blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

The Latest in Phishing: End of 2016

Posted by Kym Harper on Dec 16, 2016 9:47:19 AM

Topics: Phishing, Latest in Phishing, All Posts

Wombat_Phishing-Attacks.jpg

To close out 2016, we bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

color_bar.pngIncrease your security response team's efficiency with PhishAlarm Analyzer

Learn More and Request a Demo Today

color_bar.png

 

Phishing Attacks:

  • Experts are urging consumers to exercise caution during the holiday season, as fake package delivery notices have seen an almost 100% increase from the averages of September and October. The emails share common subject lines while posing as popular shipping companies like DHL, UPS, and Amazon.
  • A new report from Proofpoint has identified a new phishing campaign named August, which targets the customer service staff and managers of retail organizations. The highly-personalized campaigns can siphon sensitive documents and credentials from the infected devices, and “could easily be adapted for wider distribution.”
  • New York attorney general Erik Schneiderman is at the center of a phishing scheme in which hackers are targeting lawyers by posing as him. The scam attempts to lure attorneys into clicking on an email by claiming that a complaint has been made against their firm or business.
  • Fans who signed up to a Scottish Football Association registry and whose data was accessed through a third-party database breach have now been the victims of a phishing attack asking for hundreds of dollars in unpaid tickets.
  • According to the website LeakedSource, data from 85 million user accounts of the video sharing platform DailyMotion were stolen in an alleged breach. Compromised information includes user IDs, emails, and (in some cases) hashed passwords.
  • Researchers from FireEye have identified malicious phishing websites serving fake logins from 26 Indian banks in an attempt to steal customer data. The Indian Computer Emergency Response Team (CERT-In) has been notified about the threat.
  • Proofpoint has discovered that scammers are selling phishing attacks via YouTube that essentially have backdoors in them, exploiting the very same people they’re selling to.
  • The latest round of IRS email scams is targeted at tax professionals who use IRS e-services. The phishing emails are asking recipients to update their accounts, directing them to a fake website that attempts to steal their credentials.
  • The email addresses of members of the New Zealand nurses’ union were exposed after a phishing email masquerading as a message from the New Zealand Nurses Organization’s CEO led to the release of the data.
  • The city of El Paso, Texas was robbed of millions intended for a public streetcar project after receiving phishing emails posing as a vendor requesting payment. The city’s CFO said the first payment was for about $300,000 and the second was for almost $2.9 million. The FBI and El Paso Police are currently investigating.
  • A Twitter scam claiming users can get their accounts verified has been making the rounds via Promoted Tweets, which can be used to steal users’ credentials.