Holiday Phishing Scams Target Job Seekers

'Tis the season for shopping, time spent with friends and family, and preparations to celebrate the holidays. As most of us plan for the coming season, cyber criminals are looking for opportunities catch victims off guard and steal valuable personal information. People looking to supplement their gift-giving budget with a seasonal holiday job should take a close look at job listings before pursuing offers found online or in their email inboxes. Job scams target those looking for part-time holiday work, specifically aiming to steal personally identifiable information that is often requested on applications for employment. We have observed mass spam email-based job scams using branding from well-known retailers such as Target and Walmart that commonly offer seasonal employment. 
Read more

Adwind Remote Access Trojan Still Going Strong

 A Java-based Adwind Remote Access Trojan campaign has been observed sending spam emails containing a malicious JAR file under the guise of “Request For Quotation,” “Transfer Import,” “Swift Copy,” “Proforma Invoice,” “DHL Delivery Notification” and many others.  Adwind, also known as jRAT and JSocket, is a cross-platform remote access tool designed to run on Mac OS, Windows, Linux, and Andriod systems to exfiltrate sensitive data from its victims. It has been known to, but is not limited to, log keystrokes, take pictures and record audio, steal cached data such as passwords and form fills, download/execute malware, amass system and user information, and modify registry entries.
Read more

Credential Theft: How To Spot a Phish

When people think about phishing, their mind often turns immediately to ransomware. And for good reason. After all, there have been dozens of high profile ransomware attacks in recent months. But you know what? An even greater proportion of phishing lures don’t contain ransomware. Instead of extorting money from you, they have an ulterior motive: they’re designed to steal your identity. Well, OK. They’re designed to steal your login credentials… but in reality that isn’t far short of stealing your identity.
Read more

Tech Support Scams: How To Spot a Phish

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear. In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine. Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.
Read more

Globe Imposter Ransomware Makes a New Run

In the world of cyber security, there are some threats that seem to have been specifically designed to wreck your day. Ransomware is one of those threats. Even if you have secure backups, and they’re kept safely away from the rest of your network, the time it takes to restore from them and remove all traces of the offending trojan is sure to get your blood boiling. So when a new ransomware threat arises, it pays to make sure your house is in order, and your users are on high alert.
Read more

New Tech Support Scam Strikes Amazon, eBay, and Alibaba Customers

In a world where new cyber threats seem to develop almost daily, it’s easy to forget that some tactics have stood the test of time. Since mid-May, PhishLabs has been tracking an ongoing consumer-focused email phishing campaign. And what tactic have they been using? The dreaded tech support scam. No matter how much technology develops, threat actors will nearly always default to the simplest tactic that still works. And when it comes to consumer-focused phishing, there’s nothing simpler (and more effective) than a well constructed tech support scam.
Read more

Evolving Tactics in Tax Phishing: A Recap of the 2017 Tax Season

It used to be said that the only certain things in life were death and taxes. But this adage is in desperate need of an update. In the age of technology, the only certain things in life are death, taxes, and phishing scams. And scams targeting taxpayers and tax preparers are just the tip of the iceberg. This tax season, schools, nonprofits, NGOs, state/local governments, and aid organizations have also found themselves the targets of wide ranging tax and W-2 phishing scams. 
Read more