CIBC among top brands used in phishing attacks: Nov 08, November 9 An email security firm says the Canadian Imperial Bank of Commerce is one of the most commonly-targeted brands used by cyberthieves in phishing attacks across North America, with a more than per cent surge in fake email attempts in the third quarter.
This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals.
Jul 03, · A scam artist tried to swindle a group of potential bidders in the June auction of 30, bitcoins by the U.S. Marshals Service, and appears to have scored a small win with at least one of them. Mar 07, · The Understanding Phishing course is comprehensive offering an overview of different types of phishing attacks, the risks phishing poses to users . Jul 17, · One of the most dangerous attacks facing companies today is spear phishing.A spear phishing attack is one in which the sender of an email represents themselves as someone known and trusted by the user in order to gain access to sensitive or private information.
Long before kick-off, email accounts began bulging with soccer-related spam, and scammers started exploiting the topic in mailings and creating World Cup-themed phishing pages. Our statistics show spikes in the number of phishing pages during match ticket sales.
Every time tickets went on sale, fraudsters mailed out spam and activated clones of official FIFA pages and sites offering fake giveaways allegedly from partner companies. But as the event draws nearer, cyber scams are reaching fever pitch.
We present our observations below. Fake lottery win notifications One of the main types of World Cup-related email fraud is spam informing recipients of cash winnings in lotteries supposedly held by official partners and sponsors Visa, Coca-Cola, Microsoft, etc.
Sometimes recipients are asked to pay a part of the postage or bank transfer fees. Such mailouts are aimed primarily at harvesting user data including financialplus picking up a small money transfer.
Such messages can also contain malicious attachments, for example, Trojan-Banker programs. Examples of fake notifications with attached documents Another type of common spam fraud is an offer to take part in a ticket giveaway or win a trip to a match.
|iTunes Users Targeted In Email Phishing Scam||American businesses reported greater numbers of losses and bigger impacts than their U. Thirty-two percent of respondents reported that their organization has experienced financial losses due to spear phishing attacks.|
|Is This A Scam?||Tech Articles Knowledge Base Phishing Scams A phishing scam is an attempt to get passwords, credit card details or other personal information by emails appearing to be from a trustworthy business or institution.|
|Fraud World Cup - Securelist||The best hacks are always the simplest. When Russian hackers successfully attacked Hillary Clinton's presidential campaign chairman John Podesta inthey didn't need to use crippling ransomware or a complex zero-day exploit.|
Such messages are sent in the name of FIFA, usually from addresses on recently registered domains. The purpose of such schemes is mainly to update email databases so as to distribute yet more spam.
Merchandise was generally offered by small online retailers and included toys, souvenirs, and stationery marked with official logos, as well as soccer jerseys for all teams taking part. Some messages even resemble mailings from the official FIFA store. Examples of messages offering merchandise There were also spammings unrelated to soccer.
For example, traditional spam offering medical products, but using the World Cup to attract attention. Interestingly, the message subject referred to the World Cup final.
Perhaps the spammers used an old template and forgot to change the date. Wrong year, same product Ticket sales Besides online stores selling merchandise, there are plenty of sites offering match tickets, both fake and real.
Online scalpers selling tickets for an arm and a leg However, official tickets can only be bought on the official FIFA website, and large fines are imposed for their illegal sale or resale. Those who use the services of speculators risk being turned away at the stadium: Fake sites and messages from partners One of the most popular ways to steal credentials for bank and other accounts is to create counterfeit imitations of official partner websites.
Partner organizations quite often arrange ticket giveaways for clients, and this is what attackers exploit to lure users onto fake promotion sites.
Such pages look very convincing: Phishing login page supposedly of a partner bank Attempt to gain access to an account on a partner company site under the guise of a ticket giveaway Scammers also try to extract data by mimicking official FIFA notifications.
The victim is informed that the security system has been updated and all personal data must be re-entered to avoid lockout. The link in the message takes the victim far away from FIFA to a fake personal account.
Naturally, all data entered flows straight to the scammers. In some cases, phishers have no interest at all in bank accounts and payment details. For instance, under the pretext of receiving a World Cup-themed update for the video game FIFA Soccer, users are prompted to enter their account credentials for the Origin platform on a fake login page.
Fake Origin login page In late May, a few weeks before the start of the championship, phishing emails offering cheap flights from the major airlines were all the rage.
In addition to fake soccer ticket giveaways, there were draws seemingly on behalf of airlines offering free plane tickets. Normally, though not always, such domains look unnatural for instance, fifa.
So in most cases, a close look at the link in the email or the URL after opening the site should be enough to avoid the bait. Scam websites tend to have been registered quite recently and for a short time, and their owners are usually private individuals.
Cybercriminals use them as a backup: Examples of backup domain names Conclusion The above describes only the most popular scams exploiting the World Cup theme.Don't have time to schedule and report on phishing for your organization? Let us manage the testing for you.
With our managed testing, you get quarterly e-mails across your organization, up to date phishing templates, and an analyst that will ensure the quality of the test.
While a normal phishing attack is inevitable and ignorable, if you happen to catch a spear phishing attempt in your inbox, then it’s essential you report it to your manager and to IT, if your business has one.
No hacker will be content sending only one email, and will likely target multiple employees across weeks, months, or even longer: so. The top 4 brands in the world—Apple, Google, Microsoft, and Facebook—are worth over $B.
This is why people can spend hours watching YouTube videos of others “unboxing” their Apple products every time a new product release hits the market. view the Cofense Phishing Resiliency and Defense Report. Social engineering schemes targeted at executives and business decision-makers are big business for cybercriminals.
The FBI reports CEO email scams cost US businesses over $ million in However, the latest mobile security risk could land in your text message folder, not your email inbox. Facebook is gearing up itself to compete with YouTube in the online video streaming business and there’s no doubt that it is doing good but, there’s a problem with the social media giant and that is the scammers who constantly hunt for user’s login credentials.
The Electronic Frontier Foundation (EFF) has reported that activists at Free Press and Fight for the Future were hit over the summer with a targeted spear phishing campaign that involved nearly 70 phishing attempts.
If you haven't read their report, you should. Very few organizations would come out of the same situation unscathed.