jm + phishing   22

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
RUSSIAN MILITARY INTELLIGENCE [GRU] executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
politics  russia  nsa  leaks  us-politics  cyberattacks  gru  hacking  elections  spear-phishing  phishing  e-voting 
june 2017 by jm
​Why I Hate Security, Computers, and the Entire Modern Banking System | Motherboard
I am honestly amazed the US banking system still works this way, after over a decade of rampant identity theft:
I cannot count the number of times I’ve freely given out my routing and account numbers—in emails, in webforms, in paperwork. This is because it’s necessary for other people to know my routing number and account number in order for them to send me money. But apparently, with that same information, they can also snatch money straight from my account. What kind of insane system is this? There’s two factor authentication, there’s one factor authentication, and then there’s this, which I think I can call zero factor authentication.
identity-theft  phishing  banking  banks  usa  authentication  2fa  0fa  security 
may 2016 by jm
Ex-surgeon duped into being €100k drug mule
Oh man. This is so sad:

Soriano, who had travelled to Ireland from Bogota via Panama and Paris, told customs officials that a red bag he was carrying contained a gift for banking officials which would facilitate the transfer of a $2.3m inheritance from a long-lost relative he had never heard of until recently. He was very co-operative with the officials and agreed to allow them x-ray and examine the bag. It was found to contain 1.86kg of cocaine in three packets.

Sgt Finnegan said gardaí were initially sceptical that Soriano could have fallen for the scam but, as interviews went on, they became aware that there were underlying issues. Gardaí found documentation that Soriano had printed out about other phishing scams. He said that he knew they were scams but he was lonely and would respond to them for “a little bit of fun”. Sgt Finnegan said that, despite this, he remained adamant that the inheritance was still due to be claimed.


Bizarrely not the first prominent surgeon to fall victim to 419 scammers.
419  scams  cocaine  smuggling  surgeons  phishing  dementia 
may 2016 by jm
Exclusive: SWIFT bank network says aware of multiple cyber fraud incidents
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.


Ouch. They seem to be indicating that they're all phishing/impersonation-based attacks.
phishing  swift  banking  hacks  exploits  banks  security 
april 2016 by jm
The disturbingly simple way dozens of celebrities had their nude photos stolen
Basic phishing:

'Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as “e-mail.protection318@icloud.com,” “noreply_helpdesk0118@outlook.com,” and “secure.helpdesk0019@gmail.com.” According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”'
security  phishing  nudes  fappening  celebs  gmail  icloud  apple 
march 2016 by jm
£25,000 stolen online. But even more shocking: Barclays washes its hands of it | Money | The Guardian
UK banks are getting press for evading liability and screwing the customer when scams and phishing occur
scams  phishing  uk  banking  banks  liability  terms-and-conditions  barclays 
march 2016 by jm
Report: Everyone Should Get a Security Freeze
“Whether your personal information has been stolen or not, your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often-offered, under-achieving credit monitoring. Paid credit monitoring services in particular are not necessary because federal law requires each of the three major credit bureaus to provide a free credit report every year to all customers who request one. You can use those free reports as a form of do-it-yourself credit monitoring.”
us  credit  credit-freeze  security  phishing  brian-krebs 
november 2015 by jm
London Calling: Two-Factor Authentication Phishing From Iran
some rather rudimentary anti-2FA attempts, presumably from Iranian security services
authentication  phishing  security  iran  activism  2fa  mfa 
august 2015 by jm
Chinese scammers are now using Stingray tech to SMS-phish
A Stingray-style false GSM base station, hidden in a backpack; presumably they detect numbers in the vicinity, and SMS-spam those numbers with phishing messages. Reportedly the scammers used this trick in "Guangzhou, Zhuhai, Shenzhen, Changsha, Wuhan, Zhengzhou and other densely populated cities".

Dodgy machine translation:
March 26, Zhengzhou police telecommunications fraud cases together, for the first time seized a small backpack can hide pseudo station equipment, and arrested two suspects. Yesterday, the police informed of this case, to remind the general public to pay attention to prevention.

“I am the landlord, I changed number, please rent my wife hit the bank card, card number ×××, username ××.” Recently, Jiefang Road, Zhengzhou City Public Security Bureau police station received a number of cases for investigation brigade area of ​​the masses police said, frequently received similar phone scam messages. Alarm, the police investigators to determine: the suspect may be in the vicinity of twenty-seven square, large-scale use of mobile pseudo-base release fraudulent information. [...]

Yesterday afternoon, the Jiefang Road police station, the reporter saw the portable pseudo-base is made up of two batteries, a set-top box the size of the antenna box and a chassis, as well as a pocket computer composed together at most 5 kg.


(via t byfield and Danny O'Brien)
via:mala  via:tbyfield  privacy  scams  phishing  sms  gsm  stingray  base-stations  mobile  china 
august 2015 by jm
Epsilon Interactive breach the Fukushima of the Email Industry (CAUCE)
Upon gaining access to an ESP, the criminals then steal subscriber data (PII such as names, addresses, telephone numbers and email addresses, and in one case, Vehicle Identification Numbers). They then use ESPs’ mailing facility to send spam; to monetize their illicit acquisition, the criminals have spammed ads for fake Adobe Acrobat and Skype software.

On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially.  Email lists of at least eight financial institutions were stolen. 

Thus far, puzzlingly, Epsilon has refused to release the names  of compromised clients. [...] The obvious issue at hand is the ability of the thieves to now undertake targeted spear-phishing problem as critically serious as it could possibly be.
cauce  epsilon-interactive  esp  email  pii  data-protection  spear-phishing  phishing  identity-theft  security  ads 
march 2015 by jm
The Cybercrime Wave That Wasn’t - NYTimes.com
MSFT researchers discover fundamental scientific failures in almost all data on cybercrime/spam/malware damages. 'In numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors -- or outright lies -- cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population. [...] The cybercrime surveys we have examined exhibit exactly this pattern of enormous, unverified outliers dominating the data. In some, 90 percent of the estimate appears to come from the answers of one or two individuals. In a 2006 survey of identity theft by the FTC, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined.' my opinion: this is what happens when PR drives the surveys -- numbers tend to inflate to make headlines
fail  science  pr  press  cybercrime  ms  via:mark-russinovitch  data  surveys  spam  malware  viruses  phishing 
april 2012 by jm
Cory Doctorow: Persistence Pays Parasites
'Falling victim to a [phish] isn’t just a matter of not being wise to the ways of the world: it’s a matter of being caught out in a moment of distraction and of unlikely circumstance.' +1, that matches with the personal phishing stories I've heard from others
phishing  cory-doctorow  security  anti-phishing  scams  distraction  twitter  from delicious
may 2010 by jm
ScamNailer - Anti-Phishing Filter
a generated set of SpamAssassin rules containing known-phisher addresses
scams  phishing  spear-phishing  spamassassin  rules  anti-phishing  from delicious
april 2010 by jm
Inside View from Ireland: Analysing Electronic Forensics Evidence
fascinating note from Bernie Goldbach: 'MORE THAN 20 YEARS ago, I worked with message traffic and the work told me the importance of verifying source material.'
bernie  spam  anti-spam  authentication  spoofing  security  phishing  from delicious
february 2010 by jm
Ross Anderson and Steven J Murdoch rip into Verified By VISA
'this is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure.'
verified-by-visa  security  phishing  web  banks  banking  money  authentication  finance  visa  3dsecure  papers  from delicious
february 2010 by jm
Malicious App In Android Market
phisher creates a banking app for Android phones which relays the authorization details to another site, possible because of insufficient app vetting (via Mulley)
apps  iphone  android  smartphones  phones  mobile  phishing  security  banking  fraud  from delicious
january 2010 by jm
Cybercrime Organizations Turn to ‘Mafia-Style’ Structure
good research coming out of McAfee -- lots of Eastern European, Russian, and ex-USSR-country cybercrime businesses nowadays, apparently
spam  scams  scareware  russia  eastern-europe  ukraine  romania  credit-cards  antivirus  mcafee  security  phishing  from delicious
october 2009 by jm
Anti Spear-phishing SpamAssassin ruleset
from Julian "MailScanner" Field (via the SA users list)
spamassassin  anti-spam  rulesets  sa-update  phishing  blocklists 
august 2009 by jm
UK company selling "have you been phished" check using stolen data
according to this, a retired cop has set up a company called Lucid Intelligence with 'the records of four million Britons, and 40 million people worldwide, mostly Americans', and plans to 'charge members of the public for access to his database to check whether their data security has been breached.' How is this legal under Data Protection law? wtf
privacy  uk  law  hacking  phishing  fraud  crime  police  database  identity-theft  lucid-intelligence  data-protection  security  colin-holder 
july 2009 by jm

related tags

0fa  2fa  3dsecure  activism  ads  android  anti-phishing  anti-spam  antivirus  apple  apps  authentication  banking  banks  barclays  base-stations  bernie  blocklists  brian-krebs  cauce  celebs  china  cocaine  colin-holder  comerica  cory-doctorow  credit  credit-cards  credit-freeze  crime  cyberattacks  cybercrime  data  data-protection  database  dementia  distraction  e-voting  eastern-europe  elections  email  epsilon-interactive  esp  exploits  fail  fappening  finance  fraud  gardai  gmail  gru  gsm  hacking  hacks  icloud  identity-theft  internet  iphone  iran  ireland  law  lawsuits  leaks  liability  lucid-intelligence  malware  mcafee  mfa  mobile  money  ms  nsa  nudes  papers  phish  phishing  phones  pii  plainscapital  police  policing  politics  pr  press  privacy  ramnica-valcea  romania  rules  rulesets  russia  sa-update  scams  scareware  science  security  smartphones  sms  smuggling  spam  spamassassin  spear-phishing  spoofing  stingray  surgeons  surveys  swift  terms-and-conditions  twitter  uk  ukraine  us  us-politics  usa  verified-by-visa  via:mala  via:mark-russinovitch  via:tbyfield  viruses  visa  web  wired 

Copy this bookmark:



description:


tags: