• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact

Created by ChatGPT

December 2024 - Security Awareness Newsletter

December 6, 2024

This is a security awareness focused newsletter that I share internally. Feel free to grab and use for your own internal security awareness program.

Copyright Infringement Phishing Scams Targeting Facebook Business Users 

Cybercriminals are targeting Facebook business and advertising account users, especially in regions like Taiwan, with phishing emails that falsely claim copyright infringement. These emails urge recipients to download a file (disguised as a PDF), which actually installs information-stealing malware on the victim’s device. This tactic aims to harvest sensitive information from users who trust the email’s legal-sounding message. 

Key Points: 

  • Target Audience: Facebook business and advertising account users. 

  • Phishing Tactic: Emails posing as copyright infringement notices. 

  • Malware Delivery: Malicious files masquerading as PDFs that contain infostealers. 

Further Reading: Cisco Talos Report on Copyright Infringement Phishing Lure 

 

 

Beware of 'Phish 'n' Ships': Fake Online Stores Stealing Your Money and Data 

Cybercriminals are increasingly creating fraudulent online shops that mimic legitimate retailers to deceive consumers into providing payment information and personal data. These fake websites often offer enticing deals on popular products, luring unsuspecting shoppers into making purchases. Once payment details are entered, the scammers steal the information, leading to financial loss and potential identity theft. 

How to Protect Yourself: 

  • Verify Website Authenticity: Before making a purchase, ensure the website is legitimate by checking the URL for misspellings or unusual domain extensions. 

  • Look for Secure Connections: Ensure the website uses HTTPS, indicating a secure connection. 

  • Research the Seller: Look for reviews and ratings from other customers to confirm the retailer's credibility. 

  • Be Cautious of Unrealistic Deals: If an offer seems too good to be true, it likely is. 

Further Reading: Human Security 

 

 

Beware of DocuSign-Inspired Invoice Scams 

Cybercriminals are leveraging DocuSign’s Envelopes API to distribute highly realistic fake invoices impersonating trusted brands like Norton and PayPal. These malicious emails come from legitimate DocuSign domains, bypassing security filters and appearing authentic. Attackers aim to have recipients e-sign the document, which can authorize unauthorized payments. 

What You Can Do: 

  • Always verify invoice details directly with the company rather than clicking links within emails. 

  • Look out for unexpected requests, even from trusted services. 

  • Educate your team about this tactic and report suspicious invoices immediately. 

Further Reading: Bleeping Computer 

 

 

Mobile Ad Data Enables Widespread Surveillance 

Recent investigations reveal that commercial services are exploiting mobile advertising data to track individuals' daily movements without their consent. By collecting data from widely-used mobile apps and websites, these services can monitor personal locations, posing significant privacy risks. 

Protect Your Privacy: 

  • Limit App Permissions: Only grant apps the permissions they genuinely need. 

  • Review Privacy Settings: Regularly check and adjust your device's privacy settings to control data sharing. 

  • Stay Informed: Be aware of how your data is collected and used by the apps and services you utilize. 

Further Reading: Krebs on Security 

 

 

Phishing Scams Targeting Booking.com Users 

Recent reports highlight a surge in phishing attacks exploiting Booking.com accounts. Cybercriminals are compromising hotel partner accounts to access customer booking details, subsequently sending fraudulent messages that appear legitimate. These messages often request additional information or payments, aiming to deceive users into providing sensitive data or transferring funds. 

Protect Yourself: 

  • Verify Communications: Always confirm the authenticity of messages by contacting the hotel or Booking.com directly through official channels. 

  • Avoid Unsolicited Links: Do not click on links or download attachments from unexpected emails or messages. 

  • Enable Two-Factor Authentication (2FA): Activate 2FA on your Booking.com account to add an extra layer of security. 

Further Reading: Krebs on Security 

 

 

North Korean IT Workers Infiltrating Western Companies 

Recent investigations have uncovered a concerning trend: North Korean IT professionals are securing remote positions in Western companies, including those in the United States, by using stolen identities and sophisticated social engineering tactics. This strategy enables them to bypass international sanctions and funnel earnings back to North Korea, potentially funding illicit activities. 

Key Insights: 

  • Identity Theft: These individuals often use stolen or fabricated identities to pose as qualified candidates from various countries. 

  • Advanced Techniques: They employ generative AI tools to craft convincing resumes and perform well in interviews, making detection challenging. 

  • Financial Implications: Earnings from these positions are redirected to support North Korea's sanctioned programs, including its weapons development initiatives. 

Further Reading: Zscaler Security Research 

 

 

Surge in Eventbrite-Based Phishing Attacks 

Recent analyses by Perception Point have identified a significant increase in phishing campaigns exploiting Eventbrite's scheduling platform. Between July and October 2024, these attacks escalated by 900%, with cybercriminals sending deceptive emails from 'noreply[@]events[.]eventbrite[.]com' to distribute malicious content. 

Key Insights: 

  • Legitimate Appearance: Utilizing Eventbrite's legitimate email domain allows attackers to bypass standard security filters, making the phishing emails appear authentic to recipients. 

  • Malicious Payloads: The emails often contain links or attachments designed to harvest credentials or deploy malware upon interaction. 

  • Targeted Entities: While the attacks are widespread, they predominantly focus on organizations that frequently use event management platforms, increasing the likelihood of successful exploitation. 

Further Reading: KnowBe4 Blog 

 

 

Phishing Campaign Impersonates OpenAI to Steal Financial Information 

Cybercriminals are currently conducting a phishing campaign that impersonates OpenAI to deceive users into providing their financial details. The fraudulent emails inform recipients that their ChatGPT subscription payment has been declined, prompting them to click a link to update their payment method. 

Key Insights: 

  • Deceptive Tactics: The emails are designed to appear legitimate, leveraging OpenAI's branding to gain user trust. 

  • Malicious Links: Clicking the provided link directs users to a fake payment page intended to capture sensitive financial information. 

  • Widespread Targeting: This campaign is part of a broader trend where attackers exploit the popularity of AI tools to launch phishing attacks. 

Further Reading: KnowBe4 Blog 

 

 

Corrupted Word Documents in Novel Phishing Campaign 

A newly identified phishing campaign exploits Microsoft's Word file recovery feature by using intentionally corrupted Word documents as email attachments. These documents evade detection by security solutions due to their damaged state, but Word can still recover and open them. 

Key Insights: 

  • The Lure: Emails impersonate payroll and HR departments, with themes like employee bonuses and benefits. The attachments appear as corrupted files but can be repaired by Word. 

  • Malicious QR Codes: Upon recovery, the documents prompt users to scan a QR code branded with company logos. Scanning leads to phishing sites designed to steal Microsoft login credentials. 

  • Detection Challenges: Most attachments used in this campaign avoid detection on platforms like VirusTotal, as they contain no active malicious code, just deceptive QR codes. 

  • Attack Effectiveness: By exploiting overlooked document recovery mechanisms, this method bypasses traditional email security filters, increasing the likelihood of reaching victims. 

Further Reading: BleepingComputer Article 

 

 

Cybercriminals Exploit Search Engine Results to Promote Phishing Pages 

Cybercriminals are increasingly employing search engine poisoning to elevate malicious phishing sites in search results, deceiving users into divulging sensitive information. Researchers at Malwarebytes discovered that a search for "KeyBank login" on Bing displayed a counterfeit KeyBank login page above the official site. 

Key Insights: 

  • Manipulated Search Results: Attackers optimize malicious sites to appear prominently in search results, making them seem legitimate and increasing the likelihood of user interaction. 

  • Phishing Tactics: These fraudulent pages mimic authentic login portals, aiming to harvest users' credentials and personal data. 

  • Broader Implications: This tactic, known as SEO poisoning, extends beyond banking sites, potentially affecting various sectors and services. 

Further Reading: KnowBe4 Blog 

 

 

Attackers Exploit Corrupted Files to Evade Detection 

Cybersecurity researchers have identified a novel phishing campaign that utilizes intentionally corrupted Microsoft Office documents and ZIP archives to bypass email security measures. These corrupted files evade antivirus scans and email filters, yet can be opened by users through built-in recovery features in applications like Microsoft Word and WinRAR. 

Key Insights: 

  • Evasion Techniques: The corrupted state of these attachments prevents security tools from properly scanning them, allowing malicious emails to reach users' inboxes undetected. 

  • User Interaction: When users attempt to open these corrupted files, applications prompt them to recover the content, leading to the display of malicious elements such as QR codes. 

  • Malicious Outcomes: Scanning the embedded QR codes can redirect users to phishing websites designed to steal credentials or deploy malware. 

This tactic highlights the continuous evolution of phishing strategies aimed at circumventing security defenses and exploiting user trust in application recovery features. 

Further Reading: The Hacker News 

 

In News Tags Newsletter, Security Awareness, Phishing, Scams
← December 2024 - Healthcare Executive Leadership Cybersecurity NewsletterDecember 2024 - Threat Intelligence Newsletter →

Latest PoDCASTS

Featured
Dec 17, 2024
David Mytton on Developer-Centric Security with ArcJet
Dec 17, 2024
Dec 17, 2024
Dec 10, 2024
[RERELEASE] What is MS08-067?
Dec 10, 2024
Dec 10, 2024
Dec 3, 2024
Exploring the Defensive Security Handbook with Amanda Berlin
Dec 3, 2024
Dec 3, 2024
Nov 26, 2024
How to Create User-Centric Security with Javvad Malik
Nov 26, 2024
Nov 26, 2024
Nov 14, 2024
How to Pick a Whiskey Barrel With The Innocent Lives Foundation Charity
Nov 14, 2024
Nov 14, 2024
Nov 12, 2024
Exploring Legal Landmines in Incident Response with Thomas Ritter
Nov 12, 2024
Nov 12, 2024
Nov 5, 2024
[RERELEASE] What is the SANS Holiday Hack Challenge
Nov 5, 2024
Nov 5, 2024
Oct 29, 2024
[RERELEASE] ShowMeCon: What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?
Oct 29, 2024
Oct 29, 2024
Oct 22, 2024
[RERELEASE] What is security awareness?
Oct 22, 2024
Oct 22, 2024
Oct 15, 2024
How to get a penetration test (pentest)
Oct 15, 2024
Oct 15, 2024

Powered by Squarespace