Scammers use stolen database of real Booking.com travel orders. Russian Booking.com customers received e-mails from fraudsters at the beginning of October. Scammers asked for prepayment in full for a previously booked room.
It should be mentioned that Booking.com never asks for payment up front. Customers got emails supposedly from Booking.com with real reservation number, dates and names of hotels. While studying customers’ correspondence, security researchers said the domain names used by scammers for sending letters were not sent by Booking.com or hotels.Read more
A hacker group that appears to be residing in China has been targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues.
Describing the hackers as part of an APT group, cybersecurity vendor FireEye said the attack campaign had been ongoing since 2011 and targeted more than 100 victims. The group would send spearphishing e-mails attached with Microsoft Word documents containing a script, which would create backdoor on infected machines. FireEye also detected the attacks in April 2015, a month ahead of India's premier Narendra Modi's first state visit to China.Read more
In a new document leaked from Bitstamp, one of the more popular Bitcoin exchanges in the world, the company details how a phishing attack several months ago bereft the company of roughly $5 million at then-current prices.
Beginning around page nine of the leaked report, which is clearly marked confidential but is already floating around numerous mirror sites since its initial leak, the document details how the company discovered an "ominous" and large data movement of around 3.5 gigabytes from Bitstamp's server to an IP in Germany. The company determined that it was their wallet.dat file that had gone over the tubes from their servers to some unknown.Read more
A lot of Twitter users looking for a way to get their accounts verified have been duped by a single fake account promising to provide the service into visiting a phishing page.
How many of them actually went through the steps required is unknown, but according to Malwarebytes' Chris Boyd, this wasn't the only account of this kind to be suspended recently, and there are sure to be others popping up. The account in question successfully impersonated Twitter's official "Verified Account" account. The phishers used the same name and icon but, of course, couldn't get the blue badge with a check mark next to the username.Read more
Most people are conditioned by now to not open unknown file attachments — especially file attachments on emails from unknown sources. Just in case you somehow missed the memo, there is a new reason to think twice before opening a PowerPoint file.
New research indicates that attackers have figured out how to weaponized a PowerPoint file so that it circumvents detection by antivirus tools. The malware is embedded in a PowerPoint presentation. Because the file is saved in PPS format it bypasses AV detection, but when the file is opened in Slide Show presentation format the phishing attack is able to execute.Read more
The Chinese-language Naikon advanced persistent threat group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.
Naikon infects its victims with spear-phishing emails in which malicious executables masquerade as seemingly relevant document attachments. When a victim opens one of these malicious attachments, a decoy document appears as an executable file and quietly exploits an old Microsoft Office vulnerability, installing malware on the victim’s machine.Read more
IBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organizations. The campaign shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication.
In recent incidents, organizations have lost millions to attackers. While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Dyre has evolved to become simultaneously sophisticated and easy to use.Read more
Phishing is a type of attack on personal data that comes in the form of a fake email or wesbsite, which is made to look like it comes from a reputable site – but does not.
A user might get an email that has all of the themes and imagery of a typical message from Facebook, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt, is directed to a fake webpage that looks like Facebook, and then the user enters their login and password. There are several ways to avoid phishing attacks. The common theme in each is to be highly suspicious of any online request for your personal information.Read more
Small and big firms working online have to be prepared for ‘unprecedented levels of attempted fraud’ this month, say payments experts. Payments business Worldpay claims instances of fraud could rocket by as much as 80 per cent in February as hackers capitalise on customer data harvested during the Christmas shopping period.
But it should be mentioned that small firms are the biggest target for hackers. Virtually all breaches happen online, the rest being at point of sale. The costs of being targeted can run to tens of thousands of pounds, with an investigation costing £11,250 on average and attracting a penalty of at least £8,000. There is also the cost of lost goods and damage to reputation.Read more
Researchers have uncovered a new variant of the infamous Zeus Trojan. It’s called Chthonic, a reference to spirits and deities from the underworld in Greek mythology, and it’s targeting 150 banks and 20 payment systems in 15 countries.
Zeus, as its name suggests, is the king of banking malware. It first emerged in 2007 and has been wreaking havoc on online bank accounts ever since. In 2011, its developers threw in the towel and posted its source code for all to see. It may seem as though this would be the end for Zeus, but, in fact, the opposite is true.Read more