A targeted phishing campaign against government entities in Persian Gulf and Middle East countries was detected earlier this month. The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad airport, and used emails purporting to come from the Ministry of Foreign Affairs of the Kingdom of Bahrain, Saudi Arabia, and the United Arab Emirates. read more

Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals. Seventy-eight percent also reported that security awareness training activities resulted in measurable reductions in phishing susceptibility. The report examines global data from nearly 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period, along with third-party survey responses from more than 600 information … More → The post Over half of organizations were successfully phished in 2019 appeared first on Help Net Security.

Be extra careful when looking for a job online, the Internet Crime Complaint Center (IC3) warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. “While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to … More → The post Cybercriminals using fake job listings to steal money, info from applicants appeared first on Help Net Security.

Note:This blog was written by an independent guest blogger. Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message: “Old friends post embarrassing pictures of Jason Nelson online; click here to see.” Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way. They want to alarm you, and in your rush to defend yourself, click the link to see the pictures. Similar to extortion emails that claim to have videos of “compromising” situations or screen recordings of users on adult websites. These emails work on our fear of embarrassment, rejection, or ruin to get us to let down our guard. Do not click on anything in these emails. Delete, Delete, DELETE. But, it does beg the question, where do these emails come from, who is sending them? In this article, we will be looking at the phishing phenomenon and what options we have to defend ourselves. According to a 2018 report from statistics website Statista, at 11.69%, the majority of spam emails originated in China. But before we in the U.S. pat ourselves on the back, the second-largest amount of spam emails came from the United States at 9.04%. Since 2018, many of these scams demand some form of a cryptocurrency payment. In an October 8, 2019 report, the cybersecurity company Cofense said that phishing scams are changing their tactics and moving from Bitcoin to one of the so-called altcoins like Litecoin or Monero. So how do these scammers get our emails? One way and most likely is lax security protocols or a data breach at a service or email provider. HaveIbeenPwned is a website that can help you see if your email is on a compromised site. But there are other ways as well, including email addresses sold to the highest bidder. A way to minimize our risk of phishing scams is to be mindful of and limit the websites we provide our emails. Also, use a password manager to create more complex passwords. BitWarden, 1Password, and Dashlane are good options. When deciding on an email address, avoid using your name and or some specific data. For example, janedoe1980@email.com - try to avoid using your actual name and actual year of birth or the last four of your social (for U.S. Citizens). There is no way to be 100% safe online, but at least we can make it that much harder for cybercriminals. So let’s look at some steps we can take to protect ourselves from phishing and scam emails: Check the sender address, even if the message seems legitimate, look at the sending address, if it looks odd, it’s probably spam. Does the email ask you to click on a link or attachment? Again check the sender address and the rest of the email for anything out of the ordinary. Did you receive the email out of the blue? A long lost relative is trying to send you money? Delete. Does the email contain several misspelled words? It could be a phishing email. Does the email contain some threat (embarrassment, prosecution for example) it’s more than likely a phishing scam. Lastly, if the email appears to be from someone you know or an organization you do business with, call that person (not from a number on the email) and verify they sent the email. Law Enforcement and the IRS are not known for sending threatening emails. Delete.       

Manor Independent School District (ISD) lost approximately $2.3 million in a phishing scam in three different fraudulent transactions. The scammers carried out the attacks in a variety of ways including disguised email addresses, phone numbers, fake links, etc. Located at a distance of about 15 miles from Austin, Texas, Manor ISD serves more than 9,600 students.

A malicious ad campaign is underway in Google Search results that lead users to fake Amazon support sites and tech support scams. A security researcher reached out to BleepingComputer today about search keywords such as "amazon prime" and "amazon prime customer support" that leads to ads pretending to be Amazon Prime support. For example, in the image below simply searching for "amazon prime" resulted in a fake and shady-looking support ad hosted on sites.google.com. In addition to Amazon support scams, other ads discovered by the researcher were for the search keywords "my account" and "login" that lead to a variety of different tech support scams like the one below. Tech Support Scam ads in Google Search Clicking on these ads lead to tech support scams located on sites such as  sites.google.com, Azure, and other providers. Tech Support Scam via Google Ads Now many of you may look at these ads and wonder how anyone could fall for them.

Phishing is still a vector to attack presidential campaigns. Many 2020 campaigns still aren’t using best practice by implementing a proper DMARC policy.The post But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks appeared first on Security Boulevard.

When Chase bank e-mails you to warn of a fraud alert to your account, you pay attention. But when your work e-mail is associated with a card you don't have, and when the return address isn't from Chase, it's so obvious a fraudulent e-mail that we laugh it off. But it looked and felt real. So much so, I wanted to just quickly show it to you and flag it, to make sure you don't fall victim to this phishing attempt. Remember, one click on the e-mail, and the hackers can take control of our digital lives. That's what happened to Hillary Clinton's campaign manager for the 2016 election that led to the hack of her e-mails. He got a bogus e-mail that looked like it was from Google, asking John Podesta to update his credentials in what's called a "spear-phishing" attack." One click, and Wikileaks got access to the campaign e-mails.

The scam is promoted through comments made to Steam profiles. To make it look legitimate, the phishing site contains a fake chat screen running on the left-hand side of the page.

With the complexity of consumer devices only increasing, contextual security should be a priority for all – a situation which would avoid password shaming.

Redmond urges users to switch on MFA

British streaming service the latest to suffer major security incident

NETFLIX cordcutter-cutters are demanding answers after it emerged that some former users' accounts were being reactivated by criminals. An investigation by Auntie Beeb's You and Yours programme found that if someone finds a dormant Netflix account and is able to get into it, the provided bank details from the subscription are still listed, meaning that all the hacker has to do is start watching, whilst the original customer pays. Plus, of course, if the criminal then changes the password, then that's it, the account is locked out for the legitimate account holder. In order to give leavers an easy way of rejoining the service, accounts that are deactivated have all their details, including bank account info, stored for ten months from the date of leaving, unless the customer specifically asks Netflix to delete them sooner. For its part, Netflix has made a number of appropriate purring noises and advises anyone who notices unusual or unauthorised use of their account, or erroneous charges, to contact customer service immediately.

Hackers began hijacking accounts hours after Disney+ launched earlier this week.

Supporters say sacking was motivated by their union activity