PhishProtection.com “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout
An Updated Feed of All Significant Phishing Attacks
This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.
Rights Group: APP Bank Fraud Cost Consumers £1bn
18th March 2020 | Target: Right Group | Reported Here
Financial institutions could have prevented hundreds of millions of pounds worth of fraud over the past three years by implementing a simple payee-checking service online, a consumer rights group has claimed.
Which? estimates that £1.1 billion has been lost to bank transfer fraud since 2017. In these cases, a scammer posing as a trusted entity tricks the victim to transfer money to a bank account under their control — known as “authorized push payment” (APP) fraud.
Ryuk Ransomware Takes Out Durham, North Carolina
8th March 2020 | Target: Durham, North Carolina | Reported Here
The city of Durham, North Carolina temporarily disabled its phone system last weekend after suffering a Ryuk ransomware attack.
The city of Durham and Durham County published a joint statement on March 8 in which they revealed that a malware attack had affected their IT services. According to the statement, the government bodies first learned of the security incident on March 6. Both entities relied on their notification systems to alert IT teams of the attack.
266,000 Passwords Stolen in Trident Crypto Fund Data Breach
6th March 2020 | Target: Trident Crypto Fund | Reported Here
In a major privacy breach, the usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.
Technical director of cybersecurity firm DeviceLock Ashot Oganesyan told Russian news outlet IZ the database — which contains email addresses, cellphone numbers, encrypted passwords and IP addresses — had been uploaded to various file sharing websites on February 20.
UK ICO Fines Cathay Pacific with £500,000 for 2018 Data Breach
4th March 2020 | Target: Cathay Pacific | Reported Here
The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.
Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.
Ransomware Attack: Georgia City Pays $380K Ransom to Hackers
2nd March 2020 | Target: Cartersville, Georgia | Reported Here
Almost one year after a ransomware attack struck the city of Cartersville, Ga., municipal officials revealed that they paid a ransom of $380,000 to regain access to their files.
The news was made known after the local Daily Tribune News filed a Freedom of Information Act request, which disclosed the payment to mitigate the May 4, 2019 attack. The Daily Tribune found that the initial ransom demand was for $2.8 million, payable in bitcoin, and that the city’s insurance paid the majority of the cost.
Desjardins Group Breach Cost $38m Higher Than Expected
27th February 2020 | Target: Desjardins Group | Reported Here
Last year, the Quebec based financial institution Desjardins Group suffered from a data breach carried out intentionally by a malicious employee who had access to baking details. As a result of this individual’s actions, the data of 4.2 million Desjardins customers was exposed and 1.8 million credit cardholders who were not Desjardins members were affected as well. Original reparation estimates were around $70 million, but earlier this week the company has stated that the breach is likely to cost them roughly $108 million.
Shark Tank Star Corcoran Loses $400K in Email Scam
26th February 2020 | Target: Barbara Corcoran | Reported Here
“Shark Tank” judge Barbara Corcoran lost nearly $400,000 in an elaborate email scam that tricked her staff.
Corcoran said someone acting as her assistant sent an invoice to her bookkeeper earlier this week for a renovation payment. She told People that she had “no reason to be suspicious” about the email because she invests in real estate, so the bookkeeper wired $388,700 to the email address.
Ransomware-hit US gas pipeline shut for two days
18th February 2020 | Target: US Natural Gas Pipeline | Reported Here
A ransomware attack on a US natural gas facility meant a pipeline had to be shut down for two days, the US Department of Homeland Security (DHS) has said.
However, it did not name the facility or say when the attack happened.
A malicious link sent to staff at the facility eventually caused the shutdown “of the entire pipeline asset”.
Official: Puerto Rico Govt Loses $2.6M in Phishing Scam
12th February 2020 | Target: Puerto Rico | Reported Here
Puerto Rico (AP) — Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official.
The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.
A tail of two ransomware attacks
7th February 2020 | Target: Two schools | Reported Here
Two schools, two ransomware attack and two different outcomes.
The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.
Altsbit Claims it has Been Hacked
7th February 2020 | Target: Altsbit | Reported Here
Cyber-criminals have stolen “almost all funds” entrusted to crypto exchange platform Altsbit.
The Italian exchange announced it had become the target of a devastating hack yesterday on Twitter. According to their posts, criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) “coins” with a combined value of $27,000.
Funds kept in cold storage—crypto coins whose private keys are stored on devices that exist in an offline environment—were not swiped in the cyber-heist.
Canadian insurance company lost nearly US$1M in ransomware attack
30th January 2020 | Target: Insurance Company | Reported Here
Canadian insurance company lost nearly US$1M in ransomware attack
Computers at a Canadian insurance company were disabled for more than one week due to a ransomware attack that resulted in a payout of nearly US$1 million.
Canadian Teen Charged for $50 Million Cryptocurrency Theft
17th January 2020 | Target: Cryptocurrency | Reported Here
An eighteen-year-old from Montreal is facing four criminal charges connected to a $50 million SIM-swapping scam targeting cryptocurrency holders, Infosecurity Magazine reported on Jan. 17.
The hacker, Samy Bensaci, is accused by Canadian authorities of being part of a ring that stole millions of dollars in cryptocurrency from American and Canadian holders. The theft is said to have occurred in spring of 2018, with Québec police representative Hugo Fournier saying that the hackers were responsible for the theft of “$50 million from our neighbors to the south and $300,000 in Canada.”
New Orleans Mayor: Ransomware Attack Cost City $7 Million
16th January 2020 | Target: New Orleans | Reported Here
A ransomware attack on New Orleans has racked up at least $7 million in financial damage to The City That Care Forgot, its mayor said.
New Orleans was able to get back $3 million through a cyber insurance policy, the mayor told WVUE, which also cited Chief Administrative Officer Gilbert Montano as saying the city has an IT backlog in the wake of the December attack.
Texas school district lost $2.3 million in a phishing email scam
12th January 2020 | Target: Manor School | Reported Here
The Manor Independent School District fell victim to an apparent phishing scam to the tune of $2.3 million.
Officials for the Texas school system did not release many details other than to say in a January 10 statement posted on Facebook that the incident was caused by a phishing email and that the local police and FBI are currently working the case.
The Manor Police Department told CNN the scam included three separate fraudulent transactions that took place in November.
Albany airport pays ransom after hit by cyber hackers
10th January 2020 | Target: Albany Airport | Reported Here
Albany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day.
Airline, air traffic control and Transportation Security Administration computers all were not affected, so safety and security were never at risk, the Albany County Airport Authority said in a news release issued Friday.
UK Banks Foiled by Travelex Ransomware Attack
8th January 2020 | Target: Travelex | Reported Here
The New Year’s Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers.
Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a “software virus” on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.
UK Banks Foiled by Travelex Ransomware Attack
7th January 2020 | Target: Google | Reported Here
The incidents in question had exposed the data of over 10 million users.
The proposed settlement fund will be diverted to pay class claimants and attorney’s fees and costs.
Google has agreed to pay $7.5 million to settle class-action lawsuits filed against the company over Google+ data breach incidents. The incidents in question had exposed the data of over 10 million users.
‘Serious cyber-attack’ on Austria’s foreign ministry
5th January 2020 | Target: Austrian Foreign Ministry | Reported Here
The Austrian Foreign Ministry sounded the alarm bells of an ongoing “serious cyber-attack” that started in the late hours of Saturday January 4, 2019. Considering the signatures and the pattern of the attack, experts suggest this cyber-attack could possibly be carried out by a state sponsored threat actor. The attack, which began on Saturday night, was continuing and, “as per experts it could last several days,” a foreign ministry spokesman added.
Six Customers Affected by Ransomware Attack on CyrusOne
5th December 2020 | Target: CyrusOne | Reported Here
Six New York-area managed service customers of data center provider giant CyrusOne have been affected by a ransomware attack.
These managed service clients have experienced availability issues due to a ransomware program encrypting certain devices in their network, a spokesperson for Dallas-based CyrusOne said in a statement. The company said it’s currently working with law enforcement and forensics firms to investigate the attack, as well as with the involved customers to restore their affected systems.