 Phishing campaigns, some launched as recently as March, aimed at stealing credentials from Verizon mobile customers by spoofing the company's support service. Being mobile-focused and using an identifier for an official service from Verizon is what prompted researchers to categorize it as sophisticated above average. The link delivering the phishing kit includes the abbreviation 'ecrm,' which Verizon uses as a sub-domain - ecrm.verizonwireless[.]com - for its Electronic Customer Relationship Management platform. Researchers at Lookout mobile security company noticed one such attack in late November 2018; another one occurred in February this year and the activity intensified in March when three waves were recorded in two consecutive days. Loaded on the desktop, the phishing page looks suspicious, but on mobile devices, it renders as if it were genuine and could easily fool the receiver into sending the attacker the login credentials (phone number or user ID, and password) for the Verizon account. "This kit targeted Verizon customers through malicious links masquerading as Verizon Customer Support. This shows that the attackers did their research," writes Jeremy Richards, a principal security researcher at Lookout. Verizon customers are constantly targeted by phishing campaigns and the company is perfectly aware of this. A page is available with variations of the fraud attempts to warn users to be on guard. Customers of AT&T have also been targeted in a phishing campaign that was active on Monday. Microsoft researchers found it via Windows Defender Advanced Threat Protection platform. For more including domain names visit OUR FORUM.  Cybersecurity is in a terrible state, possibly the worst it's ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets. There is plenty of blame to go around, of course. Let's start with the obvious ones, the crooks and scammers – from petty criminals to organized crime – who are able to extort us with ransomware or steal corporate data or our credit-card details with phishing attacks. Few police forces have the time, money and skill to catch these groups or bring them to justice. Then there are state-backed hackers who switch between espionage and cyber warfare – and the governments that either turn a blind eye to their activities or positively encourage them. Who else to blame? Perhaps the tech companies that are desperate to rush a new product to market to beat their rivals, and think that cutting corners on testing security is a good way to do it. And it's not just startups, either; witness the constant stream of security patches that flow from all the big tech companies every month, fixing problems with software that simply wasn't secure enough when it was sold. What about the enterprise? There are software patches for all of the most regularly abused software flaws, just as there was a patch for the flaw that allowed WannaCry to spread. And yet those flaws go unpatched because firms don't want to spend the time and money fixing those flaws and patching those systems. Follow up on OUR FORUM.  Those who remember earlier days of the internet are familiar with the “Nigerian Prince letter,” also known as the 419 scam. While that fraud typically runs from personal email accounts, another one uses an official Nigerian government website to host a phishing page for the DHL international courier service. Nigeria has a large culture of fraud, which is defined in the country's criminal code at number '419,' under Chapter 38: Obtaining Property by false pretenses; Cheating," but this is ridiculous. For over two weeks, the Nigerian National Assembly (NASS) site has been serving a fraudulent page that asks for DHL account credentials. This is just a landing location, most likely pushed through spam. The phishing resource is "u.php" and it is present on multiple legitimate websites that have been hacked to host it. We also found it on domains that look like they've been registered specifically for DHL phishing purposes. At the moment of writing, loading most of them triggered the "Deceptive site" warning in Chrome and Firefox, but not all of them have been indexed as unsafe, yet. Security researcher MalwareHunterTeam found the phishing page on the NASS website and noticed a history of malicious URLs available on the official domain. Read more on OUR FORUM. |
Latest Articles
|