Main Menu

targeted phishing

Started by Thorin, April 02, 2015, 06:21:24 PM

Previous topic - Next topic

Thorin

I was quite surprised at how these bad guys cover all the bases in a phishing attack: http://www.huffingtonpost.com/2015/04/02/ibm-bank-cyber-scam_n_6995074.html

1. they target malware at people in companies that they think have access to the company's banking info
2. the malware pops up a web page saying the banking site is offline and to call a certain number
3. the person answering the phone knows what bank they're pretending to be from, probably identified by which phone number was called
4. the person asks for banking information, and then immediately starts siphoning money out of the account
5. money gets moved around quickly, to make it more difficult to trace
6. the bad guys even use a DoS attack to make it less likely that the company finds out their money went missing before it's too late

That's quite a bit of legwork.  I wonder how the money gets out of the bank account - at some point you have to physically go to the bank to withdraw it, if you want to leave no trace, right?
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Melbosa

So this isn't phishing but is anyone else starting to get the Microsoft/Web Browser security phone calls again?
Sometimes I Think Before I Type... Sometimes!

Lazybones

Quote from: Melbosa on April 02, 2015, 07:09:40 PM
So this isn't phishing but is anyone else starting to get the Microsoft/Web Browser security phone calls again?

They never stopped, I get them from time to time.

Mr. Analog

Quote from: Melbosa on April 02, 2015, 07:09:40 PM
So this isn't phishing but is anyone else starting to get the Microsoft/Web Browser security phone calls again?

That is exactly phishing
By Grabthar's Hammer

Tom

I mostly just get calls from "westjet" and "marriot hotels". Hah.
<Zapata Prime> I smell Stanley... And he smells good!!!

Lazybones

Quote from: Tom on April 02, 2015, 09:46:23 PM
I mostly just get calls from "westjet" and "marriot hotels". Hah.

I get those as robo dials.... At least the Microsoft ones tend to be a person trying to scam you directly..

Reminds me I should go build a VM to have ready just in case....