The Latest in Phishing: June 2016

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

• The 2016 Verizon Data Breach Investigations Report found that 89% of data breaches had a financial or espionage motive, with the median time for the first user of a phishing campaign to open the malicious email clocking in at 1 minute, 40 seconds.
• Symantec’s latest Internet Security Threat Report identifies the UK as the most targeted nation for spear phishing attacks in 2015, suffering more than 7.5 million attacks, a 200 percent increase year-on-year.
• Microsoft released its latest Security Intelligence Report, revealing that 49% of malicious attacks originate in Asia. The report highlights research on a “newly discovered determined adversary group, which Microsoft has code-named PLATINUM.”
• Business email compromise (BEC) continues to rise. A recent FBI PSA reveals that there has been a 1,300% increase in identified exposed losses from BEC scams since January 2015.
• Kaspersky Lab researchers have spotted a spike in phishing attacks leveraging the 2016 Rio Olympics, with the most effective scams being those that emulate ticket sale services.
• Researchers at Proofpoint have uncovered a new ransomware called “Bart.” The sophisticated malware is delivered via .zip attachments containing JavaScript code.

Increase your security response team's efficiency with PhishAlarm Analyzer

Phishing Attacks:

• An opportunistic, broken phishing scam targeting tech journalists has exposed the potential risks associated with using Google Docs for business purposes.
• A NASCAR team was hit by a ransomware attack that netted $600 from the team in an effort to avoid any disruption in competing in future races. According to SC Magazine, “The team estimated that to recreate this data, it would have taken the team nearly 1,500 man-hours.”
• More than 100 phony Bitcoin and blockchain domains have been set up in the past month by attackers whose aim is to steal Bitcoin and blockchain wallet credentials. According to Threatpost, this campaign utilizes a combination of phishing and “typosquatting” (also known as URL hijacking) and is believed to be in the early stages.
• Several different airlines and travel companies were the victims of a large-scale phishing campaign that illegally acquired roughly $2 million in plane tickets. The Cameroon-born hacker has since been extradited to the U.S.
• Data for more than 7,500 students at the City College of San Francisco was compromised as the result of an employee falling victim to a phishing email that was disguised as a request for student information.
• The Kern County Superintendent of Schools Office experienced a data breach that affected more than 2,500 employees, the result of a phishing email designed to look like a payroll data request from the assistant superintendent of HR.
• A new Trojan that actively targets Windows XP, WP 64-bit and Server 2003 has attacked Mexico’s second-largest bank, infecting users in the U.S. and Mexico.
• A has stolen close to $500K from a Troy, Michigan investment firm. The wire transfer fraud wasn’t noticed until eight days after it took place.
• The Lansing Board of Water and Light’s network was infected by ransomware, preventing workers from accessing email and other documents.
• Two Wyoming Medical Center employees fell for a phishing attack that exposed the data of more than 3,000 patients. The culprits had access to employees’ emails for 15 minutes.
• Netflix users in Ireland are being hit with a new wave of phishing emails posing as the company asking them to update their account information.
• The BBC has reported that thousands in the UK have been targeted by a sophisticated phishing email that includes the recipient’s physical address.
• An employee in the finance department of Tidewater Community College was the victim of a business email compromise (BEC) attack that exposed the personal tax data of more than 3,000 current and former employees.
• Columbus REALTORS^® warns of a closing scam involving wire fraud that is happening in central Ohio in both residential and commercial transactions, citing at least nine attempts and counting.