Help Net Security - Holiday Season Scams

“The goal is to convince consumers to register or log into what they think is their real Amazon or Walmart account in order to receive a gift card. Sadly, no gift card or bonus bucks will be received, but instead consumers end up surrendering their account credentials — which can lead to all types of destructive behavior,” Barracuda Networks researchers warn.

Silicon Angle - Cybercriminals target Black Friday and Cyber Monday in massive holiday phishing campaigns

The new report from Barracuda Networks Inc. out today showcases real examples of phishing emails offering time-sensitive gift cards and huge discounts impersonating brands such as Amazon.com Inc., Wal-Mart Stores Inc., Kohl’s Corp., Luxottica Group SpA’s Ray-Ban sunglasses and Michael Kors Holdings Ltd.Although Barracuda investigated a number of leading brands, the report noted that the names of the brands the attackers are impersonating are less important than the tactic, since criminals can quickly change the name of the brand and launch new mass phishing scams.

Security InfoWatch - E-commerce: The new battleground in Black Friday security

For retail security professionals, Black Friday has become synonymous with long lines and short tempers as shoppers converge on brick-and-mortar stores looking for the best deals. But while the annual day after Thanksgiving shopping bonanza remains a significant challenge from a physical security perspective, it appears that many fraudsters have shifted their focus from in-store schemes to online scams as consumers increasingly turn to e-commerce as a way to save both time and money during the busy holiday season.

MediaPost - Barracuda Warns: Watch Out For Black Friday Phishing Emails

Research by Barracuda shows that attackers are hijacking names like Amazon, Walmart, Kohls, Ray-Ban and Michael Kors, in some cases offering up to80% off products and services.  In the case of Amazon, the attacks contain gift card scam emails. In addition, the scammers are also mimicking brick-and-mortar stores such as Walmart and Kohls.

TechRepublic - Don't click that! How to spot an invoice impersonation attack that pretends to be from a coworker

Finance workers are seeing a wave of phishing attacks that send victims a link to a fake invoice that appears to come from a trusted party, according to a new threat spotlight report from security firm Barracuda Networks.These emails don't usually appear to be out of the ordinary, and guide the recipient to click on a link to an invoice. The sender's name is carefully chosen by the attackers to be someone the recipient knows and trusts.

MediaPost - Barracuda Warns: Watch Out For Those Fake Invoice Emails

“The message itself doesn’t seem out of the ordinary, but the included link should raise a red flag,” writes Lior Gavish, VP of content security services at Barracuda. “The entire goal for this attempt is to get the recipient to click on the link, and the criminals have done a decent job of subtly placing the link within the message.”

This is a throwback to the old invoice scams sent by direct mail. An accountant in a company would get an invoice — usually for a modest amount — and pay it without questioning it.

ZDNet - This phishing attack pretends to come from someone you trust

A wave of cyberattacks is targeting organisations' financial departments with a social engineering and phishing campaign designed to trick victims into downloading credential-stealing malware and other threats.Detailed by researchers at Barracuda Networks, the invoice impersonation attacks aim to persuade the victim that the messages are from trusted sources, or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails, as it creates panic for the user.

Security Week - Artificial Intelligence: A New Hope to Stop Multi-Stage Spear-Phishing Attacks

The most recent evolution in social engineering involves multiple premeditated steps. Cybercriminals hunt their victims instead of targeting company executives with a fake wire fraud out of the blue. They first infiltrate their target organization from an administrative mail account or low-level employee, then use reconnaissance and wait for the most opportune time to fool the executive by initiating an attack from a compromised mail account. Here are the abbreviated steps commonly taken in these spear phishing attacks and solutions to stop these attackers in their tracks. 

Realtor Magazine - Protect Your Email From Latest Hacking Trend

Many real estate professionals have become keenly aware of targeted wire fraud scams that include email impersonation tactics. A growing avenue cyber criminals are using to get highly sensitive financial data is known as spear phishing, according to Asaf Cidon, vice president of content security for Barracuda Networks, a data protection company.