CoinTelegraph reports: A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether. The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. Read more at CoinTelegraph.
Category: Phishing
Oops! ‘Phishing’ scam cost small Ohio city $219,000, finance director his job
Dean Narciso reports: Phishing-scam training has become a commonplace requirement in many workplaces these days. But not everyone is adhering to its lessons. When emails from a fake paving company landed in the inbox of an accounting assistant working for a small Ohio city last month, the assistant was hooked. The author pretended to be an existing vendor and persuaded…
Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate
Clifford Lo reports: Hong Kong police have cracked the local operation of an international phishing syndicate that used 563 bogus mobile applications to spy on phones globally and steal information. Officers also tracked down 258 servers around the world that were linked with the apps, according to Senior Superintendent Raymond Lam Cheuk-ho of the force’s…
Heads up: Highmark Health will be notifying 300,000 patients of a phishing incident. Watch for your mail this month.
Highmark Health defines itself as a “national, blended health organization” that includes the Highmark Health Plan (a Blue Cross Blue Shield insurer); a regional hospital and physician network; and companies that offer dental solutions, reinsurance solutions, population health management, and technology solutions. Letters have not gone out yet and will not be going out in…
Hackers are using this new trick to deliver their phishing attacks
Danny Palmer reports: Cyber criminals are using uniquely crafted phishing emails to infect victims with malware — and they’re doing so by experimenting with a new method of delivering the malicious payload. According to analysis by Proofpoint, there’s been a rise in cyberattackers attempting to deliver malware using OneNote documents, a digital notebook signified by .one extensions that is part…
Microsoft disables verified partner accounts used for OAuth phishing
Bill Toulas reports: Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP…