing the databases at different periods or two separate data breaches.
Australian ‘unicorn’ Canva hacked
24th May 2019 | Website: Canva | Reported Here
Australian graphic-design-as-a-service company Canva has alerted its users to an attack that has seen “a number of our community’s usernames and email addresses … accessed.”
The attack was detected on Saturday, Australian time. The company’s letter to users also adds “The hackers also obtained passwords in their encrypted form (for technical people: all passwords were salted and hashed with bcrypt). This means that our user passwords remain unreadable by external parties.”
WhatsApp Hack – Hackers Installed Spyware By Placing A Phone Call
14th May 2019 | Software: WhatsApp | Reported Here
WhatsApp pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware. The chat app, owned by Facebook Inc., said it had discovered a vulnerability in early May that could enable attackers to insert and execute code on mobile devices.
Hackers Steal $40 Million Worth of Bitcoin From Binance Exchange
7th May 2019 | Website: Binance | Reported Here
Hackers have stolen $41m (£31m) worth of Bitcoin in a major crypto-currency heist.
The Binance exchange, which stores Bitcoin and other crypto-currencies for members, said hackers took 7,000 bitcoins in one go. Withdrawals have now been suspended on the platform.
“We beg for your understanding in this difficult situation,” Binance said.
However, the exchange said it would replace the lost cash with the help of its emergency insurance fund.
According to Binance, the attackers used a variety of techniques to break in. They deployed viruses and used phishing attacks to get security information.
Phishing Method Which Can Trick Google Chrome Users With Fake Address Bar
29th April 2019 | Application: Google Chrome | Reported Here
Why display the URL bar on a mobile device when you can give users more screen space by hiding it?
Google Chrome for Android does just that after a page has loaded, concealing information about the URL and expanding the screen space available to display content from the web page.
The feature is handy for users, but developer James Fisher is drawing attention to the possibility that phishing attackers can abuse it to catch users off guard when browsing.
The Nasty List Phishing Scam
15th April 2019 | Site: Instagram | Reported Here
A new phishing scam called the “The Nasty List” is sweeping through Instagram and is targeting victim’s login credentials.
- If a user falls victim, the hackers will utilize their accounts to further promote the phishing scam.
- The Nasty List scam is being spread through hacked accounts that send messages to their followers stating that they were spotted on a so-called “Nasty List”.
- These profile descriptions also include a link that supposedly allows you to see this Nasty List and why you are on it.
- To avoid falling for an Instagram phishing scam like the Nasty List, if you are at a page that does not belong to the instagram.com web site, never enter your login credentials.
- If you have been hacked by the “Nasty List” phishing scam and you still have access to your account, the first thing you should do is verify that your account is using the correct phone number and email address.
[above via Reddit post]
Wells Fargo Bank – Wellsfargo Online Customer Service
10th April 2019 | Site: Wells Fargo Bank | Reported Here
Here is another good example of a phishing email that is presently being circulated. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.
Fake cancerous nodes in CT scans
3th April 2019 | Target: Hospital | Reported Here
A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.
In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.
The altered images also managed to trick automated screening systems.
The team from Israel developed the malicious software to show how easy it is to get around security protections for diagnostic equipment.
The program was able to convincingly add fake malignant growths to images of lungs taken by MRI and CT scanning machines.
American Express – Important Security Message
20th March 2019 | Company: American Express | Reported Here
Microsoft’s Office 365 Threat Research uncovered an active American Express (Amex) email phishing campaign that emerged over the weekend. The Amex phishing campaign is especially dangerous as it prompts the recipient for their credit card numbers, account logins, as well as other common password reset questions.
Ransomware Attack Freezes Jackson County, GA Government Systems
9th March 2019 | Place: Jackson County | Reported Here
A little over a week ago government computer systems in Jackson County, Georgia were hit with one of the most sophisticated ransomware attacks attempted in the US. After a week with their entire computer and internet network down, they’ve decided to cough up $400,000 to regain control of their systems and to retrieve stolen files.
FTC Warns Users Against Online Dating Scams!
13th February 2019 | Application: Tinder | Reported Here
A new notice released Tuesday by the Federal Trade Commission highlights a surge in ‘romance scams,’ or scenarios where scammers trick love-lusting internet users into sending them money, only to later disappear.
The scams cost victims an astonishing $143 million in 2018, up from $33 million the previous year and making it the most costly type of consumer fraud reported to the FTC.
Optus Email Scam
8th February 2019 | Site: Optus | Reported Here
Optus customers have complained of being caught up in a major security breach after they tried to login to their account and found themselves signed in as Vladimir.
Users say their screen kept refreshing on a loop and one person reported receiving an e-mail with a vastly inflated bill.
[above via news.com.au post]
5th February 2019 | Site: Google | Reported Here
This week, a security researcher at Akamai outlined a novel phishing approach that they recently encountered in their inbox that attempts to use Google translate links to mask disreputable links.
In January, the researcher received an email informing them that someone had attempted to access their Google account on an unrecognized Windows device.
[above via gizmodo.com post]
Tecnimont Pvt Ltd Attack
10th January 2019 | Site: tecnimont | Reported Here
Attackers forwarded emails to the leader of Tecnimont Private Limited in India which is an Indian subsidiary of the multinational group Tecnimont.
In the emails, the hackers impersonated global C.E.O P. Folgiero and succeeded in convincing the Indian head that a money transfer from Italy was unable to be carried out because of problems with the regulator. They impersonators gave further instructions to make separate transfers to another bank account in Hong Kong.
The money was subsequently transferred from India to the Hong Kong account and withdrawn within moments of the transfer. 18.6 million dollars was lost from the Indian arm of the company due to this simple oversight.
Highly Sophisticated Apple Vishing Scam Detected
8th January 2019 | Company: Apple | Reported Here
A sophisticated Apple vishing scam has been uncovered. In contrast to most phishing attempts that use email, this scam used voice calls (vishing) with the calls appearing to have come from Apple.
The scam starts with an automated voice call to an iPhone that spoofs Apple Inc. The caller display shows that the call is from Apple Inc., increasing the likelihood that the call will be answered. The user is advised that there has been a security breach at Apple and userIDs have been compromised. Users are told they should stop using their iPhone until the problem has been resolved. They are asked to call back Apple support for further information and a different telephone number is provided for this purpose.
Netflix Phishing Attacks
26th December 2018 | Site: Netflix | Reported Here
A new bulletin issued by the Federal Trade Commission highlights a fresh wave of Netflix phishing scams that have been landing in email inboxes around the globe.
The scam itself is old. It’s a classic “update your payment information” request that includes a link to a fake Netflix login screen where gullible folks might enter their details, and it’s the kind of thing that we see pretty regularly in our spam filters and junk mail folders, but this particular scam is apparently widespread enough to have drawn the attention of the FTC.
As you can see, it’s a pretty standard phishing attempt that includes several links, but they won’t take you to Netflix’s official website. Instead you’ll be funneled to a fake Netflix front page where login details are harvested and sent back to the scammers.
[above via bgr.com post]
Office 365 Non-Delivery Email Phishing Attack
13th December 2018 | Platform: Office 365| Reported Here
A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentails.
This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages”. It then prompts you to click on the “Send Again” link in order to try sending the emails again. An example of this phishing email can be seen below.
If a recipient clicks on the Send Again link, they will be brought to a phishing site that impersonates the legitimate Office 365 login. The link will end with #[emailaddress], for example #@email@example.com, which will cause the email address to auto-populate
Quora Gets Hacked – 100 Million Users Data Stolen
4th December 2018 | Website: Quora | Reported Here
The World’s most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users.
Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.
Apple ID Phishing Attack
20th October 2018 | Site: Apple | Reported Here
A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account for $30 USD and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.
Czech Republic SMiShing Attack
26th January 2017 | Location: Czech | Reported Here
Reports stated that attackers sent smishing text alerts and the SMS sent seemed to be from the Postal Service of the Czech Republic.
Recipients were lead to click on a link which opened up a website designed to look like the official site of the Czech Postal Service which eventually led victims to download malware in the form of an app which contained a Trojan Horse virus.
Sophisticated social engineering tactics which are the hallmark of phishing were employed by the attackers in convincing them to download an app from a non-trusted site.
From this moment onwards, whenever the victim opened an app, a request that they enter their card details along with other sensitive information would pop up. Such data would be forwarded on to the hacker who would use it to syphon money. The malware could read SMS which enabled the hacker to bypass enhanced security measures like two-factor authentication needed for financial transactions.
Amazon Locky Ransomware Attack
25th May 2017 | Site: Amazon | Reported Here
Comodo Threat Research Labs states that this massive phishing attack began on May 17, 2016, when cybercriminals sent around a hundred million spam messages to customers around the world. The attack lasted for 12 hours and succeeded in causing tremendous damage to the company’s reputation and the finances of several of its customers.
Phishers sent emails to customers of Amazon with a subject line “Your Amazon.com Order Has Dispatched (#code)” with the sender address as “firstname.lastname@example.org”.
These emails had a word document attached to them which contained image macros. As customers enabled image macros by clicking on the document, a type of virus called ransomware made its way into their computer systems and encrypted all their files. It then threatened the victims with deletion of their files unless the ransom was paid.
Locky’s septicity rate for this attack was estimated to be at 30 devices per minute which is devastating by itself.
The Walter Stephan Case
25th May 2016 | Company: FACC | Reported Here
Cybercriminals faked the email of the CEO of FACC, Walter Stephan and ordered the employees of his company to hand over vast sums of money to a shady bank account by telling them that it was part of a fictional acquisition project. The attack caused losses to the tune or 47 million dollars to the company. Mr Walter Stephan was then found to be guilty of not carrying out his duties by the supervisory board of the company and had to lose his job.
Ubiquiti Networks CEO Fraud
7th August 2015 | Company: Ubiquiti | Reported Here
Ubiquiti is a well-known American technology company and was the unfortunate victim of phishing attacks in June 2015. The attackers were well-prepared and forwarded fraudulent emails requesting wire transfers to the employees of the company.
The unsuspecting employees went on to approve these transactions leading to huge losses of around 40 million dollars for the firm. The firm ended up being able to recover a measly $8.1 million, but the rest of the money ended up in the attacker’s hands.
The RSA Attack
26th August 2011 | Company: RSA | Reported Here
The most significant cybercrime case of 2011 was the hacking of the leading security firm RSA by attackers who managed to break into its decidedly secure networks.
The firm sells security solutions to over 40 million businesses and is considered to be one of the world’s leading computer-security companies.
This makes the fact that its employees fell victim to an email phishing attack titled “2011 Recruitment Plan” all the more ironic. It shows us that we can never be too careful when it comes to cybersecurity and even the very best can fall victim to it if not adequately prepared. The Phishing email led employees to download malware via Adobe Flash, which used FTP to transfer several secured RAR files from RSA’s dedicated server to an external host. These files were then removed from the external host, and no traces were left.
Anthem Server’s Attack
9th February 2015 | Company: Anthem | Reported Here
At around the same time, Ubiquiti was compromised by attackers, and the most massive healthcare breach ever recorded occurred when servers of Anthem was attacked by hackers who succeeded in tricking five employees of the company into opening a phishing mail. This action caused them to download a keystroke-logging malware which in turn led to more than 80 million medical records and files belonging to the Blue Cross and Blue Shield Authority being seized.
These records had immense worth and eclipsed the financial data that might have been compromised. The information which was stolen included names, medical Identification cards, the all-important Social security numbers, addresses, e-mails and financial information such as data on income and employment. Such data can easily be used to impersonate identities.
Operation Phish Phry
10th July 2009 | Operation : Phish Phry | Reported Here
Aside from the funny name, Operation Phish Phry was a serious cybercrime investigation which was conducted as a joint operation between the American FBI and Egyptian authorities. The case is historically significant as having had the largest number of defendants on record in the world of cybercrime.
These attackers had illicitly stolen nearly USD 1.5 Million from thousands of victims and transferred their ill-gotten gains to various phoney accounts around the world. These criminals were part of one of the world’s largest nexus of organized crime online dedicated solely to email phishing attacks.