HackDig : Dig high-quality web security articles for hacker

Fresh Phish. (So Many Puns, So Little Time.)

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected! Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails. I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly sig
Publish At:2017-05-23 12:10 | Read:2909 | Comments:0 | Tags:Threats apps attachments browsing files humans Isolation Mal

Dutch Website Builder Used Secret Script to Hack 20,000 Users

A Dutch website builder leveraged a secret script to steal 20,000 users’ login credentials, hack their accounts, and commit payment fraud.On 17 January, police in the northern Netherlands announced they’re contacting 20,000 users with the advice that they change their passwords as soon as possible. This move comes several months after the world f
Publish At:2017-01-17 17:20 | Read:2657 | Comments:0 | Tags:Latest Security News computer crime payment fraud phish

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:2584 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

“Automated Tax Refund Notification” spam…

We’re seeing multiple copies of the below spam dropping into mailboxes at the moment, all of which claim to be an automated tax refund of £796.86 for UK tax payers. The email reads as follows: Automated Tax Refund Notification After the last annual calculations of your fiscal activity , we determined that you are aligible to receive a tax refund o
Publish At:2016-05-18 09:20 | Read:2633 | Comments:0 | Tags:Cybercrime Social engineering email HMRC phish phishing scam

Spam serves up health service legal disclaimers…and job offer

Here’s a peculiar set of emails with an origin point tracing back at least 9 years. These missives claim to be from well known health organisations / services / global pharmaceutical companies, while trying to sign random recipients up to…something entirely unrelated to health or pharmaceuticals, as it turns out. Let’s take a look at a rece
Publish At:2016-04-09 22:35 | Read:3105 | Comments:0 | Tags:Cybercrime Social engineering furniture health lighting ligh

Avoid these Nextflix themed scams

We’re seeing a couple of different spam mails coming through which all loop back to Netflix in some way. Here’s an Apple ID phish from the last few days which uses Netflix payments via iTunes as bait: The email reads as follows: Order Receipt No. 493092733 This email confirms your purchase of the following subscription: Name of Subscriptio
Publish At:2016-04-02 08:25 | Read:4348 | Comments:0 | Tags:Cybercrime Social engineering Apple email mail netflix phish

“Copyright Violation” Facebook Phish

Copyright warnings appearing out of the blue can be vaguely terrifying at the best of times, and we’ve spotted a phishing scam using them as a launchpad for data theft. The name of the game is worrying the potential victim into clicking on the supplied link, with a curious mix of copyright violations and account verification. Here’s an example:
Publish At:2016-03-22 18:05 | Read:3060 | Comments:0 | Tags:Phishing facebook phish phishing social media spam

“Your Recent Purchase with your Apple ID”…

Apple fans should steer clear of a convincing phishing mail doing the rounds, with the sender address popping up in a 419 scam not so long ago. Here’s the mail in question: It’s a fake tax receipt which states that a purchase has been made for “Rain Radar, Remove Ads”. If you didn’t make this purchase, you should visit the link
Publish At:2016-03-17 10:55 | Read:3793 | Comments:0 | Tags:Phishing app Apple email fake phish phishing

The Bank of “We Have No Idea What We’re Doing”

One can only assume the creators of this 419 scam attempt threw up their hands, cried YOLO and set about putting together the least visually convincing “This is a mail from a bank, honest” attempt I’ve seen in some time. I mean, you think banking fakeout, you think professional looking imagery. You think clean, sounds-like-a-bank wording. Y
Publish At:2016-03-08 09:30 | Read:3634 | Comments:0 | Tags:Phishing 419 email phish phishing scam scammers

Google Docs? Check One More Time…

If you go looking for Google Docs related URLs on your travels, you may run into the following site (registered through an “Offshore anonymous hosting company” in Panama): googledocs(dot)info Despite the name, you won’t find your documents sitting in a pile waiting to be edited. Indeed, you’ll currently see this: If we had a magical
Publish At:2016-03-04 15:05 | Read:3268 | Comments:0 | Tags:Fraud/Scam Alert fake Google phish

The Amazon Survey Phish: Back for Round 2

We’ve seen another run of Amazon themed spam doing the rounds, and they may well already be dropping into your mailbox. Here’s the email in question: The text is identical to the last one we took a look at (notice also the open red padlock, which is a new Gmail feature). As before, the link uses a redirect to send potential victims to an imitati
Publish At:2016-02-26 20:20 | Read:2631 | Comments:0 | Tags:Fraud/Scam Alert amazon email fake phish phishing scam

The Phishy Accountant: Something Doesn’t Add Up

We’ve recently come across a phish aimed at people working in / related to accounting firms, sent from a compromised accountant’s email address leading to a fake Google Docs page. The email reads as follows: Subject Important - For your review Hello, I've shared some files with you on Google Drive. Please, click on the E-Document to downlo
Publish At:2016-02-20 01:35 | Read:2690 | Comments:0 | Tags:Phishing cpa fake phish phishing scam

Off the Market: One Airbnb Phish

It might still be a little too early in the year to think about vacation, but there’s always a chance you’ll need some lodging and short notice and that’s where services like Airbnb come into play. The hugely popular service lets travellers temporarily lodge with people from all around the World, and in some situations that would be an attr
Publish At:2016-02-12 12:40 | Read:5350 | Comments:0 | Tags:Fraud/Scam Alert airbnb phish phishing

Fake Amazon Mail Phishes for Login, Payment Information

From the mailbox: a fake Amazon mail which attempts to persuade the lucky recipient that they have the chance to win £10 in return for completing a quick survey. The mail, titled “ΙD: 569369943” and claiming to be from “members support” / message@notice-amazon(dot)com, reads as follows: As a valued customer we would like to present yo
Publish At:2016-02-04 23:50 | Read:3744 | Comments:0 | Tags:Fraud/Scam Alert amazon phish scam

Elaborate iCloud Phish Used To Activate Stolen iPhones

Much information from our private and work related lives is stored in our smart phones. Losing a device or getting it stolen can be disastrous, way beyond the monetary loss. Apple has a nifty feature which allows to remotely erase and lock your phone if you ever faced that problem and wanted to make sure your personal information would not fall into the wron
Publish At:2016-01-29 05:05 | Read:2343 | Comments:0 | Tags:Phishing Apple iPhone phish scam Cloud

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud