Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
PhishLabs investigated a wave of phishing attacks using residential PCs to host phish sites. The fraudsters are compromising home PCs via Remote Desktop, installing web server software and then uploading multiple phishing pages.
- Choose Your Own Adventure With The 2014 Verizon DBIR (Rick Holland - Forrester)
Rick Holland does a good job highlighting a few interesting items from this year's Verizon Data Breach Investigations Report. As usual, the report is full of great security incident data that security leaders and practitioners can readily apply. What are you waiting for? Go read it!
It's good to see more major email mailbox providers rejecting mail that doesn't comply with their DMARC policies. While this is causing some discomfort for mailing lists (an issue that can be fixed), it takes big strides towards eliminating spam and phishing attacks that spoof legitimate domains.
- Phishers Divert Home Loan Earnest Money (KrebsonSecurity)
Brian Krebs reports on an email fraud scheme targeting consumers that are in the process of buying real estate. The attackers appear to be monitoring compromised email accounts (either from the real estate agency or the purchaser) and intercepting emails with wire transfer instructions for earnest money deposits and down payments. The attackers then replace the title company's bank account information with their own to trick their victims into wiring the payment directly into their accounts.