Search This Blog

Showing posts with label Phishing Attacks. Show all posts

Security Experts warn about threats before Black Friday


Experts of the antivirus company Kaspersky Lab reported that in the discount season, also known as Black Friday, the number of threats from cyber fraudsters has grown significantly.

"According to Kaspersky Lab, the number of phishing threats related to Black Friday has increased significantly over the past two weeks. On the eve of big sales and the upcoming holiday shopping season, cybercriminals are increasingly trying to attack users who prefer to shop online," said the antivirus company.

So, in the period from 18 to 24 November, the company recorded almost twice as many fraudulent resources, compared to the previous week.

The number of phishing attacks on online stores has also increased.“This growth is especially noticeable in Russia: if approximately every 20th phishing attack was sent to the e-commerce section in Runet two weeks ago, last week phishers tried to attack Russian online stores in every 11th case,” concluded company.

As Kaspersky Lab content analyst Tatyana Sidorina noted, an increase in the percentage of phishing attacks is also expected in the upcoming New Year's sales. In addition, there are about 12% more such attacks in the fourth quarter than at other times of the year.

It is interesting to note that earlier, Roskomnadzor warned about the appearance on the eve of Black Friday fraudulent sites that illegally collect personal data under the guise of sales.

"Roskomnadzor experts note that the main purpose of collecting such data (name, phone number, email address, bank details, etc.) is to use them later as spammer databases and to steal bank card data,” stated the regulator.

To avoid identity theft, Roskomnadzor recommends checking the originality of the domain of the online store and checking the presence of an SSL certificate. If the site address begins with http://, and not with https://, this is a reason to doubt the originality of the page.

Phishing attacks against Hedge Funds and Financial Firms




The International hedge funds have become a victim of a new phishing campaign called "Beyond the Grave" that alter data confidentiality of the funds.

A member of the attacking group has posted a statement on  BleepingComputer with a title of "Beyond The Grave Virus infecting Hedge Funds". It is not clear whether the attack was purposely done to take the financial advantage or to cause market instability for political reasons.

"A large number of U.S. and international hedge funds were targeted. We know that the following companies have already been infected by the virus: Elliot Advisors, Capital Fund Management, AQR, Citadel, Baupost Group, Marshall Wace," the statement said.

The attackers included a sample of the phishing campaign email as proof. It contains an open window that the hijackers wanted to show the executable command in the phishing kit.

The phishing emails used in the attack looked perfectly legitimate coming from a financial research company named Aksia and it pretended to be for research purpose related to ESMA (European Securities and Markets Authority) halting short selling during Brexit.


The emails "contain links to the alleged research located at the www.aksia.co site, which attempts to impersonate the real Aksia.com site."

A Marshall Wace spokesman stated: "We are aware that Marshall Wace, alongside other asset managers, was recently targeted by a phishing campaign, but the potential intrusion was picked up by our cybersecurity systems and we are confident there was no breach of our environment. We remain vigilant."

Microsoft, Netflix and PayPal Emerge As the Top Targets for Phishing Attacks



Email security provider Vade Secure released another phishing report following the 25 most 'spoofed' brands in North America that are imitated in phishing attacks. Amongst them the top three are Microsoft, Netflix and PayPal.

Out of all the 86 brands that were tracked, 96% of them all were done so by the company as per their Q3 2018 report.

Bank of America and Wells Fargo are not so far behind Microsoft and the other top 2 targets in this case as there has been an increase in these phishing attacks by approximately 20.4% as reported by Vade Secure. As the attackers attempt to access Office 365, One Drive, and Azure credentials their focus has been towards cloud based services as well as financial companies.



Vade Secure's report states - "The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials. With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, One Drive, Skype, Excel, CRM, etc. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization."

The attackers, through a feeling of urgency endeavor to show that the recipient's account has been suspended or so thus inciting them to login in order to determine the issue, this happens in the case of Office 365 phishing emails. By doing this though they expect for the victims to be less wary when entering their credentials.

Exceptionally compelling is that attackers have a tendency to pursue a pattern with respect to what days they send the most volume of phishing mails. As per the report, most business related attacks tend to happen amid the week with Tuesday and Thursday being the most popular days. For Netflix though, the most focused on days are Sunday because that is the time when users' are taking a backseat and indulge in some quality television.

As these attacks become more targeted Vade Secure’s report further states – "What should be more concerning to security professionals is that phishing attacks are becoming more targeted. When we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools."

For the users' however , it is advised to dependably examine a site before entering any login details and if there are any occurrences of the URL seeming abnormal or even something as minor as a language blunders then they should report the issue directly to either the administrator or the company itself.