Search This Blog

Showing posts with label Phishing Attack. Show all posts

Cyber Criminals Stealing Customer Data By Tricking Bank Employees


Kaspersky Lab experts described a recently discovered method of corporate phishing. Attackers send an employee or organization email inviting them to pass an assessment of knowledge and skills on the fake HR portal. To do this, the victim is asked to log in to the site using a working username and password. The potential victim has the impression that it is a mandatory procedure, for the successful passage of which he will receive a monetary reward.

According to the senior content analyst of Kaspersky Lab Tatyana Shcherbakova, in this way, fraudsters get access to corporate mail, which may contain personal data of customers.

Employees of large banks are regularly trained, tested and certified, so they can take a fake invitation for a real one. For this reason, the new phishing method threatens to take on a massive scale.

According to analyst Anton Bykov, at the moment several thousand corporate accounts could already be hacked.

Sergey Terekhov, director of the Technoserv information security competence center, noted that in this case, the employees of the credit departments of banks, in whose mailbox client profiles are stored, are in the risk zone.

At the same time, Denis Kamzeev, head of the information security department of Raiffeisenbank, stressed that all emails in the financial institution are checked through anti-spam and anti-virus and blocked in case of suspicion.

VTB, in turn, said that they delimit access to customer information for employees and keep records of employees who have access to confidential information.

Arseniy Shcheltsin, CEO of Digital Platforms, noted that this type of social engineering is tied directly to a person, not to technology. "Therefore, regardless of security systems, a person can always give a login and password from the mail to attackers."

Income Tax Dept alerts taxpayers of phishing mails by fraudsters




The Income Tax department of India has alerted the taxpayers about a phishing email asking them to verify their tax return even though they have e-verified it.

A taxpayer Anika Gupta, received an email from a suspicious email ID, asking her to e-verify her return, while she had already e-verified her ITR through OTP generated by the Aadhaar card.

The email claiming to be from the Income Tax (I-T) Department, it read, “Hello anxxxxx@xxail.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”

The mail contains three malicious links with the texts ‘read more’, ‘see here’, ‘pending’ and ‘click here’.

Soon after receiving the mail, Gupta alerted the matter to the grievance section of the I-T Department.

The I-T Department alerted the taxpayers by saying, “Income Tax Department never asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account-related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”

The I-T department also requests the user to carefully “Check the domain name. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”

The Department further said, “In case if you have received such phishing / suspicious mail – do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”

Beware of new phishing scam that’s attacking Google Calendar

No matter which corner of the internet you visit, you'll find scammers trying to take advantage of you. You may already know to be skeptical of emails, Facebook posts, and dating profiles that seem too good to be true. And some times they even try to take control of our data - primarily the financial data - using the alleged calls from customer care executives. Quite frankly, no one is immune to receiving such unsolicited messages or emails. But thanks to their popularity, everyone knows the drill to safeguard themselves. Just don't click on suspicious emails or links and don't reveal your financial information to anyone and you are good to go. You know this. I know this and even scammers know this. And so now, reports are that there's a new type of security threat that targets your Google Calendar.

Scammers are using Google Calendar and other calendar apps to target innocent users in a new type of phishing scam, according to a global security firm.

Findings from the threat intelligence firm Kaspersky show there's been a recent wave of scam artists using hyperlink-embedded events to gain access to people's sensitive information. They start by spamming Google Calendar users with seemingly benign calendar invites. Anyone can accept the invitations, but the real targets are users with the default setting that automatically adds every event they're invited to to their Google Calendar. Once it's been added, Google sends notifications related to the event, making it seem more trustworthy.

The scam is thought to have happened throughout May this year.

The fake invitations contained a malicious website link that encouraged users to input their personal details, often in the form of a simple questionnaire that promised the chance to win money or other prizes if completed.

Kaspersky researchers say that users can safeguard themselves by turning off the automatic adding of invites to your Google Calendar app.

Security Bug Discovered in Google's Titan Security keys, Provides Free Replacement




A security bug in Google’s Titan Security Key which can potentially allow fraudsters located nearby to bypass the security provided by the key. While the company provided a replacement key for free to all the already existing users, it blamed a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” for the security bug.
Although the defected keys are reported to be still protecting against phishing attacks, the company decided to provide a replacement key regardless. The affected keys include all those which are sold in packages priced a $50; it also includes a usual NFC/USB key.
In order to exploit the security bug, the fraudsters need to in a Bluetooth range of around 30 feet, he is supposed to act promptly as the victim activates the key by pressing the button, then the fraudsters can employ falsely configured protocol to intercept your device’s connection to the key and connect theirs instead. Then given, they would be having access to your username and password, they would be able to log in to the victim’s account.
Google has given students to ensure that the bug does not intercept the security key’s ultimate purpose that is to provide security against phishing attacks; Google also urged the users worldwide to keep utilizing the keys until a replacement is provided.
In an announcement, the company said, “It is much safer to use the affected key instead of no key at all. Security keys are the strongest protection against phishing currently available,”
Around the time when Google launched its Titan keys, Stina Ehrensvärd, Yubico founder, wrote, “While Yubico previously initiated the development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability,”



Hackers Now Tricking Users with Fake Address Bars on Chrome



Hackers now take the aid of another and a rather refined phishing attack on Android Chrome only so to shroud the original address bar's screen space by showing its very own fake URL bar when the user scrolls down the site's page.

The fake address bar that relates with the phishing website page posed with real webpage URL by intercepting the original chrome bar. Typically, when users scroll down the site's page, the browser shrouds the URL bar and the page covers overlaps on it in light of the fact that the page is accessible to by means of a "trustworthy browser UI".

Here, the phishing site manhandles this procedure by displaying its very own fake URL bar that acted like an authentic one and trapped users to give away their own personal information.
Security researcher James Fisher exhibited this phishing attack by facilitating his own domain (jameshfisher.com), as he exploited the blemish in chrome browser for mobile.

Fisher used the HSBC domain (www.hsbc.com) as a fake URL bar to proceed with the said demonstration  and by utilizing a similar way the attackers resort to when they utilize any legitimate site, intercept the URL bar and steal the information.

Specialist call it as "scroll jail", when this attack gets even worse for wear, for the most part when the users look up the site page however again reach the first URL bar, here the attackers trap the users to never return on the original URL bar.

According to Fisher, the attack resembles in a dream in inception, the user believes that they're in their own browser, yet they're actually in a browser inside their browser.

 “Is this a serious security flaw? Well, even I, as the creator of the inception bar, found myself accidentally using it! So I can imagine this technique fooling users who are less aware of it, and who are less technically literate. The only time the user has the opportunity to verify the true URL is on page load, before scrolling the page. After that, there’s not much escape”, says Fisher, who is also of the believe that it might be a security flaw in Chrome browser causing the commotion.

Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame




Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 


This breach was the result of one of the two security incidents that the institution had to face.



There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.


The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.


Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.


During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.


As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.


Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.


Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.


The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.


As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.


 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.


It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.

‘Aaron Smith’ Sextortion Scam Appears To Leverage On The Necurs Botnet Infrastructure




Sextortion scam campaigns that seem to leverage on the Necurs botnet infrastructure have been as of late revealed by security specialists from Cisco Talos. The specialists investigated the two campaigns, and named them 'Aaron Smith' sextortion scams after the 'From: header' of the messages.

In October the specialists the Cybaze ZLab detected a scam campaign that was focusing on a few of its Italian clients, crooks used credentials in Break Compilation Archive.

These law breakers utilize email addresses and cracked passwords acquired through phishing attacks and information breaches to convey the scam messages to potential unfortunate victims putting on a show to be in control of videos and indicating them while viewing these explicit videos and the scammer in turns requesting an installment in cryptocurrency for not sharing the video.

The Aaron Smith campaigns conveyed an aggregate of 233,236 sextortion messages from 137,606 unique IP addresses as revealed by the Cisco Talos.





 “Talos extracted all messages from these two sextortion campaigns that were received by SpamCop from Aug. 30, 2018 through Oct. 26, 2018 — 58 days’ worth of spam.” reads the analysis published by Talos.
Every message sent as a part of these two sextortion campaigns contains a From: header matching one of the following two regular expressions:
From =~ /Aaron\d{3}Smith@yahoo\.jp/
From =~ /Aaron@Smith\d{3}\.edu/ “

In total, SpamCop received 233,236 sextortion emails related to these “Aaron Smith” sextortion campaigns. The messages were transmitted from 137,606 unique IP addresses. The vast majority of the sending IP addresses, 120,659 senders IPs (87.7 per cent), sent two or fewer messages as a part of this campaign. “

As indicated by them, every sextortion spam message incorporates an installment request that arbitrarily differs from $1,000 up to $7,000 and the quantity of distinct email addresses targeted in the campaigns was 15,826, every beneficiary accepting by and large a 15 sextortion messages. In one case, a beneficiary alone got 354 messages.

Researchers found that around 1,000 sending IP addresses utilized in the Aaron Smith campaigns were additionally engaged with another sextortion campaign dissected by the experts from IBM X-Force in September and that ultimately leveraged the Necurs botnet as well.

Some of the top nations sending sextortion messages incorporate Vietnam (15.9 per cent), Russia (15.7 per cent), India (8.5 per cent), Indonesia (4.9 per cent) and Kazakhstan (4.7 per cent).

Most Common Types of Cyberattacks as Seen Today





As cyber-attacks are on a continuous rise they have resulted in being one of the major threats to the world. Since 2008 there has never been much concern given about the imminent threat of cyber-attacks but the steady and rapid evolution of time and technology has changed it. It is a major wake up call to the various existing companies and organisation to secure themselves as well as their customers to not fall victim to such attacks.

Therefore in order to comprehend different ways through which an attacker might resort to for hacking into an organisation, here’s an overview of some of the most common types of attacks seen today:
  • MALWARE

Alluding to the different types of harmful software, for example, viruses and ransomware. Once the malware enters the computer system it is more than capable of causing quite havoc. From taking control of the PC to observing your activities, to quietly sending a wide range of classified information from your PC or system to the attacker's home base.

Attackers will utilize a miscellany of techniques to get the malware into your PC; however at some stage it regularly requires the user to make a move to install the malware. This can incorporate clicking a link to download a document, or opening an attachment that may look safe but in reality it has a malware installer hidden inside.
  •   PHISHING

At the point when an attacker needs the user to install the malware or unveil any sensitive data, they frequently resort to phishing attacks, an attacker may send you an email that will appear to be rather legitimate, it will contain an attachment to open or a link to click. When you do so it'll thereby install malware in your computer. There is likewise a probability that the link will connect you to a website that appears quite legitimate and requests you to sign in, in order to access a critical document—with the exception of the website actually being a trap used to capture your credentials when you attempt to sign in.
  •  CROSS-SITE SCRIPTING

When the attacker specifically focuses on a specific site's users it settles on Cross-Site Scripting attack. The attack includes infusing malignant code into a site; however for this situation the site itself isn't being attacked. Rather, the pernicious code the assailant has infused just keeps running in the user's program when they visit the infected site, and it pursues the user directly and not the site.

Cross-webpage scripting attacks can altogether harm a website's notoriety by setting the users' data in danger without any sign that anything pernicious even happened. Any sensitive data a user sends to the website, for example, their qualifications, credit card information, or other private information—can be captured by means of cross-site scripting without the site owners acknowledging there was even an issue in the first place.

  • CREDENTIAL REUSE

When it comes to credentials, variety is always essential. Users today however have so many logins and passwords to remember from that it's very tempting to reuse some of them to make life somewhat less demanding. Now despite the fact that it is suggested that you have interesting passwords for every one of your applications and sites, numerous individuals still reuse their passwords which unfortunately is a fact that attackers heavily rely upon. Once these attackers have a compilation of these usernames and passwords from an already breached site, they then utilize these same credentials on different sites where there's a shot they'll have the chance to sign in.

This nonetheless, is only a small selection of some very common attack types and methods as likewise with the advancement in time and innovation, new techniques will be developed by attackers. The users however are advised to be aware of such attacks and fundamentally try at enhancing their available security.

Virginia Bank Loses $2.4 Million In A Digital Heist



A regional Virginia bank, the National Bank of Blacksburg, following a fruitful phishing attack that compromised the entire organization's interior networks has lost $2.4 million in a digital heist that affected the STAR ATM along with the debit network.

As per an April 2018 profit proclamation from the National Bankshares, the parent organization of the bank, National Bank's computer system experienced two digital interruptions, in the month of May in the year 2016 as well as in January of 2017.

In the two cases, the interlopers could infiltrate an inner workstation with a phishing exertion and a weaponized Microsoft Word document. From that point onwards, the attackers installed the malware, and pivoted to a machine on the network that had access to the bank's interface with the STAR network.

The hackers made withdrawals at several ATMs, recommending a profoundly organized exertion. National Bank employed Foregenix to examine the 2016 episode and Verizon to deal with the forensics for the 2017 break, as indicated by the claim. According to the reports, the two organizations followed the movement back to the IP addresses situated in Russia.

Leroy Terrelonge, director of intelligence and operations at Flashpoint, in an interview said that,
 “Actors who target banks are primarily financially motivated, they want a large return on their investment in gaining access to the bank and performing reconnaissance. When attackers are able to establish a presence on a network through deployment of malware or using stolen credentials, they can often remain in stealth for a period of weeks or months, and they use that time to observe the activity of normal users at the bank and perform reconnaissance of the systems, processes and procedures used. ”  

The bank is presently suing its insurance carrier for not covering the full extent of the damage. In the claim, it clarified that it had two sorts of coverage for the cyber issues: The Computer and Electronic Crime Rider, which covers a wide swath of odious action and misfortunes up to $8 million for every hack; and the Debit card Rider, which has a $500,000 cap for each incident.

With respect to the bank's inner endeavors at cyber security in the wake of the hacks, National Bankshares president and CEO Brad Denardo issued a short media explanation addressing the matter:

“I would like to reassure our shareholders and our customers that we take cyber security very seriously. We have taken the necessary steps to avoid cyber intrusions of the sort we experienced in 2016 and 2017, and we continually work to monitor and prevent future threats.”



Password Theft Becomes The New Goal For Hackers

Barracuda Networks a month ago hailed a "critical alert" when it discerned an attack that endeavoured to steal user's passwords. This risk baits victims with Microsoft 365 Office files asserting to be tax documents or other official reports; assailants utilize dire dialect to persuade people to open the attachment.

Files named "taxletter.doc" and phrases like ""We are apprising you upon the arisen tax arrears in the number of 2300CAD" are a major example of the strategy utilized by hackers. Users, when they download and open the malignant record are hit with the password stealer. At the point when the report opens, a macro inside launches PowerShell, which acts out of sight in the background while the victim views the document.

Fleming Shi, senior vice president of technology at Barracuda, comparing this threat with phishing attacks of the past, says "Today's documents are far more active … you're putting in a lot of content, media, links," he further added in this context "Bad guys are leveraging the dynamic, active manner of the documents today to weaponized their files."

Millions of individuals have known to be affected by these phishing emails as attackers figure out how to dodge detection by creating different emails. While Exchange server makes up an extensive segment of individuals affected the alternate sorts of email accounts are additionally focused with the malevolent records.

This password theft is expanding in general, an indication of attackers moving their objectives and procedures, Shi clarifies further. Ransomware was huge a year ago; but this year, password stealers are showing up in phishing emails, browser extensions, and different programs as hoodlums chase the login information.
The real reason however, concerning why usernames and passwords have been focused on is on the grounds that they are equipped for giving access to numerous frameworks and applications that a specific user is attached to and operates at a regular schedule.

"Some attackers try to be like a sleeper cell on your system," Shi notes. The subtle signs that slowly bring it to the users focus and lets them know that their system has now been compromised and that they’ve lost control over all their applications is the conventional slowing down of their systems and the sudden upsurge in the pop-ups displayed.

"Some attackers try to be like a sleeper cell on your system," Shi notes.

A month ago, the IRS Online Fraud Detection & Prevention Centre (OFDP) reported an ascent of compromised emails in the beginning of January 2017 as the IRS authorities are also prescribing alert in the midst of an expansion of tax related phishing emails.
Here and now the cybercriminals are going for mass information burglary, and it's a timely opportunity for assailants to exploit users' wariness of tax season and make their crusades more compelling. In this way, it is smarter to be mindful and watchful while opening any business related or official looking report got by means of mail or some other online medium on the grounds that around here, it's better to be as careful as possible.

Lazarus Hacking Group back with new hacking campaign targeting banks and bitcoin users

The North Korean Lazarus Hacking Group, which was believed to be behind the WannaCry ransomware attack last year, has returned with a new campaign targeting financial institutions and bitcoin users.

The new campaign, as discovered by the McAfee Advanced Threat Research (ATR) analysts and dubbed as “HaoBao”, was termed by McAfee as an “aggressive Bitcoin-stealing phishing campaign” that uses “sophisticated malware with long-term impact.”

It resumes Lazarus’ phishing emails, posed as job recruiters, from before but now targets global banks and bitcoin users.

It works by sending malicious documents as attachments to unsuspecting targets, who open the malicious document and unknowingly allow the malware to scan for Bitcoin activity, after which it establishes an implant for long-term data gathering on being successful.

According to the firm, McAfee ATR first discovered of the malware on January 15th, when they spotted a malicious document passed off as a job recruitment for a Business Development Executive at a multi-national bank based in Hong Kong.

More information can be found in a blog by McAfee regarding the campaign.

While the form of attack seems nothing new, the two-stage attack malware has surprised researchers.

“This campaign deploys a one-time data gathering implant that relies upon downloading a second stage to gain persistence,” said McAfee analyst Ryan Sherstobitoff. “The implants contain a hardcoded word ‘haobao’ that is used as a switch when executing from the Visual Basic macro.”

According to Sherstobitoff, the dropped implants have “never been seen before in the wild” and were not used in the last campaign either.

He believes that, because of a lack of solid regulations in respect to cryptocurrencies and the fact that sanctions against North Korea are difficult to enforce with digital currencies than with hard currency, such attacks will only grow — which could spell bad news for bitcoin users.

Aside from the link to the WannaCry attack, Lazarus is also believed to be linked to the Sony hack in 2014 and the attack on South Korean cryptocurrency exchanges last year.

Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

Cybercriminals abusing Microsoft Azure for phishing attacks


CyberCriminals usually host fake web pages on hacked websites, free web hosting, more recently they abused Google Docs.  These fake pages(phishing pages) trick unsuspecting users into handing over their personal and financial information.

Now, the cyber criminals have started to abuse the Microsoft's Azure cloud platform to host their fake websites.

Creating accounts on Azure is very easy and they are also offering a 30-day trial.  Once you are done with account creation, you can easily create your web pages using the main dashboard.

However, Registration process is not easy for criminals.  Because, it needs you to provide a valid phone number and credit card details.

MalwareBytes researchers says the attackers may have stolen the username and passwords from legitimate users that were already registered.

Netcraft has identified several phishing pages targeting users of Paypal, Apple, Visa, American express, Cielo hosted on Azure.

PhishTank records:
http://www.phishtank.com/phish_detail.php?phish_id=2428419
http://www.phishtank.com/phish_detail.php?phish_id=2391951
http://www.phishtank.com/phish_detail.php?phish_id=2342647
http://www.phishtank.com/phish_detail.php?phish_id=2174737

Australian Foreign Minister Julie Bishop Twitter account hacked


It's not usual tweet from Australian Foreign Minister Julie Bishop which suggest users to check out the post weight loss.

"LOL u gotta read this, its crazy [link]", " I'm laughing so hard right now at this[LINK]" these are one of the tweets posted from her account.

If you are regular user of E Hacking News, you would have already realized that this is nothing other than spam tweet.  However, most of people do not aware of that.

At first, i thought the link leads to simple weight loss spam website.  While analyzing few similar links, i found that some links are leading to a Twitter phishing page.

The JulieBishopMp account has more than 57k followers.  It means the phishing page has reached thousands of users.  We are not sure how many of them fall victim to these attack.

We already seeing plenty of similar fake tweets are being posted from several accounts(some accounts have more than 10k followers) which leads to the phishing pages.

Julie Bishop recovered and posted the following tweet:  "Yes my Twitter account has been hacked/compromised"

Beware of these new twitter phishing attack !  Share this post with your friends and make them aware about these kind of attacks. 

Microsoft confirms phishing attack compromised the employee's email account

Social Engineering attacks is one of the most successful attack method- Even the system which is claimed to be 100% secure can be hacked, if an attacker is able to manipulate one employee.

We recently covered a news about the recent Microsoft's twitter account hack in which Syrian hackers compromised the email accounts of Microsoft's employees through a phishing attack.

Microsoft has finally admitted that the Syrian Electronic Army has hacked into several Microsoft employee email accounts via phishing attack. 

"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted." Microsoft spokesperson said in an email sent to Geekwire.

Microsoft said that the compromised accounts have been recovered.  They also claimed that no customer info stolen in the attak. 

"We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."

Halifax Bank phishing email claims "3rd party Intrusion detected"


A phishing email targeting UK-based Halifax Bank users attempt to trick recipients into handing over their sensitive information.

The email informs the recipients that "3rd party intrusions" have been detected and their account has been limited for security reasons, according to Hoax-slayer.

To restore the account, it asks recipients to confirm their identify and verify that their account has not been used for fraud purposes, by filling an online validation form.

Once the victim opened the link provided in the email, it will take them to a fake Halifax Bank website where it will ask them to log in.  Then, it will ask victims to enter their personal information such as name, phone number, birth dates.

In next form, they will be asked to enter sensitive information such as Account Number, sort code, card number, expiration date and security code.

As usual in phishing scams, once the form is filled, the victim will be automatically redirected to the legitimate Halifax Bank website.

Victim fell prey to 'phishing' scam and lost £1 Million to fraudsters


This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.

The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.

Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi.  A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.

Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.

The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.

Phishing Scam alert: Samantha very hot scene from Telugu Movie

The recent report from Symantec shows that, even Cyber criminals became a fan of Telugu actresses Kajal agarwal and Samantha.  Cybercriminals started to use these actresses' name in their phishing campaign.

Few days after symantec spotted a phishing campaign with the title "Samantha & Kajal very hot song from Brindavanam Telugu movie", they spotted another phishing campaign that uses their name.

"the phishing site displayed a picture from a captivating musical number from the movie 'Saitan'." Symantec report reads. "The phishing site was titled, 'Samantha & Kajal Very Hot Song' but in fact, these celebrities were not a part of this movie. "


The phishing page requests the internauts who visit the page to log in for watching the video.  When a user give the login credentials, they will be redirected to the legitimate movie website.

" If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes." researcher says.

Browser Event Hijacking allows hacker to steal your password

Browser Event Hijacking

Be careful what you type on your web browser.  Hacker can hijack search command in browser and steal your password or any other sensitive data by social engineering attack.

The hacking method has been possible for years , but now two POCs has been published that demonstrate how an attacker can lure victims to give their password.

Browser Event Hijacking:

The hacker can hijack the browser event by using 'preventDefault' method on JavaScript, that cancels an operation while allowing all remaining handlers for the event to be executed. For Eg: if you press Ctrl+F , hackers can display their own search box instead of the browser search box.

The hack was initially posted here:
http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/

A simple code that hijacks the browser event and steal password :
$(window).keydown(function(evt){
                if((evt.which == "70" && (evt.metaKey || evt.ctrlKey))){
                        console.log("STRG+F");
                        evt.preventDefault();
                        /* display fake search */
                        $("#searchbox").slideDown(110);
                        $('#search').focus();



Then another researcher rebuild the POC with a fake list of leaked passwords. So someone just presses CTRL+F in his browser and types his password to look if it is leaked ,become victim.

The POC :
http://h43z.koding.com/blog/leaked.html

If you search for any keywords in the page, it will lure you to believe there is password with your search string.

Microsoft Cyber-Crime Department Phishing Scam

A spam mail purporting to be from the Microsoft Cyber-Crime Department claims that all email users around the world are required to validate their account by clicking a link in the message or risk having their email address deleted from the world email server.

“As part of the security measures to secure all email users across the world, All email users are mandated to have their account details registered as requested by the Microsoft Cyber-crime Dept ( M C D ),” part of the email reads.

“You are here by required to validate your account within 24 hours so as not to have your email account suspended and deleted from the world email server. Kindly validate your email account to have your account registered, follow d link below: [Link],” it continues.

To make it more legitimate-looking, the logo of Microsoft’s Digital Crime Unit has been embedded into the notification.

When users click on the link, they’re taken to a bogus website that’s designed to collect sensitive information and send it back to the attackers, Hoax Slayer reports.