In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating.
Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Read more…
Source: Malwarebytes Labs
Related:
- Iran to blame for cyber-attack on MPs’ emails – British intelligence
October 14, 2017
Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report, first revealed by the Times but independently verified by the Guardian, comes at an awkward juncture. Donald Trump made it clear on Friday that he wants to ...
- Hyatt Hit By Credit Card Breach, Again
October 13, 2017
Hyatt Corp., hotel guests are being warned of a credit card breach, the second since December 2015. On Thursday, the hotelier identified 41 of its hotels spread across 13 countries where it confirmed unauthorized access to payment card information. China is the hardest hit by the breach with 18 hotels impacted. Three U.S. hotels were part ...
- London issues call to arms to cyber security community
October 13, 2017
Cyber security community called on to help educate capital’s small businesses about cyber crime and give them practical advice London is calling on the cyber security community to help keep the city’s more than one million small businesses safe from cyber crime. “Cyber crime is a growing problem for everyone, but while individuals are protected by their ...
- Swedish transport agencies targeted in cyber attack
October 12, 2017
Swedish transport authorities were hit by a cyber attack on Thursday morning, a day after trains were delayed as a result of another attack on IT systems monitoring railway traffic. The website of Sweden’s Transport Agency (Transportstyrelsen) was partially down on Thursday morning, according to the agency most likely as a result of a DDoS attack. During ...
- Cyber-security threat to UK ‘as serious as terrorism’ – GCHQ
October 9, 2017
Keeping the UK safe from cyber-attacks is now as important as fighting terrorism, the head of the intelligence monitoring service GCHQ has said. Jeremy Fleming said increased funding for GCHQ was being spent on making it a “cyber-organisation” as much as an intelligence and counter-terrorism one. It comes after the NHS and parliament suffered cyber-attacks this year. Mr ...
- Disqus Hacked: More than 17.5 Million Users’ Details Stolen in 2012 Breach
October 6, 2017
Another day, Another data breach disclosure. This time the popular commenting system has fallen victim to a massive security breach. Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users. The stolen data ...