Social Engineering











        The FBI Updates Their Numbers And BEC Is Now A 26 Billion Dollar Scam. FBI's Internet Crime Complaint
        Center (IC3) says that Business Email Compromise (BEC) scams —aka CEO Fraud—are continuing to grow every
        year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019. Also,
        between June 2016 and July 2019, IC3 received victim complaints regarding 166,349 domestic and
        international incidents, with a total exposed dollar loss of over $26 billion. "One variation involves
        compromising legitimate business email accounts and requesting employees’ Personally Identifiable
        Information or Wage and Tax Statement (W-2) forms," adds IC3..

                Source: https://blog.knowbe4.com/the-fbi-updates-their-numbers-and-bec-is-now-a-26-billion-dollar-
                scam



        Twitter Suspends SMS-Based Tweeting After High-Profile Account Hacks. Twitter on Wednesday announced
        that it would turn off its Tweet via SMS feature for an unspecified period following abuses that led to hackers
        posting from at least two high-profile accounts. One of the victims was Twitter co-founder and CEO Jack
        Dorsey, whose feed got hijacked on Friday and posted racial slurs and even a fake bomb threat at the Twitter
        headquarters. The most recent successful attack was on actress Chloë Grace Moretz’ account, which sent out
        tweets suggesting that the same hackers were behind the deed, a group calling themselves Chuckling Squad.
                Source:  https://ctovision.com/twitter-suspends-sms-based-tweeting-after-high-profile-account-hacks/




        Iranian hackers resume credential-stealing phishing attacks against universities around the world. An Iranian
        hacking operation has expanded a global phishing campaign that targets universities in an attempt to steal
        usernames and passwords. Dubbed Colbalt Dickens, the campaign was initially detailed in August last year,
        with researchers at Secureworks blaming cyberattacks targeting universities in 14 countries on a hacking group
        linked to the Iranian government. The purpose of the attacks is to steal intellectual property, which can either
        be exploited or sold on for profit.

                Source:  https://www.zdnet.com/article/iranian-hackers-credential-stealing-phishing-attacks-against-
                universities-around-the-world/



        Nemty Ransomware Infests Bogus PayPal Site. BleepingComputer describes a PayPal phishing site that’s
        delivering a new strain of Nemty ransomware. The attackers used Unicode characters from different alphabets
        to make their URL look like PayPal’s legitimate domain. The slickly designed web page offers users a 3-5%
        return on PayPal transactions if they download an official PayPal browser extension. Users who click the
        download button will receive a file named “cashback.exe.” Running this executable will infect the user’s system
        with the ransomware. Nemty ransomware has been around for a while, but it began attracting attention last
        month. It was recently observed spreading via the RIG exploit kit, and it may have been going after exposed
        RDP connections. The PayPal phishing site suggests that Nemty’s operators are interested in using multiple
        channels of distribution.

                Source:  https://blog.knowbe4.com/nemty-ransomware-infests-bogus-paypal-site





                                                    www.accumepartners.com
                                                                                                                     9