WARNING: A mass SMS text message scam went out this afternoon that reads basically: “FRM: Account Service MSG: You are required to accept the new Terms of Service now:” and then it gives you a shortened link such as https://goo.gl/hdDpNE. The sample we received is from the phone number 1410200502, but yours may say something different.
A spam run that appears to be from Kohl’s department store went out this week, advising of a special delivery order from Kohl’s, leading people to believe that an order was placed in their name.
Stringray device phone technology tricks your cellphone into connecting to the Stingray ‘phone tower’ (your phone doesn’t realize it’s connecting to a cell phone simulator interceptor rather than your provider’s tower – it’s the ultimate in cell phishing), and then sucks down all of your International Mobile Subscriber Identity (IMSI) information, including not only your call details, but even your text messages, email, and other private information. (This is also known as an IMSI catcher.) Now being deployed by local police and sheriff departments, these cell phone interception and eavesdropping devices are not only legal, but they require no warrant, and their use is jealously protected by the Feds.
The Dyre Wolf phishing malware targets primarily businesses and organizations (rather than individuals). This is because it tricks the victim into giving up bank credentials, and then does a wire transfer. However it works by tricking individuals using social engineering, which is also how it gets around 2 factor authentication (2FA). Dyre Wolf is distinct from the dire wolf – Dyre Wolf is phishing malware, the dire wolf is an extinct member of the wolf family (and the direwolf is a mythical dire wolf featured in Game of Thrones).
Bank of America, Wells Fargo, and Key Bank are among bank accounts being phished, SMiShed and vished by scammers who are sending SMS text messages to users, directing them to call hijacked Holiday Inn Express phone numbers which the scammers have disguised to make them sound like automated banking systems. So far this current crop has happened primarily in the Houston area.
Today, September 3, 2014, a new spoofed GoDaddy phishing spam started showing up in people’s inboxes. “Your account contains too many directories”, it tells you (for example, in our sample the subject is “Status Alert: Your account contains more than 9740 directories”).
Here is the full text of one of the newest Wells Fargo Phishing Spam, which started showing up this month (May, 2014). This one comes with an attached HTML file named “Wells Fargo Instruction Form.html”. Whatever you do, don’t download or open it!
A very real looking phishing scam has hit EA.com (the Electronic Arts games site) and Apple ID. Users should be extremely careful about any information that they submit while the problem is being investigated.
A new batch of phishing emails, supposedly from TigerDirect.com, went out this week. Using social engineering to make you think that a costly order has been placed in your name, the email seeks to create a sense of urgency that will cause you to click on the links contained in the email, which of course go to the phishing site.
If you get an email saying that your password on Pinterest was successfully changed, and you know that you didn’t change your Pinterest password, don’t go running to Pinterest, and definitely don’t click any links, before reading this!
What is rickrolling? Well, if you’ve never been rickrolled, the best description is a zesty combination of an imaginative but harmless phishing technique, 80’s pop sensation Rick Astley, and a fun but cautionary lesson in taking care before you click ANY link online.
Whether you call it spear phishing, spear fishing, or spearphishing, it’s a computer hack of your email in a way that’s targeted toward you, where you work, or a group you belong to. And, it masquerades as coming from someone you know and trust from your family, friends, workplace, or social group.
There has been a rash of fake notices this week, supposedly from Apple, warning that “Your Apple ID was used to sign in to FaceTime, iCloud, and iMessage on an iPhone 5”. Hopefully, if you received one of these, you were quickly able to realize that these fake Apple alerts were spam, but just in case you weren’t sure, we are confirming that for you.