Social Engineering














             Mass Spoofing Campaign Takes Aim at Walmart - An ongoing domain name spoofing campaign is
             taking aim at retail giant Walmart and other big companies, with more than 540 malicious domains
             being used to harvest consumer information. The scam domains are mimicking legitimate sites in
             name and appearance, in hopes of fooling visitors into entering their personal details, according to
             analysis from DomainTools. Aside from Walmart, other big-name lures are affiliated with the
             phishing campaign, spoofing Fortune 500 companies like McDonald’s, online dating sites and movie
             downloads. An unknown threat actor is behind it all, the firm said, displaying an obvious level of
             sophistication given the sheer scale of the effort.

                    Source: https://threatpost.com/mass-spoofing-campaign-walmart/146994/



             LookBack malware targeting utility sector - Three U.S. firms in the utility sector were hit with a
             spear phishing campaign in mid-July with the emails containing a malicious Word document that can
             contain and can install the new remote access trojan LookBack. The Proofpoint Threat Insight Team’s
             initial take is the attack was the work of a nation-state sponsored actor based on the macro used
             and comparing it to other previous attacks conducted by such groups. The social engineering behind
             the emails, which were sent between July 19-25 makes it appear as if the correspondence comes
             from a domain owned by the U.S. National Council of Examiners for Engineering and Surveying and
             includes that organization’s logo. The email itself pretends to contain a failed examination result
             from the National Council of Examiners for Engineering and Surveying, a subject likely to pique
             someone’s interest and be opened, Proofpoint said..

                    Source: https://www.scmagazine.com/home/security-news/malware/lookback-malware-
                    targeting-utility-sector/




             Insights into end-user security awareness and behavior around phishing - phishing remains a
             leading concern for organizations worldwide. A new Proofpoint report features analysis of data
             related to nearly 130 million cybersecurity questions and offers insights into employee knowledge
             levels across 14 categories, 16 industries, and more than 20 commonly used department
             classifications. The 2019 Beyond the Phish report signifies that while employees have become more
             familiar with the hallmarks of phishing attacks and the need to protect data, knowledge gaps remain
             that cybercriminals can exploit. As part of its 2019 State of the Phish report, researchers found that
             83 percent of global organizations experienced phishing attacks in 2018, underscoring the urgent
             need to educate end users.
                    Source:     https://www.techrepublic.com/article/40-of-enterprises-experienced-office-365-
             credential-theft-report-finds/











                                                    www.accumepartners.com                                            9