Bleeping Computer: Office 365 Phishing Page Comes with Live Chat Support. “Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. But things don’t always work the way the cybercriminals intend and their bluff was called by security researchers spotting the scam a mile away.”
Ars Technica: Behold, the Facebook phishing scam that could dupe even vigilant users. “Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login windows on malicious sites, researchers said this week.”
Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”
Gizmodo: Don’t Fall For This New Google Translate Phishing Attack. “Phishing emails use a variety of approaches that all have the same goal: Convincing you to click a link before you’ve properly investigated whether or not it’s safe. This week, a security researcher at Akamai outlined a novel phishing approach that they recently encountered in their inbox that attempts to use Google translate links to mask disreputable links.”
Ars Technica: Google Play apps with >4.3 million downloads stole pics and pushed porn ads. “Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.”
The Windows Club: Emsisoft Browser Security blocks malware and phishing attacks . “These two are dangerous. While one can turn your computer unusable, the later can steal your account details along with your passwords. Emsisoft Browser Security is a new light-weight browser extension for Firefox and Chrome which can stop both of them.” Sounds promising, but I can’t get past the really broad permissions these kinds of extensions need.
The Register: Fake ‘U’s! Phishing creeps use homebrew fonts as message ciphers to evade filters . “Security house Proofpoint reports this week that miscreants hoping to steal login credentials from customers of ‘a major retail bank’ were able to hide their phishing emails from automatic detection tools by seemingly scrambling their messages into gibberish. Once rendered in an email client, the messages appear as coherent text, thanks to a custom font unscrambling the letters.”