Tag: phishing

Source: MyBroadband

MWEB and Absa clients have been targeted in a new e-mail phishing attack, where they are asked to open an attachment aimed at stealing their private information.

The email asks users to open an HTML attachment, which in turn opens a form in a browser which steals the victim’s personal details.

In the past, executable keyloggers were attached to emails to steal account information from victims.

However, most security services now block users from opening an attached executable file, as most of these files are malicious.

Scammers are now using HTML pages as attachments, where users are asked to provide their personal details in what appears to be a legitimate website.

In these scams, users are encouraged to open the attached email file, which opens in a browser and requests their username and password for a service.

This information is then sent to the criminal’s email address using a basic PHP script.

MWEB and Absa scam email
This is the method used in the latest email scam which is targeting MWEB and Absa clients.

The email, which claims to come from MWEB – but is sent from “info@mailsynk.co.za” – tells users that their “invoices and/or receipts and statement that you requested attached to this email”.

The attachment is the phishing page, which in this case uses the domain “jehovalchristofficeinternatona.co.za” to host the scripts.

Without looking at the HTML code, there are many warning signs that this is a scam email:

  • The email does not come from MWEB or Absa. It should be noted that an email which comes from an @mweb.co.za or @absa.co.za does not automatically mean it is authentic.
  • The email is poorly structured and contains poor grammar.
  • There is no personalisation in the email, with a user’s name or account details.
  • It mentions a PDF file, but the attachment is a .htm file.
  • Users are asked to provide their personal details to view a file – a clear sign it is a phishing attack.

By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

By Adiel Ismail for Fin24 

Goliath and Goliath CEO Kate Goliath is encouraging small businesses to ramp up security measures after her comedy and entertainment agency fell victim to invoice intercepting as a result of e-mail hacking.

Goliath and Goliath is out of pocket to the tune of more than R300 000, while its subsidiary The PR Bailiff has been scammed out of R20 000.

The hackers gained access to the company’s emails and requested clients to make payments to a different bank account.

Goliath told Fin24 that small businesses shouldn’t just rely on tech companies to educate them about cybercrime.”Find out as much information about how hackers get into the systems so that you are aware of what service providers need to offer,” she said.

“Be vigilant. Protect your business and insure the technical side of your business as well.”

The company opened a case with the police and is in the process of sending a subpoena to the bank where the funds have been deposited.

Afrihost said it will work with the police to further investigate the incident. “We strongly believe this was a case of phishing,” a representative told Fin24.

Entertainment and media high risk for cybercrime

“We have noticed that some banks are posting warnings before a client makes a payment to verify that the bank details they’re using are correct. We assume that this is because of an increase in these types of phishing attacks.”

Cyber incidents rank top in the entertainment and media, financial services, technology and telecommunications industries, according to the Allianz Risk Barometer 2018.

The report revealed that cyber incidents remain a top threat with 38% of responses for South African businesses, which is reported to lose billions of rands a year to cyber attacks.

The three Goliaths – Jason, Donovan and Nicholas – do stand-up comedy and entertains at workshops, conferences, award ceremonies and events.

Craig Rosewarne, Managing Director at Wolfpack Information Risk, which is a threat intelligence firm that specialises in understanding and predicting cyber threats, said small and medium businesses are just as vulnerable as big businesses when it comes to hacking.

“Their challenge however is that security is often the last thought until they get stung and end up either losing a substantial amount of money or leaking their customer’s sensitive data,” he told Fin24.

Wolfpack has assisted many small and medium sized businesses whose invoices have been hacked, said Roseware. In this regard it has found three common causes:

1. Attackers will perform reconnaissance on key individuals in IT / Finance / Execs and send a targeted spear phishing email to target their machines for access or further information

2. Spyware is loaded on their devices that record keystrokes and take screenshots for the attacker

3. Compromising their online hosting / email platform and adding in rules for any email that has the word “invoice” or “payment” – to send a duplicate email to the attacker’s gmail or “burner” account.

Tips for companies

Roseware suggested that companies under attack should conduct an independent risk assessment and obtain guidance on how to mitigate risk.

“Employees should also be made aware of risks and this should be backed up with an information security policy signed by staff and contractors.”

He also stressed the importance of having up to date anti-malware software on all devices that process sensitive information.

Cyber risk is fast becoming the number one risk facing countries, governments and organisations, noted Roseware.

“In all of these scenarios it often boils down to an individual that gets compromised so cyber awareness is key in both your business and personal lives.”

Banking complaints rise by 35%

By Robert Laing for Business Day 

The number of complaints from banking customers grew by an “unprecedented” 35% to 7 056 formal cases opened by the industry’s ombudsman in 2017, from the prior year.

Cases involving internet banking fraud overtook ATM complaints, banking ombudsman Reana Steyn said in the office’s annual report released on Wednesday.

Steyn said 22% of all banking disputes related to online banking, and “phishing” — a fraud scheme whereby consumers are duped into disclosing their login and password details via e-mails purporting to come from the bank — accounted for 77% of these.

“The category that previously topped the list, ATM complaints, were second highest at 18%, down 10% from the previous year, which is good news,” Steyn said.

The Ombudsman for Banking Services (OBS) is a voluntary dispute resolution service funded by the industry to offer consumers a way to escalate complaints without employing lawyers.

“It is unfortunate that consumers who are unsuccessful with their complaints levy the criticism of bias against the ombuds office. Our office works very hard to uphold high standards in adjudication and in applying the law to the fact of the case,” she said.

“The office found in favour of complainants in 27% of the cases, indicating that most matters capable of early resolution were resolved at the bank. While the number may appear low, it is in line with international experience at other ombuds offices.” People unhappy with their bank are encouraged to take their dispute to the OBS if their complaint has not been handled within 20 working days.

Beware this Apple phishing scam

A new Apple phishing scam is doing the rounds.

The scam informs user that their “Apple ID’ has been locked and threatens them with the fact that their information is now insecure.

In order to fix the “issue”, users are requested to follow a link which looks on the surface like an Apple-related site. Browsers and anti-virus quickly block the site as suspicious.

How to identify a scam e-mail

Spam, scam e-mails and phishing: every day we receive hundreds of e-mails that may or not be linked to criminals trying to steal information from us.

My Office News took a look at an email we received and dissected it piece-by-piece to show you how to identify spam.

 

When the short link is clicked, it redirects to a site that downloads malware to your device.

Should you receive an email from someone claiming to be a service provider (such as a bank or ISP), rather call their main office to check the validity of the information.

New scam hits FNB customers

FNB is warning customers about a new scam which involves them receiving an e-mail stating their online banking access will be disabled or deactivated.

“In an attempt to obtain your personal details, you will be requested to select a link in the email to confirm that you did not request your account to be deactivated,” said FNB.

Continue reading

New PayPal phishing scam surfaces

Cyber-crooks are sending out spam emails that falsely warn recipients that their PayPal account activity has been temporarily limited, citing an account fraud issue.

A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.

According to a blog post from ESET, the phishing emails falsely inform recipients that PayPal has detected “unusual activity” on their accounts and has “temporary limited what you can do” until the possible security issue can be resolved. Clicking the log-in button on these emails redirects victims to what appears to be a legitimate log-in screen – it even displays an SSL certificate to sell its supposed authenticity – but is actually a fake PayPal web page hosted on a malicious domain.

After victims “log in,” the fake PayPal site displays another message informing victims that they will not be able to withdraw funds for 15 days, unless the issue is addressed further. Those who click a “Continue” button to proceed are then asked to enter even more detailed information, including their Social Security number, address, phone number, birthdate and mother’s maiden name.

As phishing scams go, this one is convincing, but there are still some clues that PayPal did not send this alert, ESET reported. For instance, the email contains minor grammatical and syntax errors, and the fake web page’s request to enter your home country is unusual, considering it also asks for your Social Security number, which only applies to the US.

By Bradley Barth for www.scmagazineuk.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top