Log In | Subscribe | | |

phishing

The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.

CoNet Section: 

This is so amateur that it's worth our publishing it. The "reply to" address is at a free and anonymous mail account in Hungary: georgievakristalina01@vipmail.hu . But there is something interesting.

FCRO Subsection: 

What is it with Hong Kong and its banks? The Hong Kong Monetary Authority has just announced yet another one is the victim of a passing-off campaign by internet fraudsters. It's the third this week and it's only Thursday.

And then there's this "In view of the latest situation of COVID-19, the HKMA hotline and Coin Cart services are temporarily suspended. The HKMA Information Centre is also temporarily closed to the public. Please visit the HKMA website/official Facebook page for details or latest updates:

Hotline services: HKMA website
Coin Cart services: HKMA website / official Facebook page
HKMA Information Centre: HKMA website"

BIScom Subsection: 

A spam purporting to be for "Richard White" a customer of the Main Savings Federal Credit Union has arrived. It tells him that he has collected more than 15,000 "CURewards points". And it wants him to log into a website for one of several different options.

BIScom Subsection: 

Russian criminals are offering a service of downloading entire websites and breaching the intellectual property rights of website content owners.

But that's not the only fascinating thing about the criminals' approach.

Basically, they are selling the rod and line to phishermen.

Want to create a fake bank website complete with contact forms? Here's how....

A warning from Vortex Centrum Limited, publisher of PleaseBeInformed.com and its various publications.

CoNet Section: 

Oh, good grief. Surely God doesn't have much to do with this idiot.

FCRO Subsection: 

"We discovered that our data source was modified by an unauthorized agent" says the e-mail that purports to be from LinkedIn. But it isn't. And there's even a little hint at the end to prove it.

IMPORTANT UPDATE

CoNet Section: 

A very convincing e-mail is being distributed. It falsely claims to be from South Africa's ABSA Bank and, so far as this newspaper can tell, is distributed to a spam-list that was first produced by or for the use of a training company since when it has gone into the wild, so to speak. It does not discriminate geographically. It contains an attachment (Credit Card Statement.htm). The full e-mail is below.

FCRO Subsection: 

Two related statements from the IRS and other agencies highlight two specific risks. The first is password security and the second is phishing, etc. scams. By the way, "Summit Partners" (which appears in the statements) isn't a firm - it's someone's idea of a buzzword. Ignore it. It only means "other government agencies." Also, they have one thing dangerously wrong.

It's not rocket science. Ever since (I think) 1998 when the BBC's lawyers blocked an explanation I gave to BBC TV on how the nature of HTML facilitates on-line fraud (the feared that it would increase the number of criminals using it) criminals have, indeed, used certain features of HTML to hide what they are up to and ordinary people have lost many millions of dollars and have suffered innumerable attacks on their computers simply because of one, very simple, trick, writes Nigel Morris-Cotterill

CoNet Section: 

The Hong Kong Monetary Authority released this statement at 17:30 HKG time (11:30 GMT) today.

BIScom Subsection: 

A very suspicious e-mail spoofing email addresses of not one but two banks and appearing to link to a website appearing to relate to an embassy has been received at the offices of The Anti Money Laundering Network. The hook is information on OFAC blacklists. The mail is in HTML format and therefore disguises the destination of links and also enables the placing of in-line graphics. We place regulators, enforcement agencies and those in financial institutions, especially in compliance and risk management, on alert.

The Hong Kong Monetary Authority (HKMA) has issued warnings relating to fake websites and/or phishing attacks on customers of three banks: China Citic, OCBC Wing Hang and Bank of China.

FCRO Subsection: 

Sending server: webmail.123-reg.co.uk
Request for External Wire transfer

CoNet Section: 

bolor@euroexchangesecurities.co.uk
*Swift Outward Transaction Report*

FCRO Subsection: 

Pages

hahagotcha