Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds


The relentless battle against online fraud is a constant evolution, a digital chase where security teams and malicious actors continually adapt.

The increasing sophistication of attacks is blurring the lines between legitimate user behavior and impersonation attempts. The campaign we are exposing today is a reminder that even the most advanced security technologies do not dissuade threat actors. malwarebytes Labs researchers discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. The investigation began with a fraudulent search ad for Deel, a payroll and human resources company. Clicking on the ad sent employees and employers to a phishing website impersonating Deel.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Europol Warns WannaCry Spread to Go Up on Monday

    May 14, 2017

    Europol is spreading bad news today as it announced that a new wave of WannaCry ransomware infections, even worse than the first, is coming on Monday. The European law enforcement agency estimates that so far there are some 200,000 victims of WannaCry and the number keeps growing. Furthermore, the number of affected countries has grown from ...

  • Europol News Article on Wannacry Ransomware: recent cyber-attack

    May 13, 2017

    The European Cybercrime Centre, EC3, at Europol is working closely with affected countries cybercrime units and key industry partners to mitigate the threat and assist victims. The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a ...

  • UK hospital meltdown after ransomware worm uses NSA vulnerability to raid IT

    May 12, 2017

    UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, aka WanaCrypt aka Wcry, nasty. Users ...

  • FBI: Whaling now a US$ 5 billion business as execs targeted

    May 9, 2017

    The US Federal Bureau of Investigation (FBI) has reported the continuing explosion of Business Email Compromise (BEC) attacks as the practice becomes a US$ 5 billion (£3.86 billion) business. Between October 2013 and 2016 the total international reported loss from such scams is US$ 5,302,890,449 (£4,100 million), with US bodies taking up nearly US$ 1.6 billion ...

  • Snake and Proton Malware Found Targeting Mac Users

    May 8, 2017

    Two malware targeting Mac-run machines recently surfaced in the wild: Snake (a.k.a. Turla, Uroburos, and Agent.BTZ, and detected by Trend Micro as OSX_TURLA.A) and Proton (OSX_PROTON.A). Both are remote access Trojans that can grant attackers unauthorized remote access to the system, consequently enabling them to steal files, data, and credentials stored in the affected system, ...

  • Hackers emit 9GB of stolen Macron ’emails’ two days before French presidential election

    May 6, 2017

    Emmanuel Macron, the front-runner in France’s presidential election, has condemned the online leakage of what’s alleged to be his campaign staff’s emails. A 9GB cache of internal documents was dumped onto the Magnet file-sharing network on Friday night, less than two days before the French people go to the polls on Sunday. These archives landed just before ...