Security News
According to online fraud prevention company Bolster, November saw new websites related to gift card fraud at a rate of more than 220 per day. Bolster's research team note that online scams involving gift cards are predominantly impersonating Target's balance checking pages.
The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise attacks. BEC scammers used email rules added to the target' web-based email clients to hide their activity while impersonating employees or business partners.
Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise scams have been arrested in the city of Lagos, Interpol reported yesterday. "The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations," Interpol said.
The tally may be much higher, though as Group-IB established that the TMT gang targeted around 500,000 organizations from the private and government sector in more than 150 countries. BEC scammers use malware to collect sensitive information like authentication data from browsers, email, and FTP clients.
A Florida man was sentenced to 37 months in prison earlier this week for his involvement in a business account takeover scheme that resulted in more than $9 million in total financial losses. A bank account controlled by Buzyukov was used to transfer funds from the accounts of the victim companies, after being added by an account manager to their records at the financial tech company following a bank account change request in a fraudulent phone call made by an unknown individual.
Aggressive scammers are impersonating the U.S. Internal Revenue Service in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. The phishing emails target users of Microsoft's Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security.
A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for. The call was placed to the Financial and Cybercrime Investigation Branch in the state of South Australia, where the cops serve 1.75 million citizens.
A threat actor specializing in business email compromise attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users.
Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. According to reports,, the recent attack stems from Google Drive's legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc.
American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice - posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It's not votes they're after, but to win a voter's trust, personal information and maybe a bank routing number.