| | | Effective PR

phishing

The Hong Kong Monetary Authority has issued a warning that customers of WeLab Bank are the target of a phishing scam. WeLab prides itself on being Hong Kong's "only home grown virtual bank." But it's more than a bank so the scam has potentially much wider implications.

BIScom Subsection: 

It's headed "Thanks for shopping 172.128.45.53"

It claims to be from PayPal Billing - with the address grant5978gol@gmail.com

But it's got information (albeit wrong) that suggests at least some knowledge of our company.

BIScom Subsection: 

This is a far from infrequent occurrence. In fact, it happens so often that it falls into that hole where due diligence and newsworthiness do not collide. So as a news outlet, we pay less attention to it than we would if we were a provider of due diligence information. Here's a round-up of recent announcements from the HKMA.

FCRO Subsection: 

I am so blessed. This chap has purloined money from a cryptocurrency account and wants to send it to me. So he chose an address at antimoneylaundering.net.

FCRO Subsection: 

The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.

CoNet Section: 

This is so amateur that it's worth our publishing it. The "reply to" address is at a free and anonymous mail account in Hungary: georgievakristalina01@vipmail.hu . But there is something interesting.

FCRO Subsection: 

What is it with Hong Kong and its banks? The Hong Kong Monetary Authority has just announced yet another one is the victim of a passing-off campaign by internet fraudsters. It's the third this week and it's only Thursday.

And then there's this "In view of the latest situation of COVID-19, the HKMA hotline and Coin Cart services are temporarily suspended. The HKMA Information Centre is also temporarily closed to the public. Please visit the HKMA website/official Facebook page for details or latest updates:

Hotline services: HKMA website
Coin Cart services: HKMA website / official Facebook page
HKMA Information Centre: HKMA website"

BIScom Subsection: 

A spam purporting to be for "Richard White" a customer of the Main Savings Federal Credit Union has arrived. It tells him that he has collected more than 15,000 "CURewards points". And it wants him to log into a website for one of several different options.

BIScom Subsection: 

Russian criminals are offering a service of downloading entire websites and breaching the intellectual property rights of website content owners.

But that's not the only fascinating thing about the criminals' approach.

Basically, they are selling the rod and line to phishermen.

Want to create a fake bank website complete with contact forms? Here's how....

A warning from Vortex Centrum Limited, publisher of PleaseBeInformed.com and its various publications.

CoNet Section: 

Oh, good grief. Surely God doesn't have much to do with this idiot.

FCRO Subsection: 

"We discovered that our data source was modified by an unauthorized agent" says the e-mail that purports to be from LinkedIn. But it isn't. And there's even a little hint at the end to prove it.

IMPORTANT UPDATE

CoNet Section: 

A very convincing e-mail is being distributed. It falsely claims to be from South Africa's ABSA Bank and, so far as this newspaper can tell, is distributed to a spam-list that was first produced by or for the use of a training company since when it has gone into the wild, so to speak. It does not discriminate geographically. It contains an attachment (Credit Card Statement.htm). The full e-mail is below.

FCRO Subsection: 

Two related statements from the IRS and other agencies highlight two specific risks. The first is password security and the second is phishing, etc. scams. By the way, "Summit Partners" (which appears in the statements) isn't a firm - it's someone's idea of a buzzword. Ignore it. It only means "other government agencies." Also, they have one thing dangerously wrong.

It's not rocket science. Ever since (I think) 1998 when the BBC's lawyers blocked an explanation I gave to BBC TV on how the nature of HTML facilitates on-line fraud (the feared that it would increase the number of criminals using it) criminals have, indeed, used certain features of HTML to hide what they are up to and ordinary people have lost many millions of dollars and have suffered innumerable attacks on their computers simply because of one, very simple, trick, writes Nigel Morris-Cotterill

CoNet Section: 

The Hong Kong Monetary Authority released this statement at 17:30 HKG time (11:30 GMT) today.

BIScom Subsection: 

Pages