Cybercriminals Impersonate These Well-Known Companies in Phishing Emails

Suspicious emails coming through to your mailbox? Does the email claim to be from Microsoft and need your login information to fix an unfounded issue? Cybercriminals increasingly send victims emails such as these, impersonating large-scale companies to appear legitimate, and it’s not only Microsoft impersonations. From Facebook to Amazon, to Paypal and Netflix, it’s a good idea to double check where those emails are actually coming from.

Cybersecurity company Vade Secure conducted an analysis of companies that were most impersonated and found that Microsoft was one of the most used brands in phishing schemes, with an increase of 15.5% since the previous year. Due to the popularity in Outlook mail and Office365, Microsoft is a widely popular impersonation target. With businesses and corporations relying on Office365 for keeping restricted and sensitive files, hackers look for any means necessary to get their hands on such valuable information. Access to Office365 accounts can also open more doors for targeting other users to gain access to more accounts. 

Illegitimate emails claiming to be from Microsoft ask users to log in via a link provided by the hacker and open up a spoof page that mirrors the actual website, prompting users to input their login credentials and submitting it to the cybercriminal.

Paypal comes out as the second most common company to be used in phishing schemes, as the brand is easily recognizable by many. While Paypal still remains a popular choice in targeting victims with fake emails, malicious URL targeting has been declining.

The third most popular company to be used in a phishing attack is Facebook, as Vade Secure tracked a 176% increase in fake URL use to target users’ social media accounts. The social network acts as a perfect opportunity for hackers to send phishing messages to victims’ friends. Facebook access can particularly be harmful if victims have third party applications connected, to which cybercriminals can also access. 

The report further lists other brands like Netflix, Bank of America, and Apple that are also used in these emails. Amazon is now the eighth most popular brand for phishing use by hackers, and its use has grown over 400% in just a year, this likely due to the popularity in Amazon Prime Day and the extensive number of shoppers on the site. 

Phishing attacks are continuously utilized by hackers due to the cheap and easy way it reaches a mass of users. If you receive any such suspicious emails in your inbox, mark it as spam immediately. If you are ever unsure about your account, log in through the company’s official site instead of clicking on malicious email links.

Boost Mobile Customer Accounts Breached by Hackers

Sprint’s mobile network Boost Mobile recently admitted to hackers having breached their customers’ accounts through their main website. The data breach originally occurred back in March and was only recently announced.

A website notification was posted to which the company stated that their site “experienced unauthorized online account activity [and that] an unauthorized person accessed [user] account[s] through [their] Boost phone number and Boost.com PIN code.” The company’s fraud team noted how the incident was quickly taken care of through “a permanent solution [that was used] to prevent similar unauthorized account activity.”

According to TechCrunch’s communication with a Sprint spokesperson, Boost Mobile had encrypted any social security or credit card information, leaving such sensitive data uncompromised in the data breach.

Due to the breach affecting a large consumer base of over 500 people, the company had to notify the California attorney general through written notice.

Through access to Boost Mobile’s user account names and PINs, hackers can utilize a type of cyberattack known as credential stuffing to automate and send login requests on the Boost Mobile site to access consumer accounts. The company has already sent a text with a new temporary PIN to those affected by the breach. Users can log into their accounts with the link provided in the text message in order to set a new PIN code. Boost Mobile recommends users reset their PINs if they have not done so already.

In the meantime, the company has also recommended that customers regularly check their Boost Mobile accounts for any fraudulent activity and to report any identity theft or fraud to consumer credit reporting companies.

FBI Takes Down Dark Web Site Deep Dot Web

Image Source: TechCrunch

The FBI has recently seized a dark web site and marketplace, Deep Dot Web, and has arrested several suspects thought to have connections to the site’s marketplace. The agency posted their notice on the website, revealing their warrant for the domain seizure.

Authorities arrested two individuals in Israel as well as others in France, Germany, and the Netherlands. The administrator of the site was taken into custody in Brazil. Those arrested in Israel were accused of helping facilitate weapon purchases and drug distributions via Deepdotweb dark site referrals as reported by The Times of Israel.

Admins of the website made millions from referring other users to purchasing illegal items on other sites.

This website take down comes after the Wall Street Market – another large scale dark web marketplace – was shut down by authorities in the U.S. and Germany. The marketplace was said to harbor illegal drugs and weapons as well as stolen user credentials.

Cybercrime Groups Still Operate Over Facebook Platform

Cisco’s Talos threat intelligence researchers have identified an ongoing cybersecurity problem that looms within Facebook: dozens of groups created to trade and purchase spamming and phishing services.

The groups have been noted as partaking in “shady (at best) and illegal (at worst) activities,” using easily identifiable and locatable names such as “Spammer & Hacker Professional” or “Facebook hack (Phishing)” and yet remained up and active without intervention from Facebook itself.

Researchers at Cisco have found approximately 74 groups that partook in cybercriminal activities such as selling stolen login and account credentials and banking information. Others would sell tools for email spamming. The groups had amassed around 385,000 members in total and were easy to search for through simple keyword phrases like “spam” and “carding” when one looked into Facebook group search.

Cisco’s Talos team had notified Facebook about the hacker groups through abuse reporting, to which Facebook had responded by removing a few of the groups while keeping others up and only removing some posts deemed as a violation of policy. After the Talos researchers spoke directly with Facebook’s security team, the groups were taken down, but the issue of cybercrime on the social media site still remains a prevalent problem as new groups always seem to emerge.

Such activity isn’t new to the Facebook community. Groups like these have been operating for years on the social media platform. Brian Krebs from KrebsonSecurity had found 120 cybercrime groups back in 2018, for example, notifying Facebook in order to have the groups removed.

A spokesperson told The Verge that “[Facebook] know[s] [it] needs to be more vigilant and [they’re] investing heavily to fight this type of activity.”

127 Million User Records From Various Sites Now Being Sold On Dark Web

The same hacker who had stolen 620 million user records has returned, this time stealing another 127 million records from various websites including Coinmama, Houzz, Petflow, and YouNow.

User data is now being sold over a dark web marketplace, Dream Market, where individuals sell malware and user data. Currently, the individual(s)–”Gnosticplayers”–is selling the stolen website credentials for around four bitcoin, which is approximately $20,000 in value according to TechCrunch’s reporting. The asking price varies based on which website the data is coming from, as well as user data quality. It is currently unclear on whether the hacker is acting alone or using a team effort in selling acquired user data from this breach.

ZDNet reports the following websites that were affected, including the number of accounts stolen and the price to which the seller is asking for:

  • Ge.tt (file sharing service) – 1.83 million accounts – 0.16 bitcoin
  • Ixigo (travel and hotel booking) – 18 million accounts – 0.262 bitcoin
  • Roll20.net (gaming) – 4 million accounts – 0.0582 bitcoin
  • Houzz (interior design) – 57 million accounts – 2.91 bitcoin
  • Coinmama (cryptocurrency exchange) – 420,000 accounts – 0.3497 bitcoin
  • Younow (live streaming) – 40 million accounts – 0.131 bitcoin
  • StrongHoldKingdoms (gaming) – 5 million accounts – 0.291 bitcoin
  • Petflow (pet food delivery) – 1 million – 0.1777 bitcoin

In just the last week, Houzz disclosed its data breach to users via email. This second wave of stolen data comes after a recent reporting by The Register which revealed sites such as MyHeritage, MyFitnessPal, HauteLook, and CoffeeMeetsBagel that were all breached in the previous week. Both MyHeritage and MyFitnessPal had already notified users of their website breach last year while CoffeeMeetsBagel had just announced their breach today. (Quite the Valentine’s Day surprise!)

Last week’s data breach which included the 620 million user accounts from 16 websites were taken down from the dark web by its seller, as “buyers complained that a prolonged sale would…lead to [the]…databases…becoming available to everyone,” as Catalin Cimpanu from ZDNet reports.

Email Account Compromise Losses Reach a New High of $12 Billion According to FBI Report

Between the dates of October 2013 and May 2018, more than 78,000 business email accounts (BEC) and email account compromise (EAC) scam incidents occurred. According to recent FBI data findings, both BEC and EAC scam losses significantly increased by 136% worldwide during the time frame of December 2016 to May 2018.

With the 78,617 BEC and EAC incidents reported, financial losses totaled a whopping $12 billion. Of those reported, 41,058 occurred within the U.S., as the nation took a great loss of $2.9 billion in finances. According to further statistical data provided, Asian banks from both China and Hong Kong are the primary targets for fraudulent fund transfers; Meanwhile, other emerging targets for fraudulent transfers also include the UK, Mexico, and Turkey.  

As the FBI explains in their PSA statement:

“The scam may not always be associated with a request for transfer of funds. A variation of the scam involves compromising legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees.”

Even the real estate industry has been greatly impacted, as collected statistics show an increase of 1,100% in BEC/EAC victims between the years 2015 to 2017.

With such cyber-security threats on the rise, it is most definitely encouraged to practice good cyber-hygiene to make sure your business stays safe from fraudulent email scams. With Inverselogic’s cyber-security service of simulated phishing tests, employees are trained and well prepared to identify cyber scams before clicking on an actual malware infested email link that could potentially harm your business.

Below is one example of a phishing email simulation test we created as part of our cyber-security services:

Once the link is clicked, employees are directed to an educational page that provides information on how to identify scam emails in the future.

Our business understands that network security is of utmost importance. That is why Inverselogic is here to help you every step of the way in ensuring your information is always protected from new and emerging email scam threats.  

To read more about our wide range of cyber-security services offered, please click here.

Cybersecurity Trends for 2016

Today we can do just about everything with the help of the internet- view and control bank accounts, peruse and shop from stores around the world, connect with new people or video chat with distant friends and family, even control smart objects like kitchen appliances from afar. The same effect can be observed in business, with more and more day-to-day operations becoming automated or conducted online.

It’s no surprise that privacy and online security is going to be a prolific topic of concern in 2016 and beyond. With all kinds of sensitive information being transferred between different parties, hackers have more opportunity than ever to try and steal information to either sell on the dark web or use for their own financial gain.

There are many precautions consumers and businesses should take to stay in control of their confidential information and protect business assets. For users, get started with our comprehensive Guide to Cyber Security and our Guide to Email Security.

For a general idea of cybersecurity trends, check out our infographic:

 

Cybersecurity 2016

In the coming weeks, we will continue our Cybersecurity series to help inform users of how to protect their information. Stay tuned for more on common social engineering tactics, how to protect your inbox through safe email practices, bolstering information security on mobile devices, and how to control what is shared on social media.

Interested in protection for your business? Visit our website to learn more about our cybersecurity services and contact Inverselogic to speak with an expert.