Krebs on Security: Legal Threats Make Powerful Phishing Lures

Krebs on Security: Legal Threats Make Powerful Phishing Lures. “Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.”

Engadget: Chrome exploit uses a fake address bar for phishing attacks

Engadget: Chrome exploit uses a fake address bar for phishing attacks. “Cyberattackers don’t need to find obscure technical flaws to launch phishing attacks — they might just need a screen capture and some clever web coding. Developer James Fisher has found a relatively simple exploit in Chrome for mobile that takes advantage of how the app displays the address bar. When you scroll down from the top of a page, the approach displays a fake address bar that won’t disappear until you visit another site. The attacker can even craft the page to prevent you from seeing the real address bar when you scroll up.”

TechCrunch: TrickBot malware attacks are ramping up ahead of Tax Day

TechCrunch: TrickBot malware attacks are ramping up ahead of Tax Day. “TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets vulnerable devices on the network and combs for passwords and banking information to send back to the attacker. The collected information can be used to steal funds for fraud. The ever-expanding malware is continually developed to collect as many credentials as possible.”

Bleeping Computer: Office 365 Phishing Page Comes with Live Chat Support

Bleeping Computer: Office 365 Phishing Page Comes with Live Chat Support. “Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. But things don’t always work the way the cybercriminals intend and their bluff was called by security researchers spotting the scam a mile away.”

Ars Technica: Behold, the Facebook phishing scam that could dupe even vigilant users

Ars Technica: Behold, the Facebook phishing scam that could dupe even vigilant users. “Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login windows on malicious sites, researchers said this week.”

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”