Cybersecurity Weekly: Puerto Rico loses millions, Paypal phishing scam, new Emotet Wi-Fi worm

Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+Madison, WIAdmin Posts: 516 Admin

The Puerto Rico government was hit by a $2.6 million phishing scam. An active PayPal phishing scam targets SSNs and passport photos. The Emotet malware now hacks nearby Wi-Fi networks to infect new victims. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Puerto Rico government hit by $2.6 million phishing scam

A phishing attack scammed a Puerto Rico government agency out of more than $2.6 million. They received an email requesting changes to a bank account tied to remittance payments. A payment was sent to the fraudulent account on January 17, and is still under investigation by government authorities.
Read more »

2. Active PayPal phishing scam targets SSNs, passport photos

A recently reported phishing campaign asks PayPal users for a complete spectrum of personal data, including social security numbers and photos of their passports. The campaign starts with a phishing email claiming the recipient’s account was accessed from a new device, requiring an identity confirmation.
Read more »

3. Emotet malware now hacks nearby Wi-Fi networks to infect new victims

The notorious trojan Emotet found a new attack vector. It now uses infected devices to identify new victims connected to nearby Wi-Fi networks. The Wi-Fi spreader module has a timestamp of April 16, 2018, indicating the spreading behavior was running unnoticed for almost two years until it was detected for the first time last month.
Read more »


For more cybersecurity news stories like these, check out the blog »

Community Manager at Infosec!
Who we are | What we do

Comments

  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,000 ■■■■■■■■□□
    I did receive a recent Phishing email that said my stock Broker owed me a refund, the link provide wasn't valid, so i didn't click it, but my name and brokerage vendor was correct. (no account info) I was wondering how type knew this much information though. Perhaps blind luck? I received more than My far share of TDBank phishing emails, a company I never have any prior relationship to.  
    Still searching for the corner in a round room.
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 516 Admin
    I did receive a recent Phishing email that said my stock Broker owed me a refund, the link provide wasn't valid, so i didn't click it, but my name and brokerage vendor was correct. (no account info) I was wondering how type knew this much information though. Perhaps blind luck? I received more than My far share of TDBank phishing emails, a company I never have any prior relationship to.  
    That's the scariest part to me. If it's not just blind luck, then someone was able to pull a client list from your vendor and blast emails to those addresses. You'll hear a lot of people say "well at least PII wasn't leaked," but even an email list can do a lot of damage. 
    Community Manager at Infosec!
    Who we are | What we do
Sign In or Register to comment.