In the world of online hacks, phishing attacks are still one of the most prevalent. They rely primarily on exploiting our trust. The more realistic the message appears, and coming allegedly from a reliable source, a high percentage of us is always likely to take the bait. We all think we can spot fake bank e-mails, but hackers are way ahead of our imagination and surprise us every day with their more and more creative approach. What are the most creative phishing attacks happening now?
The current frontier of phishing attacks, mobile apps, are a great way to get the data not only from teens oblivious to online security but even from a seasoned professional, because we simply do not expect to be attacked like that. The new frontier for spammers and phishers is born.
Kasperski Lab identified spam and phishing attacks using mobile apps like WhatsApp.
Last month saw hackers compromise social network LinkedIn with St.Patrick’s Day theme email. The message offered users a free premium account and prompted the recipient to click on the link leading to a phishing page rather than the official LinkedIn site. The login and password entered by the user were forwarded to the fraudsters.
Recently our inboxes have been flooded with notifications about undeclared income or a message stating that a previously filed tax return was fake. The temptation to find out more is why many recipients open the attachments in emails like these. Unfortunately there is no financial report in the attachment, but an information stealing Trojan.
.Ink files are Windows Shortcut files, nothing new to hackers. The actual email may look like it came from a legitimate source, with what looks to be a PDF document and a ZIP archive.
In reality the file “statement.pdf” isn’t a pdf but an executable, while the ZIP archive includes a collection of .Ink files and a copy of the executable “statement.pdf”. You can read more on it here .
So what does this mean for the recipient? An attack composed in this way allows criminals to bypass any email gateways that seek to block executable file simply analysing the extension instead to examine the file contents.
Voice Over IP phishing (known as Vishing) is a form of phishing that targets victims to give up payment information from a phone call or SMS. The scams appear to come from banks, and give instructions on how to proceed forward to do certain tasks for the hacker. A recent VoIP phishing campaign has been targeting and successfully stealing up to 250 Americans payment information per day.
Although vishing attack method itself is not new, the number of reported attacks has increased recently. It is believed the attackers are using email-to-SMS methods to inform victims their debit card has been deactivated. The victim receives a text message that the ATM card has been deactivated. The user is then prompt to call the number in the message. Once the phone call is initiated, the victim is told to enter their card number and pin to reactivate the card. From there the attackers obviously log the data, and can use the data to cash out later.
Be vigilant when you get any messages where the recipients are undisclosed or it comes from a respectable source that never graced you with an email, like a bank (uhum) or Inland Revenue. Stay safe guys!
Image credit: Ita Puji blogPosted May 15, 2014
Frostbox is a social media backup service that allows you to make a copy of the most important data (like photos, contacts, followers and more) from your social accounts on Facebook, Twitter, Gmail, Linkedin, Foursquare, Flickr, Instagram & Tumblr.
We love giving stuff away free, sign-up to Frostbox and start backing up your social media accounts.Sign Up Now