Phisher Attempts to Blackmail Marriott

Dark READING reports that a Hungarian man has pleaded guilty in a phishing scheme to blackmail  Marriott.  The plea was entered on Nov. 23, 2011. The man, Attila Nemeth, 26, used data he stole from Marriott in an effort to force them to hire him into the IT department.  Dark READING summarized the scam: The case puts a whole new spin on the targeted attack; rather than trying to cash in on the intelligence or use it for competitive purposes, the perpetrator used it as leverage. Nemeth's methods were similar to those of advanced persistent threat (APT) attackers: He got a [...]

2017-01-07T17:35:24-05:00November 29th, 2011|SP Guard, spear phishing|

Phishers Use Cyber Monday for Scams

Computerworld reports that cybercriminals are using phishing scams  to rip-off consumers during this holiday shopping season.  The bad guys are using spoofing legitimate messages from real companies in order to deceive consumers.  The criminals are sending fake shipping confirmations, fake Groupon and Living Social offers and fake social traffic.  A common scam is a fake email about problems with a transaction, such as a delivery problem, a canceled order or direct deposit.  Cloudmark has reproduced this example of a fake UPS email: Computerworld quotes Cloudmark engineering director Angela Knox about details of the UPS-based phishing  scam.  This phishing scam lures [...]

2017-01-07T17:35:25-05:00November 29th, 2011|Consumers and Email, Iconix Truemark Service, Phishing|

Xbox Live Phishing Scam — Microsoft Reimburses Ripped-off Users

The Guardian is reporting that Microsoft is giving refunds to Xbox Live subscribers who may have had their credit card information stolen in a phishing scam.   The Guardian describes the scam in its November 22, 2011 edition: Reports are proliferating of Xbox Live users checking the credit card and bank account statements which they use to pay their Xbox Live subscriptions, and discovering payments which they did not make, generally over a period of months, which were used to buy Microsoft Points (the service's currency which enables users to purchase extra downloadable content, games and in-game objects) which were [...]

2017-01-07T17:35:25-05:00November 25th, 2011|Consumers and Email, Iconix Truemark Service, Phishing|

CYBER SECURITY AWARENESS MONTH FAILS TO DETER PHISHERS – RSA

RSA's recently released report Cyber Security Awareness Month Fails to Deter Phishers explains that despite efforts to increase awareness and fight phishing, deceptive emails continue to be a major problem. Sometimes viewed as one of the oldest scams in the book, phishing is still a very popular method among cybercriminals. RSA recently estimated that worldwide losses from phishing attacks alone during H1 2011 amounted to over $520 million, and losses incurred from phishing attacks during the 12-month period of H2 2010 through H1 2011 reached nearly $1 billion. RSA shows the recent growth of phishing: You should use the latest version [...]

2017-01-07T17:35:25-05:00November 17th, 2011|Iconix Truemark Service, Phishing|

University of Delaware Spearphishing Attack

Demonstrating that a little bit of personal information goes a long way for cybercriminals, the University of Delaware reports spearphishers are targeting UD students and staff.  The criminals "targeted UD addresses, knowing that many UD students and employees have PNC accounts and that UD has a business relationship with PNC."

2017-01-07T17:35:25-05:00November 11th, 2011|spear phishing|

Social Engineering Defeats Security at DEFCON

Reporting the details of the penetration testing conducted at the August 2011 DEFCON, researchers from Social-Engineer.org reported that by using social engineering techniques they were able trick employees into compromising the security of all 14 Fortune 500 companies that participated in DEFCON 19. To learn more about the power of social engineering at social-engineer.com.

2017-01-07T17:35:25-05:00November 10th, 2011|spear phishing|

Malware — Life Imitates Art 2

In response to our posting Malware - Life Imitates Art, one of our followers directed our attention to the first season of the popular CBS series, NCIS.  In Seadog, season 1, episode 3, the team is called upon to investigate the death of a Naval Officer whose body has washed ashore.  The investigation begins as a routine drug case.  As the plot evolves, the investigation uncovers cyber warfare directed at the nation's power grid.  Fortunately, Gibbs and the team foil the plot at the last second. The 2003 fictional attack on the US power grid is now reality as reported by the Wall Street [...]

2017-01-07T17:35:25-05:00November 8th, 2011|spear phishing|

Cyberspying Report: China, Russia Are Main Culprits

Yesterday, the Office of the National Counterintelligence Executive released a report to Congress entitled, Foreign Spies Stealing US Economic Secrets In Cyberspace.  The report paints a disturbing picture: US Technologies and Trade Secrets at Risk in Cyberspace Foreign collectors of sensitive economic information are able to operate in cyberspace with relatively little risk of detection by their private sector targets. The proliferation of malicious software, prevalence of cyber tool sharing, use of hackers as proxies, and routing of operations through third countries make it difficult to attribute responsibility for computer network intrusions. Cyber tools have enhanced the economic espionage threat, and [...]

2017-01-07T17:35:25-05:00November 4th, 2011|spear phishing|

Spearphishing the Chemical Industry – Symantec Reports “Nitro” Attacks

On October 31, 2011, Symantec released a whitepaper entitled  The Nitro Attacks: Stealing Secrets from the Chemical Industry.  In the whitepaper, Symantec reports on a hacking attack on 29 chemical companies.  The attack appeared to be aimed at stealing intellectual property related to the research, development and manufacture of chemicals.  These attacks started in July 2011 and continued until mid-September.  The attacks also targeted 19 non-chemical companies, primarily in the defense industry. Symantec tells us how the systems were compromised: The attackers first researched desired targets and then sent an email specifically to the target. Each organization typically only saw a handful of employees at the receiving end [...]

2017-01-07T17:35:25-05:00November 3rd, 2011|SP Guard, spear phishing|