Page 9 - Threat Intelligence 10-28-2019
P. 9

Social Engineering













        Alexa and Google Home phishing apps demonstrated by researchers. Amazon and Google have blocked
        spying, phishing apps that keep your smart speaker listening after you think it’s gone deaf, lie to you about
        there being an update you need to install, and then vish (voice-phish) away the password you purportedly
        need to speak so you can get that bogus install. Long story short, don’t believe a smart speaker app that asks
        for your password. No regular app does that. Eight of these so-called “Smart Spies” were built by Berlin-based
        Security Research Labs (SRL) and put into app stores under the guise of being horoscope or random-number
        generators.
                Source:  https://nakedsecurity.sophos.com/2019/10/23/alexa-and-google-home-phishing-apps-
                demonstrated-by-researchers/



        Phishing alert: This fake email about a bank payment delivers trojan malware. A highly customizable form of
        trojan malware has returned and is being distributed via phishing emails claiming that a payment is being
        made to a bank account. Available to crooks for as little as $58, the malware is an information stealer and
        surveillance tool, using capabilities including keylogging, taking screenshots, and stealing clipboard contents to
        secretly take usernames and passwords from infected victims.
                Source: https://www.zdnet.com/article/phishing-alert-this-fake-email-about-a-bank-payment-delivers-
                trojan-malware/



        New Microsoft Phishing Campaign Targets Office365 Users. We found evidence of a new Microsoft Phishing
        Campaign which is targeting Office365 users in particular, but general computer users with a Microsoft
        account as well. The most troubling aspect of this new campaign is its next degree of complexity. Even if the
        tech behind the phishing is not exactly advanced itself, the fact that the attackers are using multiple attack
        vectors is enough to give pause. From the data we have gathered, we are sad to realize that this new Microsoft
        phishing campaign is a very solid attack. Everyone who uses a Microsoft account, especially in a business
        context, should be on their guard.
                Source: https://heimdalsecurity.com/blog/new-microsoft-phishing-campaign-targets-office365-users/

























                                                    www.accumepartners.com
                                                                                                                     9
   4   5   6   7   8   9   10   11   12   13   14