MasterCard Email Phishing Scam Making the Rounds

by

Consumers need to be aware of a phishing scam that is making the rounds this holiday season.

Microsoft and MasterCard are warning users of a scam that could lead to Cerber ransomware. The scam email is supposedly from MasterCard telling the potential victim that they need to click on an attachment to avoid an unwanted charge.

The email comes with a set of instructions to open the attachment supposedly coming from Microsoft. The attachment is a Microsoft Word document. The instructions are to tell the victim how to deal with the Macro.

The email has a hint of validity as it bears a Microsoft logo. However, the MasterCard component is riddled with typos and punctuation errors.

“There are some social engineering flaws in the attack emails. In our sample, the sender address does not spoof MasterCard or a bank, making it much less convincing. Also, the apparent use of automated code to copy the recipient local-name to the salutation section of the message and the file name of the attached document is a giveaway,” Microsoft wrote.

The email is well crafted in that it uses the actual victims name in a few places. Also, the attachment is password protected which Microsoft’s researchers said it may also make the document appear more legitimate to the target.

Source: SCMagazine 

Source: Majorgeeks.com

FBI Nabs Most Wanted Hacker at JFK

by

The FBI nabbed one of their most wanted fugitives.

Joshua Samuel Aaron was one member of a group that hacked financial institutions, including JPMorgan, and according to officials, was “the largest theft of user data from a U.S. financial institution in history.”

It is thought that Aaron was hiding out in Moscow since 2015 when he was charged with hacking which exposed the personal information of more than 100 Million people.

“Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from US financial institutions ever,” said Manhattan US Attorney Preet Bharara.

“For pursuing what we have called ‘hacking as a business model,’ and thanks to the efforts of the FBI and the US Secret Service, Aaron will now join his co-defendants to face justice in a Manhattan federal courtroom.”

Three men were charged with the hacking. Gery Shalon, Ziv Orenstein, and Joshua Samuel Aaron were charged with 23 counts, including hacking, identity theft, securities fraud, and money laundering, among others.

The group are supposedly responsible for running a payment processing business that netted them $18 Million (£14.3 Million) from victims.

Aaron is scheduled to appear in a Manhattan court today.

Source: The Hacker News