Page 10 - Threat Intelligence 11-27-2019
P. 10
Tech Support Scammers Exploiting Unpatched Firefox Bug. Mozilla is working on addressing a Firefox bug that
has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.
Attacks were spotted recently by Jérôme Segura of Malwarebytes, who told SecurityWeek that there are
currently two known Firefox bugs that have been abused in tech support scams. Exploitation only requires that
users visit the websites set up by the cybercrooks. These sites display warnings and instruct victims to call
“Windows support” at a specified number. Based on information in the new bug report created by Segura,
Mozilla has known about this issue for at least three months — Mozilla developers flagged Segura’s report as a
duplicate — but a fix has yet to be released. Based on discussions in the bug reports, a patch is expected to be
included in Firefox 71, which is scheduled for release on December 3. Until a patch becomes available, users
who encounter the scam websites can forcefully close Firefox from the Task Manager on Windows or using the
Force Quit option on macOS — the bug affects Firefox on both Windows and macOS.
Source: https://www.securityweek.com/tech-support-scammers-exploiting-unpatched-firefox-bug
Warning as Irish firms lose millions in sophisticated invoice scams. Two firms lost €650,000 recently in the
so-called invoice redirection fraud. The companies lost the money after responding to what looked like
legitimate invoices from suppliers. The scam sees criminals send emails to businesses and individuals
purporting to be a legitimate supplier. These emails contain a request for the firm to change the bank account
details on record for the supplier to new bank account, controlled by the criminals. These requests can also
come by way of letter or phone call. In many instances the business does not know it is a victim of this scam
until the legitimate supplier sends a reminder invoice seeking payment, gardaí said. He said the those behind
the scam were able to compromise the email system to make it look like the scammers were sending a
legitimate invoice.
Source: https://www.irishtimes.com/news/ireland/irish-news/warning-as-irish-firms-lose-millions-in-
sophisticated-invoice-scams-1.4079003
TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait. Fake sexual harassment complaints
appearing to come from the U.S. Equal Employment Opportunity Commission are the latest baits used by
attackers to disseminate TrickBot banking Trojan payloads onto computers of unsuspecting employees of large
companies. As part of this campaign, the malware operators use information collected for each target such as
their names, the company they work for, their job titles, and even their phone numbers to customize the
phishing emails in order to make them a lot more convincing.
Source: https://www.bleepingcomputer.com/news/security/trickbot-malware-uses-fake-sexual-
harassment-complaints-as-bait/
Fraudsters Use Salary Increase Scam to Steal Employees’ Credentials. Digital fraudsters have launched a new
phishing campaign that uses a salary increase scam to trick employees into handing over their credentials.
Spotted by the Cofense Phishing Defense Center, the campaign used spoofing techniques to trick recipients
into thinking that the attack emails came from their HR department. Those emails claimed that the recipient’s
wages would increase as part of a larger organization-wide effort to raise salaries in November 2019 and begin
paying out these increases the following month. In support of this ruse, the emails came with an embedded
link to what it claimed was a spreadsheet detailing employees’ raises. Ultimately, the salary increase scam
campaign transported the user to a phishing landing page hosting a fake Office 365 login portal.
Source: https://www.tripwire.com/state-of-security/security-data-protection/fraudsters-use-salary-
increase-scam-to-steal-employees-credentials/
www.accumepartners.com
9
