At a glance.
- Brand impersonation in social engineering.
- GiveSendGo doxed again.
- Transport for New South Wales affected by Accellion breach.
New Citibank phishing scam is more convincing than most.
Bleeping Computer details a phishing operation in which the threat actors are impersonating representatives of Citibank in order to convince customers to hand over private details. The scam is especially devious, complete with realistic Citibank logos and sender addresses, and messages lacking the tell-tale typos and grammatical errors that give other fraudsters away. Targets are told that their accounts have been frozen due to a suspicious transaction or login and are directed to a fraudulent website mimicking a Citibank login portal. Any login credentials entered by the victim are sent to the attackers. According to analysis from Bitdefender, 81% of the emails in the campaign were sent to Americans, and 40% of messages originated from US IP addresses. Bitdefender also discovered another Citibank-related (if less convincingly) phishing scam that identifies the target as a victim of a phishing operation and claims they’re eligible for millions of dollars in compensation from the United Nations through Citibank.
Felix Rosbach, product manager comforte AG observes that brand impersonation is a major problem, and the bigger the brand, the bigger the problem:
“All of the world's leading brands must take notice of phishing attacks. From a customer perspective, even with those brands not being able to protect their customers against it, it might be perceived as an organization’s fault. This brings up the importance of cybersecurity awareness programs for end-users and customers, which usually goes beyond the typical employee awareness budget, but can be highly beneficial. More and more customers care about how an organization deals with cybersecurity, and if they do their best to protect their personal information and assets.”
Chris Hauk, consumer privacy champion at Pixel Privacy, reminds users to be skeptical. And, since desperate times call for desperate measures, consider actually going, physically, to your brick-and-mortar bank. How wild would that be?
“No matter how authentic an email may appear, never take it at face value. Never click a link or button, or open an attachment included in any unsolicited email. Immediately contact your financial institution via a known good phone number or customer support contact. If possible, go old school and visit your local bank branch where they'll be glad to help you determine if a communication is legitimate.”
Paul Bischoff, privacy advocate with Comparitech, sees this caper as pretty typical. It works by instilling a sense of urgency in its victims:
“This is a fairly typical phishing scam that relies on people's eagerness to resolve financial issues to make them click on a malicious link. That link goes to a fake Citibank website where victims enter their account details. Those details go straight to the attacker and the victim is redirected to the real Citibank website, often none the wiser.
Transport for New South Wales discloses details about data exposed by Accellion breach.
The transport agency of the Australian state of New South Wales was one of the many organizations impacted by the massive breach of Accellion’s widely-used file transfer application that came to light in February of last year. At the time, Transport for New South Wales (TfNSW) did disclose that some data had been exfiltrated, but it was only after a round of victim notifications sent this December that it was revealed at least five hundred customers and employees had been impacted. The compromised data includes driver’s license details, as well as names, email address, street addresses, and phone contact numbers. iTnews notes that this is TfNSW’s third breach in recent years, following a 2020 phishing attack that potentially exposed the data of 103,000 customers, and the discovery of an unsecured S3 storage bucket containing 50,000 scanned driver’s licenses.
GiveSendGo is having a bad month.
As we noted previously, earlier this month the details of 92,000 donors to the crowdfunding site GiveSendGo were released by hackers looking to dox supporters of the controversial Freedom Convoy protesting COVID-19 vaccination mandates. The Daily Dot now reports that the site was hit yet again, and this time the hacker shared the stolen data with the transparency and journalism non-profit group Distributed Denial of Secrets (DDoSecrets). The info includes the names of all donors who contributed to the campaign as of February 23. And unlike the initial leak, the intruder also revealed the last four digits and expiration dates of the donors’ credit cards. The new data also includes over ten thousand new donations made since the first leak, bringing the total donation numbers to well over $10 million and proving the breach has done little to slow the protest’s supporters. Following their typical modus operandi, DDoSecrets is sharing details of the data with only members of the journalism and research communities. The Daily Dot reached out to the Freedom Convoy campaign’s founder Chris Garrah via email, to which he responded he wasn’t concerned by the hack. Perhaps he should be, as just hours later, the hacker proved he had access to Garrah’s email by sending a message to the Daily Dot using Garrah’s account. “Pardon my intrusion into the conversation. Chris has definitely not secured his email!” the hacker stated.