Reading Time: ~2 min.
“FBI Director” Phishing Campaign
A new email phishing
campaign has been making its way around the web that claims to be
from “FBI Director Christopher Wray,” who would love to assist with a massive
wire transfer to the victim’s bank account. Unfortunately for anyone hoping for
a quick payday, the $10 million check from Bank of America won’t be arriving
anytime soon, unless they are willing to enter more personal information and
send it to a Special FBI agent using a Yahoo email address. While most phishing
campaigns use scare tactics to scam victims, taking the opposite approach of
offering a large payout seems less likely to get results.
Magecart Skimming Script Works on Dozens of Sites
Following the many Magecart
attacks of recent years, a new payment skimming script has been
found that allows attackers to compromise almost any online checkout page without
the need to customize it for the specific site. The script currently works on
57 unique payment card gateways from around the world and begins injecting both
the loader and the exfiltration script when the keyword “checkout” is searched
for in the address bar.
Scammers Target Google Search Ads
Scammers are now turning towards Google Ads to post fake
phone numbers posing to be customer support for popular websites such as eBay
and Amazon. These phone
scammers will often tell those who call that there is something wrong with
their account and ask for a Google Play gift card code before they can help.
The ads will look as if they are legitimate which causes confusion to those who
call the phony numbers listed.
Citycomp Data Dumped After Blackmail Attempt
Shortly after discovering that their systems had been
announced they would not be paying a ransom for a large chunk of stolen client
data. Unfortunately for Citycomp, the hackers decided to make the data publicly
available after not receiving their requested $5,000. Amongst the stolen data
is financial and personal information for dozens of companies for which Citycomp
provides infrastructure services, though it may only be an initial dump and not
the entire collection.
Email Scam Robs Catholic Church of Over $1.7 Million
The Saint Ambrose Catholic Parish in Ohio recently fell
victim to email
scammers who took nearly $2 million from the church currently
undergoing a major renovation. The scammers targeted monthly transactions made
between the church and the construction company by providing “updated” bank
information for the payments and sending appropriate confirmations for each
transfer. The church was only made aware of the breach after the construction
company called to inquire about two months of missing payments.