The Latest in Phishing: February 2015

We bring you the latest in phishing attacks from the wild.

• "Operation Arid Viper" used spear phishing attacks against Israeli organizations with inappropriate content as a lure for users, with the end goal of installing malicious malware that "takes and saves screenshots from user activity, logs and files keystrokes, and proceeds to trawl the victim machine for documents."
• Hundreds of millions of dollars were stolen when hackers in Europe and Asia used a variety of tactics, including spear phishing attacks, to infiltrate banks' networks and steal money from customer accounts, ATMs, and more. The attacks took place over the course of two years, and went undetected until recently.
• iCloud users should be wary again, as another phishing attack was spotted targeting them. The phishing email claims your account may be compromised due to a fake purchase, and urges you to cancel the order.

Increase your security response team's efficiency with PhishAlarm Analyzer

• In wake of the Anthem data breach, which may have compromised information from up to 80 million Americans, there have been several fake phishing attacks sent out alleging to be from Anthem. For anyone who may have had their data compromised, please be aware that Anthem will be sending physical letters, not emails, to those that may have been affected. Additionally, Anthem will not be calling affected persons.
• In a very sophisticated attack, smishing, vishing, and phishing attacks were coordinated in a campaign targeting customers at several major U.S. banks. The attacks largely occurred in the Southern US, and redirected Holiday Inn lines to fake voice messages from major U.S. banks.
• Are you a cryptocurrency enthusiast? Coinbase users were targeted in a phishing attack asking users to accept new terms of service. If you were affected, you can contact Coinbase and they will reimburse you for your stolen coins.
• "Desert Falcon Group", a group of hackers from the Middle East, used spear phishing emails and fake social profiles to allegedly steal more than 1 million files from victims.
• A new phishing scam targeting parents is falsely claiming to be an alert about child predators. This might be the most distasteful phishing attack we have seen in the wild since we started these alerts.