UCSF IT Technology

Threat Alert: Social Engineering Attacks Target GitHub Developers

Recent phishing emails are masquerading as notifications alerting the recipient to an automatic renewal of Best Buy’s Geek Squad Total Protect & Webroot Advance Threat Protection. The emails, however, do not use Best Buy sending addresses.  Unlike many traditional phishing attacks, the emails do not include malicious links or attachments.

Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.

The Royal Bank of Canada (RBC) issued a consumer alert warning of voice phishing (vishing) calls impersonating the financial institution.  The calls appear to come from a toll-free number, and a recorded message informs the user that RBC has detected a potential fraud issue.  These calls do not provide a name or information about who the fraud may impact.

Cybercriminals have launched a series of phishing attacks that claim to inform the recipient of physical altercations between employees and equipment damage at a worksite.  The lures include a malicious attachment allegedly containing a video of the altercation.

Cisco updated its security advisory for a vulnerability in multiple Cisco products. A remote attacker could exploit this vulnerability to elevate privileges.

Cybercriminals have launched phishing attacks that hijack legitimate email threads to deliver malicious URLs. Attackers hijack email threads to further increase the believability of the attacks.

Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Cybercriminals have launched phishing attacks leveraging compromised Microsoft Office 365 accounts.  The lures include .rpsmg file attachments, as well as embedded URLs hidden behind a “Read the Message” button.    Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.

Google has introduced eight new top-level domains (TLDs), the equivalents of “.com”, that websites can use. Among these new TLDs are “.zip” and “.mov”.