The Latest in Phishing: First of 2017

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

• Phishing attacks for 2016 began falling in Q3, according to the Anti-Phishing Working Group (APWG), with the total number of phishing sites detected decreasing 25% from record highs reported in Q2. Read their latest report to get a detailed view of the recent trends appearing in the wild.
• A study by Proofpoint has found that social media-based phishing attacks jumped 500% in Q4 2016. The increase was attributed to fraudulent accounts and actors posing as customer support reps for large brands.
• Our 2017 State of the Phish™ Report was released in January. The report compiles data from tens of millions of simulated phishing attacks sent through our platform over a 12-month period, and an extensive survey of infosec professionals to measure their knowledge and behavior around phishing and ransomware. The report provides direct insight into how various organizations and industries are protecting themselves against the latest threats.
• GreatHorn’s 2017 Spear Phishing Report revealed that 91% of corporate phishing attacks are display name spoofs, noting the average business end user “faces at least one risky email per day.”
• A new study from H.R. Rao at the University of Texas at San Antonio identifies overconfidence in detecting phishing emails as the main reason so many end users fall for these types of scams, with most people believing they are smarter than the actors responsible for the attack.

Increase your security response team's efficiency with PhishAlarm Analyzer

Phishing Attacks:

• Indianapolis-based Monarch Beverage was the victim of a phishing scam in which copies of employees’ W-2 forms were sent to an attacker two years in a row. The company plans on providing three years of credit protection services to those affected.
• A phishing exploit involving viewing other users’ profiles on the popular online gaming platform Steam was discovered. Whispers of the vulnerability first emerged via Reddit, where users claimed that viewing the profiles of other Steam members who were abusing the exploit could result in stolen credentials. Parent company Valve has since fixed the issue.
• The IRS has issued a warning as W-2-related phishing scams begin to ramp up while the U.S. moves towards the height of tax season. As of February 6, the latest round of attacks has already claimed close to 30,000 victims. The IRS added that this year, scammers have begun attempting more sophisticated attacks involving wire transfers, and the agency has instructed organizations to be on high alert.
• Multiple employees of North Carolina’s Davidson County School System fell victim to a phishing scam, which resulted in the breach of Social Security numbers for employees and independent contractors. This scam is reported to have targeted multiple school districts across the country, using the names of school officials in an effort to gain access to sensitive data.
• A newspaper phishing scheme is making the rounds in Australia, Europe, the Middle East, and (most recently) New Zealand. Scammers posing as representatives from V Cases — a mobile phone repair company offering bulk, discounted electronics for purchase — have been posting fake ads in an effort to obtain sensitive financial information. They have even gone so far as to use the company’s ABN (Australian Business Number) to appear legitimate. The proper authorities have been notified, but V Cases may have to change its ABN to thwart future attempts.
• Certain KeyBank customers have found themselves the target of a smishing attack claiming there’s an issue with their account. Recipients of the message are prompted to click on a malicious link or call a number that does not belong to KeyBank. The company was made aware of the scam and responded quickly in an effort to curb any substantial impact to customers.
• A sophisticated Gmail phishing scam which serves up a fake login page to steal users’ credentials has been reported on by several outlets. The email takes advantage of compromised accounts in an attempt to get recipients to click on an attachment, granting the actor full access to the victim’s account. It is rumored the attack can even bypass two-factor authentication. Although there is no way to check if an account has been compromised, Gmail users have been urged to change their passwords and pay close attention to their browser’s location bar.
• British police have issued a warning regarding a phishing scam posing as the charity Migrant Help. The email contains the recipient’s real name and phone number with a fake receipt. The attack utilizes Ramnit malware, a banking Trojan “designed to steal bank customer login credentials for theft and fraud,” which has evolved to become highly dangerous.
• Despite the UK’s HM Revenue and Customs (HMRC) department reporting last December that it had reduced the number of phishing emails its customers receive by 300 million, this threat vector remains a focus for its cybersecurity team. Residents were warned that a number of fraudulent emails are still in circulation, including one that poses as the recipient’s refund payment confirmation number, and the HMRC has urged citizens to be mindful this tax season.
• A vulnerability in multiple web browsers was discovered by Finnish developer Viljami Kuosmanen in which autofill may provide a website with more information than the user has bargained for. Kuosmanen has created a website that illustrates the dangers of enabling this feature. Users of Chrome, Safari, and Opera have been urged to turn it off immediately.
• An Amazon Marketplace scam has been making the rounds, capitalizing on those looking for deals during the post-holiday shopping season. The scammers post “used, like new” electronics that point to a fraudulent payment site. When the customer reaches out after realizing their order wasn’t fulfilled, they are directed to a non-Amazon site to complete their purchase. Amazon has issued a statement and taken some action to remove the listings, but they persistently appear due to their success rate.