Saturday, December 29, 2018

Netflix Email Phishing Scam Going Arround, FTC Warns.

Phishing Scammers always use familiar company names or assume to be  someone you know get you to commit to their ends. Which is usually to collect your financial information. Police in Ohio shared a screenshot of a phishing email designed to steal personal information featuring Netflix. . The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method.
Netflix phishing scam screenshot
From FTC;
Before you click on a link or share any of your sensitive information:
  • Check it out. If you have concerns about the email, contact the company directly. But look up their phone number or website yourself. That way, you’ll know you’re getting the real company and not about to call a scammer or follow a link that will download malware.
  • Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can tip you off to phishing. Other clues: Your name is missing, or you don’t even have an account with the company. In the Netflix example, the scammer used the British spelling of “Center” (Centre) and used the greeting, “Hi Dear.” Listing only an international phone number for a U.S.-based company is also suspicious.
  • Report phishing emails. Forward them to spam@uce.gov (an address used by the FTC) and to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). You can also report phishing to the FTC at ftc.gov/complaint. Also, let the company or person that was impersonated know about the phishing scheme. For Netflix, forward the message to phishing@netflix.com.
For more tips and information, visit this article on phishing. Then test your knowledge by playing this game.

Friday, December 21, 2018

Hongjin Tan, A Chinese Battery Technology Expert Charged With Stealing Trade Secrets From Phillips 66

Image result for Hongjin Tan
Hongjin Tan, an expert on Battery technology

Hongjin Tan, an expert on Battery technology from China has been charged with stealing trade secrets from US employer. Hongjin Tan was preparing to join mainland firm. 

Hongjin Tan allegedly downloaded confidential files to a flash drive, relating to a proprietary product worth US$1 billion and the drive cleaned up the day before he resigned. 
The DoJ alleged Hongjin Tan downloaded hundreds of files related to the manufacture of a “research and development downstream energy market product,” which he planned to use to benefit a company in China that had offered him a job. He was arrested on Thursday in Oklahoma and will next appear in court on Wednesday, the department said.
Tan’s LinkedIn page says he worked as a staff scientist for Phillips 66 in Bartlesville, Oklahoma, since May 2017. He resigned to join a Chinese company that has developed production lines for lithium ion battery materials.
Reuters

The Department of Justice Stops "DDoS for Hire" Sites, Just In Time For Christmas


The Department of Justice announced that the FBI has seized domains of  "DDoS-for-hire" websites and charged some people responsible for some of these services, earlier today. See below for a a list of domains.
“Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity. Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity.  We will use every tool at our disposal to combat all forms of cybercrime including DDoS activity.  We encourage all DDoS victims to contact your local FBI field office or file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov”, said FBI Assistant Director Gorham.
The DDoS-for-Hire services seized were allegedly used to attack a large number of sites that included financial institutions, universities, internet service providers, government systems, and various gaming platforms.

“DDoS attacks are serious crimes that can cause real harm, as shown by the wide range of sectors allegedly victimized in this case,” said Assistant Attorney General Benczkowski.  “The operators and the customers of DDoS-for-hire services should be on notice that the Department of Justice will aggressively prosecute those who perpetrate malicious cyber attacks. DDoS for hire services such as these pose a significant national threat. Coordinated investigations and prosecutions such as these demonstrate the importance of cross-District collaboration and coordination with public sector partners.”  said U.S. Attorney Schroder. 

In addition to seizing these domains and services by the DoJ, the FBI has also filed criminal complaints against Matthew Gatrel, 30, and Juan Martinez, 25, two alleged cybercriminals for their  affiliation with the DDoS-for-hire services known as 'Downthem' and 'Ampnode.'
David Bukovski was charged for his work with "Quantum Stresser".

“The attack-for-hire websites targeted in this investigation offered customers the ability to disrupt computer networks on a massive scale, undermining the internet infrastructure on which we all rely. While this week’s crackdown will have a significant impact on this burgeoning criminal industry, there are other sites offering these services – and we will continue our efforts to rid the internet of these websites.  We are committed to seeing the internet remain a forum for the free and unfettered exchange of information.” said U.S. Attorney Hanna.
Full DoJ press release
Fifteen domains seized.

anonsecurityteam.com
booter.ninja
bullstresser.net
critical-boot.com
defcon.pro
defianceprotocol.com
downthem.org
layer7-stresser.xyz
netstress.org
quantumstress.net
ragebooter.com
request.rip
str3ssed.me   
torsecurityteam.org
Vbooter.org