Microsoft Warns of Emails Bearing Crafty PDF Phishing Scams

Microsoft is warning email users of other crafty schemes, this time involving PDF attachments.

PDF, short for the Portable Document Format pioneered by Adobe, is a popular method of distributing content online. Cyber-attackers are banking on its ubiquity, particularly in the workplace, to ensnare office workers. The latest phishing attempts may slip through an antivirus software’s defenses.

Sometimes spoofing real employees at legitimate companies, one attack involves sending a product or service quote as a file attachment (Quote.pdf). Once opened, the PDF file, crafted to mimic an error message, leads users to an online login page that offers access to the ostensibly confidential information contained in the PDF file.

You can read about it in an article by Pedro Hernandez at https://goo.gl/uu4I5u.

A Massive India Call Center Swindled 15,000 Americans

The Justice Department recently indicted one Indian company for scamming “hundreds of millions of dollars” from over 15,000 victims, placing more than 1.8 million phone calls to Americans. Call center employees would impersonate U.S. Internal Revenue Service officials and would threaten Americans, demanding immediate payment to cover back taxes. In fact, no back taxes were owed.

Continue reading

Authorities Just Shut Down One of the World’s Largest Malware Networks

One of the largest botnet infrastructures in the world was finally annihilated in a joint effort by law-enforcement authorities and cybersecurity researchers in 30 countries. Over 800,000 domains have been seized, sinkholed or blocked, in “Operation Avalanche,” as the law-enforcement sting was known. A total of 39 servers have been seized, eight of them located in Romania. Another 221 have been put offline.

The German police learned there were millions of computers infected. Victims attacked using the Avalanche infrastructure have lost hundreds of millions of dollars, according to estimates byEuropol, the European Union’s law enforcement agency. Over 40 major financial institutions have been targeted, announced CERT-US.

Details may be found in an article on Motherboard at: https://goo.gl/MqI6lN.

International Authorities Take Down Massive ‘Avalanche’ Botnet

Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named “Avalanche,” estimated to have involved as many as 500,000 infected computers worldwide on a daily basis.

“The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,” the FBI and DOJ said in their joint statement.

Details may be found at https://goo.gl/aj1YXQ.

Ransomware is Being Spread by Infected Image and Graphic Files on Facebook and LinkedIn

Security researchers recently discovered Locky Ransomware being spread on Facebook and LinkedIn. The malware is distributed by infected image and graphic files. Users are prompted to download a codec allowing them to view the file in question.

Once users download and open the malicious file they receive – all the files on their personal device are automatically encrypted and they can only gain access to them after a ransom is paid. The industry estimation is that the campaign is still raging and accumulates new victims every day.

Continue reading

How to Spot Fake iOS and Android Apps

The New York Times and New York Post discovered hundreds of counterfeit shopping apps in Apple’s App Store. This is also a problem seen in Google’s Play store. While some of these apps will display annoying banner ads, others could have more serious consequences.

Some apps may contain malware that could steal personal information. Scammers could also benefit from unsuspecting customers entering credit card information in these bogus apps.

Details may be found in a C|Net article by Dan Graziano at https://www.cnet.com/how-to/how-to-spot-fake-ios-and-android-apps.