Phishing

Did Russia Hack Macron? The Evidence Is Far From Conclusive

Meth Smokers Tried To Enter NSA HQ With Guns, Drugs And A Grenade, Government Claims

Leader of ‘En Marche !’ Emmanuel Macron addresses supporters after winning the French Presidential Election. Macron’s campaign was the subject of a hack, leading to a leak of 9GB of email data. (Photo by David Ramos/Getty Images)

It looks like Russia, it smells like Russia, so it’s probably Russia. So goes the current line of thinking in the security community as it tries to figure out who leaked reams of files pilfered from the campaign staff of the incoming French President Emmanuel Macron.

Take, for instance, FireEye, the cybersecurity firm credited with first identifying Democratic National Committee hackers known as APT28 and Fancy Bear as a Russian operation; that crew is now the number one suspect in the Macron attack, which saw data leaked Friday, just two days before the second round of the French election.

FireEye, as others have surmised, said the links between APT28 and the Macron hit are largely based on “TTPs” – tactics, techniques and procedures. The Macron attackers – from their phishing attempts to the public dissemination of data partly aided by Wikileaks’ Twitter account – used many of the same TTPs associated with previous APT28 activity, said FireEye’s head of cyberespionage intelligence John Hultqvist.

There were also two IP addresses both hosted in Europe, which served up phishing sites targeted at Macron’s En Marche campaign: onedrive-en-marche.fr and mail-en-marche.fr. Those sites, set up in March and April, were originally attributed by Trend Micro to Fancy Bear (which it dubbed Pawn Storm) before the leaks.

But Hultqvist could only say the attack was “probably” carried out by APT28, a group the U.S. government claimed was run out of the Kremlin’s…

Don’t Open That Google Doc Unless You’re Positive It’s Legit

WIRED

If you get a Google Doc link in your inbox today, scrutinize it carefully before you click — even if it looks like it comes from someone you trust. A nasty phishing scam that impersonates a Google Docs request has swept the internet today, including a decent chunk of media companies. You’ve heard “think before you click” a million times, but it really could save you from a whole lot of hassle.

Google has taken steps to neutralize this particular phish. The company said in a statement that it has “disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.” But when it comes to phishing defense there’s always an element of cat and mouse. Large-scale phishing attacks and those impersonating popular services like Google log-in pages regularly stalk the internet.

“The importance of this phish is not how it spread, but rather how it didn’t use malware or fake websites tricking users to give up their passwords,” says Aaron Higbee, chief technology officer at the phishing research and defense company PhishMe, which analyzed data from the fake Google Docs campaign. “This phish worked because it tricked the user into granting permissions to a third-party application. This is the future of phishing, and every security technology vendor is ill-equipped to deal with it.”

Similar Google Docs scams in particular have been circulating since at least 2014, but that doesn’t make them any easier to spot, in part because they seem so authentic. Phishers can use real Google accounts and develop third-party plugins that can interact with Google services, so they can lure victims in through the most perfect-looking Google web pages of all: Genuine ones. And variations on this approach hit over and over, much like waves in the ocean. Fishing? Phishing….

That Massive Google Docs Phishing Attack Has Taken A Weird Turn

Meet The Ukrainian Hackers Targeting The Kremlin’s Master Manipulator

Yesterday, a phishing attack that security experts called “incredibly sophisticated” ripped through Gmail accounts at a blistering pace. Google managed to head the threat off at the pass, reportedly stopping it in its tracks after just 0.1% of all Gmail users had ever seen one of the malicious emails.

Image: Tom Page/Flickr
Image: Tom Page/Flickr

It was an odd incident, to be sure. This “sophisticated” attack didn’t actually manage to do anything all that dangerous. The biggest reason why is that Google reacted swiftly, resolving the issue just an hour after a Google employee spotted news of the attacks on Reddit.

The other is that initial analysis suggests that all the attack did was harvest email addresses so that it could send the phishing email to even more users. That could mean that this was incomplete malware that was turned loose before it was actually ready to carry out its creator’s nefarious plan.

There’s also the remote possibility that it was simply a research project. That theory was put forward by a Twitter user name Eugene Pupov, a name that matches a Gmail…

Massive Google Docs phishing attack swept the internet today [Updated]

Massive Google Docs phishing attack swept the internet today [Updated]

If you just received an unexpected email in which someone you know is sharing a Google Doc with you, do not open it.

There is currently a rather massive phishing attack making its way through the internet. It’s pretty sophisticated, and very easy to fall for. To summarize a reddit post by JakeSteam, it basically works like this:

  1. As seen in the image above, you receive a simple email saying a Google Doc has been shared with you, likely from someone in your contact list.
  2. When you click on the button, you are taken to a real Google account selection screen (or at least it does if you have multiple accounts open).
  3. Select the account you want to use, an what appears to be “Google Docs” asks for several permissions to access your account. This is not the real Google Docs; the real one doesn’t need to ask for any permissions. But if you didn’t know this, it looks authentic enough other than all the permissions it requires.
  4. It then self-replicates by sending itself to all your own contacts.
Credit: JakeSteam on Reddit

The attack bypasses two-factor authentication and login alerts. Because you gave the imposter Google Docs full access to your email, it’s possible the attacker could extract any information stored in your messages. It could also be used to access your passwords for other services by sending password reset emails. Be…

A Massive Google Docs Phish Might Have Stolen A Load Of Gmail Accounts

Grab A Retirement Saver’s Tax Credit

The Gmail logo is pictured on the top of a Gmail.com welcome page in New York Friday, April 1, 2005. Photographer: Daniel Acker/Bloomberg News.

A lot of people are getting some suspicious looking emails in their Gmail today.

The malicious messages are coming from trusted contacts, asking them to open a Google Doc. As soon as the recipient clicks through, they are asked to give away permissions to an app imitating Google Docs, namely the ability to read, send, delete and manage email, as well as manage contacts. For the user, once they’ve clicked through, nothing happens. But the attacker is effectively given access to people’s Gmail. It appears whoever created the worm used that access to contacts to spread the

It’s remarkably sophisticated and spreading like wildfire. Given how many complaints Google is receiving on Twitter, it’s likely a lot of people were affected. For now, it looks like Google has shut the attack down by revoking the app and killing the phishing pages the attacker set up.

What to do

For anyone who remains concerned, there are steps they can take. First, it’s possible to note the phishing attempt by just looking at the message. It’ll typically say something like: “Mr. Attacker has invited you to view the following document.” And the recipient will be in the BCC field. That’s the first clue something phishy is going on, added to the fact that the only other visible email address in the to field is hhhhhhhhhhhhhhhh@mailinator[.]com, a temporary account on Mailinator.

Then, go to https://myaccount.google.com/permissions and revoke any permissions…

18 Surprising Ways Your Identity Can Be Stolen

Most people have already been victims of the most basic forms of identity theft — having fraudulent charges on your credit card. Those even less lucky have been victimized in more aggressive ways, with criminals obtaining medical care, working, and flying in our names.

Unwinding that mess can take years and thousands of dollars. The effect is exacerbated by the fact that the crime doesn’t generally stop with the one person who stole your information. Credit card numbers, Social Security numbers, and other data gets packaged and sold on the underground Internet so that different people all over the world could be impersonating you at the same time.

“It’s a pain. It does cause a lot of stress,” said Lindsay Bartsh, of San Rafael, California, who said that straightening out a web of fraudulent medical bills, flights, job applications, and credit applications took every minute of her free time for a year.

How does it happen? Here’s a look at both the most common ways thieves steal our data, as well as some of the newest ploys to watch out for.

1. Mail Theft

Bartsh believes this time-honored tactic is how her personal information got out into the criminal underworld. An expected W-2 tax form never arrived. Assuming it was stolen, it would have given thieves a wealth of information, such as Social Security number and workplace.

2. Database Hacks

When a large corporation gets hacked, the effect can be widespread. When the U.S. government’s Office of Personnel Management was breached, some 22 million people had their personal information exposed. (I was one of the many who received a warning about this, because I had a writing contract with a government agency.)

3. Malicious Software

If you have a virus on your computer, you may suffer more than a slowdown or a system crash. Some malicious programs that spread as viruses record every keystroke you type, allowing thieves to find out your online banking username and password. These programs can infect your mobile phone as well as your computer.

4. Search Engine Poisoning

This is a sneaky way of tricking people into giving up their own personal data, or getting malicious software onto a person’s computer. The criminals create a fake website similar to a real one, or that could plausibly be a real one.

One tactic is for you to click through to the fake site and try to buy a product, entering your credit card or debit card number. Another way they try to get you is for you to unknowingly download information-stealing software onto your computer.

Where does the search engine part come in? These criminals manipulate Google and other search engines’ algorithms to get their phony sites ranked high in search listings, leading users to believe they must be legit. Fortunately, Google has made progress in preventing this in recent years, but it still happens.

5. Phishing

Phishing is a term that broadly means “fishing” for personal information through a variety of common social interactions — so-called “social engineering.” The most common phishing attack happens when you get an email that looks like it came from your bank or another legitimate company. It may come with an alarming subject line, such as “overdraft warning” or “your order has shipped.” When you click a link in the email, you may see a login screen identical to your normal login, which will trick you into entering your username and password. You could also be asked for more identifying details, such as Social Security number and account number.

Fortunately, banks have put some countermeasures into place to fight phishing. You can also protect yourself by not responding directly to incoming messages. If you get an email that looks like it’s from your bank, type your bank address into your browser instead of clicking the link, sign in, and check your account’s message center. Or just call your bank’s customer service number.

6. Phone Attacks

The Internal Revenue Service has been warning for several years that scammers are calling people claiming to be the…