Krebs on Security: SMS Phishing + Cardless ATM = Profit

Krebs on Security: SMS Phishing + Cardless ATM = Profit. “A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs.”

Krebs on Security: Voice Phishing Scams Are Getting More Clever

Krebs on Security: Voice Phishing Scams Are Getting More Clever. “Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).”

The Atlantic: Phishing Is the Internet’s Most Successful Con

The Atlantic: Phishing Is the Internet’s Most Successful Con. “In the classic 1973 heist movie The Sting, two con men—played by Robert Redford and Paul Newman—build a fictitious world in a Depression-era Chicago basement to defraud a corrupt banker. They make an offtrack-betting room, hire actors to ensure the scene is convincing, and even enlist pretend law enforcement to fake-bust their mark. The film is memorable because it is one of the finest movies in the genre, well written and funny, but also because the duo’s work is so meticulously detailed. The con has changed since then, both short and long. In this age, the online equivalent of The Sting is a phishing site: a fake reality that lives online, set up to capture precious information such as logins and passwords, bank-account numbers, and the other functional secrets of modern life.”

Motherboard: This Twitter Bot Will Tell You if a Login Page is Phishing

Motherboard: This Twitter Bot Will Tell You if a Login Page is Phishing. “It may not be as technically interesting as a fancy iPhone exploit chain, or a sophisticated piece of malware, but phishing is the real threat for plenty of different people. Activists, journalists, politicians, and ordinary consumers trying to keep hackers out of their accounts all have to worry about dodgy domains posing as login pages. Now a Twitter bot may be able to help you decide if that Outlook, iCloud, or Gmail login page is legitimate.”

Ars Technica: Microsoft shuts down phishing sites, accuses Russia of new election meddling

Ars Technica: Microsoft shuts down phishing sites, accuses Russia of new election meddling. “Russia has denied any knowledge of a spear phishing attempt that allegedly mimicked the domains of the US Senate and two US-based think tanks. Russia’s denial came after Microsoft said it detected and shut down the campaign.”

Krebs on Security: The Year Targeted Phishing Went Mainstream

Krebs on Security: The Year Targeted Phishing Went Mainstream. “It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.”

BetaNews: Microsoft overtakes Facebook as the #1 spoofed brand

BetaNews: Microsoft overtakes Facebook as the #1 spoofed brand. “Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data. New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.”